CVE-2009-5022

Priority
Medium
Description
Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF
before 3.9.5 allows remote attackers to execute arbitrary code via a
crafted TIFF file.
References
Bugs
Notes
mdeslaur> OJPEG is disabled on dapper, hardy and karmic
Package
Source: tiff (LP Ubuntu Debian)
Upstream:released (3.9.5)
Ubuntu 8.04 LTS (Hardy Heron):not-affected (code not compiled)
Ubuntu 10.04 LTS (Lucid Lynx):released (3.9.2-2ubuntu0.7)
Ubuntu 11.04 (Natty Narwhal):released (3.9.4-5ubuntu6)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:20:31 UTC (commit 5347)