Vulnerability Note VU#125598
LibTIFF vulnerable to integer overflow via corrupted directory entry count
Overview
An integer overflow in LibTIFF may allow a remote attacker to execute arbitrary code.
Description
LibTIFF is a library used to encode and decode images in Tag Image File Format (TIFF). A lack of validation on user supplied input may allow buffer overflow to occur. TIFF files contain directory entry header fields to describe the data in the file. If a remote attacker creates a TIFF file with specially crafted directory headers and persuades a user to access that file, an integer overflow will occur that may eventually lead to a heap-based buffer overflow. |
Impact
If a remote attacker can persuade a user to access a specially crafted TIFF image, that attacker may be able to execute arbitrary code with the privileges of that user. |
Solution
Upgrade or Patch This issue has been corrected in LibTIFF version 3.7.1. Obtain a patch or upgraded software from your vendor. Recompile statically linked applications. |
Do Not Accept TIFF Files from Unknown or Untrusted Sources
|
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Apple Computer Inc. | Affected | 11 Jan 2005 | 05 May 2005 |
| Debian | Affected | 11 Jan 2005 | 11 Jan 2005 |
| FreeBSD | Affected | 11 Jan 2005 | 11 Jan 2005 |
| Red Hat Inc. | Affected | 11 Jan 2005 | 19 Jan 2005 |
| NEC Corporation | Not Affected | 11 Jan 2005 | 17 Mar 2005 |
| NetBSD | Not Affected | 11 Jan 2005 | 13 Jan 2005 |
| Connectiva | Unknown | 11 Jan 2005 | 11 Jan 2005 |
| Cray Inc. | Unknown | 11 Jan 2005 | 11 Jan 2005 |
| EMC Corporation | Unknown | 11 Jan 2005 | 11 Jan 2005 |
| Engarde | Unknown | 11 Jan 2005 | 11 Jan 2005 |
| F5 Networks | Unknown | 11 Jan 2005 | 11 Jan 2005 |
| Fujitsu | Unknown | 11 Jan 2005 | 11 Jan 2005 |
| Hewlett-Packard Company | Unknown | 11 Jan 2005 | 11 Jan 2005 |
| Hitachi | Unknown | 11 Jan 2005 | 11 Jan 2005 |
| IBM | Unknown | 11 Jan 2005 | 11 Jan 2005 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- http://www.idefense.com/application/poi/display?id=174&type=vulnerabilities
- http://secunia.com/advisories/13607/
Credit
This vulnerability was reported by iDefense.
This document was written by Jeff Gennari.
Other Information
- CVE IDs: CAN-2004-1308
- Date Public: 21 Dec 2004
- Date First Published: 11 Jan 2005
- Date Last Updated: 12 May 2005
- Severity Metric: 7.75
- Document Revision: 71
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.