Package: libtiff-tools Version: 3.7.4-1 Severity: important Tags: security patch
Hi! A buffer overflow has been discovered in tiff2pdf which can be used at least to crash tiff2pdf, and potentially to execute arbitrary code with user privileges (unverified). This is the Ubuntu patch http://patches.ubuntu.com/patches/tiff.tiff2pdf-octal-printf.patch which fixes the sprintf to use a char-sized number instead of an integer-sized, so that e. g. -1 ends up as \377 instead of \37777777777, and the 5-byte buffer isn't overflown. (Patch contains our changelog in the header). Thanks, Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org In a world without walls and fences, who needs Windows and Gates?
signature.asc
Description: Digital signature
