CVE-2011-1167

Publication date 28 March 2011

Last updated 24 July 2024


Ubuntu priority

Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.

Status

Package Ubuntu Release Status
tiff 10.10 maverick
Fixed 3.9.4-2ubuntu0.3
10.04 LTS lucid
Fixed 3.9.2-2ubuntu0.6
9.10 karmic
Fixed 3.8.2-13ubuntu0.6
8.04 LTS hardy
Fixed 3.8.2-7ubuntu3.9
6.06 LTS dapper
Fixed 3.7.4-1ubuntu3.11

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
tiff

References

Related Ubuntu Security Notices (USN)

Other references