rgb2ycbcr tool do not properly validate the width and height of the image.
Specific TIFF images with large width and height can be crafted to trigger the
vulnerability.
A patch has been made available by the maintainer and further improved by Tom
Lane of Red Hat.
Affected version:
libtiff <= 3.8.2, <= 3.9 (stable), <= 4.0 (development)
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Tielei Wang and Tom Lane discovered that the TIFF library did not correctly
handle certain malformed TIFF images. If a user or automated system were
tricked into processing a malicious image, an attacker could execute
arbitrary code with the privileges of the user invoking the program.
code, which allows authenticated users the execution of arbitrary
Perl code.
CVE-2010-1170
Tom Lane discovered that the implementation of the procedural
language PL/Tcl insufficiently restricts the subset of allowed
code, which allows authenticated users the execution of arbitrary
Tcl code.
CVE-2010-1975
