Cloud Foundry Logo
blog single gear
Security Advisory

USN-2939-1 LibTIFF vulnerabilities

USN-2939-1 LibTIFF vulnerabilities

Severity

Low

Vendor

Ubuntu, LibTIFF

Versions Affected

  • Ubuntu 14.04

Description

LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file.

It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

Affected Products and Versions

Severity is low unless otherwise noted.

  • All versions of Cloud Foundry rootfs prior to 1.48.0

Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry project recommends that Cloud Foundry deployments run with rootfs version 1.48.0 and higher

Credit

None

References

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES