Debian Information for VU#125598

LibTIFF vulnerable to integer overflow via corrupted directory entry count

Status

Affected

Vendor Statement

Debian GNU/Linux was vulnerable to this problem and has issued an advisory with updated packages: DSA 617[1]. Another vulnerability has been discovered by Dmitry Levin which has been fixed in DSA 626 and has CAN-2004-1183 assigned as unique vulnerability identifier.

For the stable distribution (woody) these problems have been fixed in version 3.5.5-6.woody5.

For the unstable distribution (sid) these problems have been fixed in version 3.6.1-5.

Links:


http://www.debian.org/security/2005/dsa-626

If you have feedback, comments, or additional information about this vulnerability, please send us email.