Vulnerability Note VU#125598
LibTIFF vulnerable to integer overflow via corrupted directory entry count
An integer overflow in LibTIFF may allow a remote attacker to execute arbitrary code.
LibTIFF is a library used to encode and decode images in Tag Image File Format (TIFF). A lack of validation on user supplied input may allow buffer overflow to occur. TIFF files contain directory entry header fields to describe the data in the file. If a remote attacker creates a TIFF file with specially crafted directory headers and persuades a user to access that file, an integer overflow will occur that may eventually lead to a heap-based buffer overflow.
If a remote attacker can persuade a user to access a specially crafted TIFF image, that attacker may be able to execute arbitrary code with the privileges of that user.
Upgrade or Patch
This issue has been corrected in LibTIFF version 3.7.1. Obtain a patch or upgraded software from your vendor. Recompile statically linked applications.
Do Not Accept TIFF Files from Unknown or Untrusted Sources
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer Inc.||Affected||11 Jan 2005||05 May 2005|
|Debian||Affected||11 Jan 2005||11 Jan 2005|
|FreeBSD||Affected||11 Jan 2005||11 Jan 2005|
|Red Hat Inc.||Affected||11 Jan 2005||19 Jan 2005|
|NEC Corporation||Not Affected||11 Jan 2005||17 Mar 2005|
|NetBSD||Not Affected||11 Jan 2005||13 Jan 2005|
|Connectiva||Unknown||11 Jan 2005||11 Jan 2005|
|Cray Inc.||Unknown||11 Jan 2005||11 Jan 2005|
|EMC Corporation||Unknown||11 Jan 2005||11 Jan 2005|
|Engarde||Unknown||11 Jan 2005||11 Jan 2005|
|F5 Networks||Unknown||11 Jan 2005||11 Jan 2005|
|Fujitsu||Unknown||11 Jan 2005||11 Jan 2005|
|Hewlett-Packard Company||Unknown||11 Jan 2005||11 Jan 2005|
|Hitachi||Unknown||11 Jan 2005||11 Jan 2005|
|IBM||Unknown||11 Jan 2005||11 Jan 2005|
CVSS Metrics (Learn More)
This vulnerability was reported by iDefense.
This document was written by Jeff Gennari.
- CVE IDs: CAN-2004-1308
- Date Public: 21 Dec 2004
- Date First Published: 11 Jan 2005
- Date Last Updated: 12 May 2005
- Severity Metric: 7.75
- Document Revision: 71
If you have feedback, comments, or additional information about this vulnerability, please send us email.