Ubuntu Security Notice USN-3212-4
7th August, 2017
A security issue affects these releases of Ubuntu and its
- Ubuntu 12.04 LTS
LibTIFF could be made to crash or run programs as your login if it
opened a specially crafted file.
– Tag Image File Format (TIFF) library
USN-3212-1 fixed several issues in LibTIFF. This update
provides a subset of corresponding update for Ubuntu 12.04 ESM.
Mei Wang discovered a multiple integer overflows in LibTIFF which
allows remote attackers to cause a denial of service (crash) or
execute arbitrary code via a crafted TIFF image, which triggers
an out-of-bounds write. (CVE-2016-3945)
It was discovered that LibTIFF is vulnerable to a heap buffer
overflow in the resulting in DoS or code execution
via a crafted BitsPerSample value. (CVE-2017-5225)
Original advisory details:
It was discovered that LibTIFF incorrectly handled certain malformed
images. If a user or automated system were tricked into opening a specially
crafted image, a remote attacker could crash the application, leading to a
denial of service, or possibly execute arbitrary code with user privileges.
The problem can be corrected by updating your system to the following
To update your system, please follow these instructions:
In general, a standard system update will make all the necessary changes.