{"id":"USN-2553-2","summary":"tiff regression","details":"USN-2553-1 fixed vulnerabilities in LibTIFF. One of the security fixes\ncaused a regression when saving certain TIFF files with a Predictor tag.\nThe problematic patch has been temporarily backed out until a more complete\nfix is available.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\n William Robinet discovered that LibTIFF incorrectly handled certain\n malformed images. If a user or automated system were tricked into opening a\n specially crafted image, a remote attacker could crash the application,\n leading to a denial of service, or possibly execute arbitrary code with\n user privileges. (CVE-2014-8127, CVE-2014-8128, CVE-2014-8129,\n CVE-2014-8130)\n \n Paris Zoumpouloglou discovered that LibTIFF incorrectly handled certain\n malformed BMP images. If a user or automated system were tricked into\n opening a specially crafted BMP image, a remote attacker could crash the\n application, leading to a denial of service. (CVE-2014-9330)\n \n Michal Zalewski discovered that LibTIFF incorrectly handled certain\n malformed images. If a user or automated system were tricked into opening a\n specially crafted image, a remote attacker could crash the application,\n leading to a denial of service, or possibly execute arbitrary code with\n user privileges. (CVE-2014-9655)\n","modified":"2026-04-22T09:09:29.422132Z","published":"2015-04-01T20:15:38Z","references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2553-2"},{"type":"REPORT","url":"https://launchpad.net/bugs/1439186"}],"affected":[{"package":{"name":"tiff","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/tiff@4.0.3-7ubuntu0.3?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.3-7ubuntu0.3"}]}],"versions":["4.0.2-4ubuntu3","4.0.3-5ubuntu1","4.0.3-6","4.0.3-6ubuntu1","4.0.3-7","4.0.3-7ubuntu0.1","4.0.3-7ubuntu0.2"],"ecosystem_specific":{"binaries":[{"binary_version":"4.0.3-7ubuntu0.3","binary_name":"libtiff-opengl"},{"binary_version":"4.0.3-7ubuntu0.3","binary_name":"libtiff-tools"},{"binary_version":"4.0.3-7ubuntu0.3","binary_name":"libtiff5"},{"binary_version":"4.0.3-7ubuntu0.3","binary_name":"libtiffxx5"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2553-2.json","cves_map":{"cves":[],"ecosystem":"Ubuntu:14.04:LTS"}}}],"schema_version":"1.7.5"}