Vulnerability Note VU#125598

LibTIFF vulnerable to integer overflow via corrupted directory entry count

Original Release date: 11 Jan 2005 | Last revised: 12 May 2005

Overview

An integer overflow in LibTIFF may allow a remote attacker to execute arbitrary code.

Description

LibTIFF is a library used to encode and decode images in Tag Image File Format (TIFF). A lack of validation on user supplied input may allow buffer overflow to occur. TIFF files contain directory entry header fields to describe the data in the file. If a remote attacker creates a TIFF file with specially crafted directory headers and persuades a user to access that file, an integer overflow will occur that may eventually lead to a heap-based buffer overflow.

Impact

If a remote attacker can persuade a user to access a specially crafted TIFF image, that attacker may be able to execute arbitrary code with the privileges of that user.

Solution

Upgrade or Patch

This issue has been corrected in LibTIFF version 3.7.1. Obtain a patch or upgraded software from your vendor. Recompile statically linked applications.

Do Not Accept TIFF Files from Unknown or Untrusted Sources


Exploitation occurs by accessing a specially crafted TIFF file (typically .tiff or .tif extension). By only accessing TIFF files from trusted or known sources, the chances of exploitation are reduced.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Apple Computer Inc.Affected11 Jan 200505 May 2005
DebianAffected11 Jan 200511 Jan 2005
FreeBSDAffected11 Jan 200511 Jan 2005
Red Hat Inc.Affected11 Jan 200519 Jan 2005
NEC CorporationNot Affected11 Jan 200517 Mar 2005
NetBSDNot Affected11 Jan 200513 Jan 2005
ConnectivaUnknown11 Jan 200511 Jan 2005
Cray Inc.Unknown11 Jan 200511 Jan 2005
EMC CorporationUnknown11 Jan 200511 Jan 2005
EngardeUnknown11 Jan 200511 Jan 2005
F5 NetworksUnknown11 Jan 200511 Jan 2005
FujitsuUnknown11 Jan 200511 Jan 2005
Hewlett-Packard CompanyUnknown11 Jan 200511 Jan 2005
HitachiUnknown11 Jan 200511 Jan 2005
IBMUnknown11 Jan 200511 Jan 2005
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was reported by iDefense.

This document was written by Jeff Gennari.

Other Information

  • CVE IDs: CAN-2004-1308
  • Date Public: 21 Dec 2004
  • Date First Published: 11 Jan 2005
  • Date Last Updated: 12 May 2005
  • Severity Metric: 7.75
  • Document Revision: 71

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.