An integer overflow in LibTIFF may allow a remote attacker to execute arbitrary code.
LibTIFF is a library used to encode and decode images in Tag Image File Format (TIFF). A lack of validation on user supplied input may allow buffer overflow to occur. TIFF files contain directory entry header fields to describe the data in the file. If a remote attacker creates a TIFF file with specially crafted directory headers and persuades a user to access that file, an integer overflow will occur that may eventually lead to a heap-based buffer overflow.
If a remote attacker can persuade a user to access a specially crafted TIFF image, that attacker may be able to execute arbitrary code with the privileges of that user.
Upgrade or Patch
This issue has been corrected in LibTIFF version 3.7.1. Obtain a patch or upgraded software from your vendor. Recompile statically linked applications.
Do Not Accept TIFF Files from Unknown or Untrusted Sources
Apple Computer Inc. Affected
Red Hat Inc. Affected
NEC Corporation Not Affected
NetBSD Not Affected
Cray Inc. Unknown
EMC Corporation Unknown
F5 Networks Unknown
Hewlett-Packard Company Unknown
IBM eServer Unknown
Ingrian Networks Unknown
Juniper Networks Unknown
Microsoft Corporation Unknown
MontaVista Software Unknown
Openwall GNU/*/Linux Unknown
Sony Corporation Unknown
SuSE Inc. Unknown
Sun Microsystems Inc. Unknown
Wind River Systems Inc. Unknown
This vulnerability was reported by iDefense.
This document was written by Jeff Gennari.
|Date First Published:||2005-01-11|
|Date Last Updated:||2005-05-12 19:34 UTC|