Summary
The remote host is missing an update to tiff
announced via advisory DSA 2447-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202447-1
Insight
Alexander Gavrun discovered an integer overflow in the TIFF library in the parsing of the TileSize entry, which could result in the execution of arbitrary code if a malformed image is opened.
For the stable distribution (squeeze), this problem has been fixed in version 3.9.4-5+squeeze4.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your tiff packages.
Severity
Classification
-
CVE CVE-2012-1173 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities