Summary
The remote host is missing an update to tiff
announced via advisory DSA 1835-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201835-1
Insight
Several vulnerabilities have been discovered in the library for the Tag Image File Format (TIFF). The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2009-2285
It was discovered that malformed TIFF images can lead to a crash in the decompression code, resulting in denial of service.
CVE-2009-2347
Andrea Barisani discovered several integer overflows, which can lead to the execution of arbitrary code if malformed images are passed to the rgb2ycbcr or tiff2rgba tools.
For the old stable distribution (etch), these problems have been fixed in version 3.8.2-7+etch3.
For the stable distribution (lenny), these problems have been fixed in version 3.8.2-11.2.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your tiff packages.
Severity
Classification
-
CVE CVE-2009-2285, CVE-2009-2347 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities