An integer overflow in LibTIFF may allow a remote attacker to execute arbitrary code.
LibTIFF is a library used to encode and decode images in Tag Image File Format (TIFF). An integer overflow in the TIFFFetchStripThing() routine within the tif_dirread.c file may allow an attacker to cause a heap-based buffer overflow. A lack of input validation on user-controlled data concerning the size of an TIFF image may allow a remote attacker to manipulate a call to malloc() to create a buffer with insufficient size. When data is copied to this under-sized buffer, a heap-based buffer overflow may occur.
Note that in order to exploit this vulnerability, an attacker must craft a TIFF image with the STRIPOFFSETS flag set.
If a remote attacker can persuade a user to access a specially crafted TIFF image, that attacker may be able to execute arbitrary code with the privileges of that user.
Apple Computer Inc. Affected
Red Hat Inc. Affected
Sun Microsystems Inc. Affected
Cray Inc. Unknown
EMC Corporation Unknown
F5 Networks Unknown
Hewlett-Packard Company Unknown
IBM eServer Unknown
Ingrian Networks Unknown
Juniper Networks Unknown
Microsoft Corporation Unknown
MontaVista Software Unknown
NEC Corporation Unknown
Openwall GNU/*/Linux Unknown
SCO Linux Unknown
SCO Unix Unknown
Sony Corporation Unknown
SuSE Inc. Unknown
Wind River Systems Inc. Unknown
This vulnerability was reported by iDefense Security.iDefense credits infamous41md with discovering this vulnerability.
This document was written by Jeff Gennari.
|Date First Published:||2005-01-20|
|Date Last Updated:||2005-08-23 15:37 UTC|