Vulnerabilities in LibTIFF
LibTIFF, the open source graphics library, contains bugs in its LZWDecode
and LZWDecodeCompat
functions. Crafted TIFF files can be used to provoke buffer underflows. Attackers can exploit this vulnerability to inject and execute code.
According to Debian, the bugs are present in versions 3.8.2.x and 3.7.2.x. No official update is available. Linux distributors are, however, already releasing updated packages.
See also:
- LibTIFF buffer underflow, Debian bug report.
(trk)