SkipNavigation
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric



 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

 

Vulnerability Note VU#125598

LibTIFF vulnerable to integer overflow via corrupted directory entry count

Overview

An integer overflow in LibTIFF may allow a remote attacker to execute arbitrary code.

I. Description

LibTIFF is a library used to encode and decode images in Tag Image File Format (TIFF). A lack of validation on user supplied input may allow buffer overflow to occur. TIFF files contain directory entry header fields to describe the data in the file. If a remote attacker creates a TIFF file with specially crafted directory headers and persuades a user to access that file, an integer overflow will occur that may eventually lead to a heap-based buffer overflow.

II. Impact

If a remote attacker can persuade a user to access a specially crafted TIFF image, that attacker may be able to execute arbitrary code with the privileges of that user.

III. Solution

Upgrade or Patch

This issue has been corrected in LibTIFF version 3.7.1. Obtain a patch or upgraded software from your vendor. Recompile statically linked applications.

Do Not Accept TIFF Files from Unknown or Untrusted Sources

Exploitation occurs by accessing a specially crafted TIFF file (typically .tiff or .tif extension). By only accessing TIFF files from trusted or known sources, the chances of exploitation are reduced.

Systems Affected

VendorStatusDate NotifiedDate Updated
Apple Computer Inc.Vulnerable5-May-2005
ConnectivaUnknown11-Jan-2005
Cray Inc.Unknown11-Jan-2005
DebianVulnerable11-Jan-2005
EMC CorporationUnknown11-Jan-2005
EngardeUnknown11-Jan-2005
F5 NetworksUnknown11-Jan-2005
FreeBSDVulnerable11-Jan-2005
FujitsuUnknown11-Jan-2005
Hewlett-Packard CompanyUnknown11-Jan-2005
HitachiUnknown11-Jan-2005
IBMUnknown11-Jan-2005
IBM-zSeriesUnknown11-Jan-2005
IBM eServerUnknown13-Jan-2005
ImmunixUnknown11-Jan-2005
Ingrian NetworksUnknown11-Jan-2005
Juniper NetworksUnknown11-Jan-2005
MandrakeSoftUnknown11-Jan-2005
Microsoft CorporationUnknown11-Jan-2005
MontaVista SoftwareUnknown11-Jan-2005
NEC CorporationNot Vulnerable17-Mar-2005
NetBSDNot Vulnerable13-Jan-2005
NokiaUnknown11-Jan-2005
NovellUnknown11-Jan-2005
OpenBSDUnknown11-Jan-2005
Openwall GNU/*/LinuxUnknown11-Jan-2005
Red Hat Inc.Vulnerable19-Jan-2005
SCO-LINUXUnknown11-Jan-2005
SCO-UNIXUnknown11-Jan-2005
SequentUnknown11-Jan-2005
SGIUnknown11-Jan-2005
Sony CorporationUnknown11-Jan-2005
Sun Microsystems Inc.Unknown11-Jan-2005
SuSE Inc.Unknown11-Jan-2005
TurboLinuxUnknown11-Jan-2005
UnisysUnknown11-Jan-2005
Wind River Systems Inc.Unknown11-Jan-2005

References


http://www.idefense.com/application/poi/display?id=174&type=vulnerabilities
http://secunia.com/advisories/13607/

Credit

This vulnerability was reported by iDefense.

This document was written by Jeff Gennari.

Other Information

Date Public:2004-12-21
Date First Published:2005-01-11
Date Last Updated:2005-05-12
CERT Advisory: 
CVE-ID(s):CAN-2004-1308
NVD-ID(s):CAN-2004-1308
US-CERT Technical Alerts: 
Metric:7.75
Document Revision:71

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2005 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader