An integer overflow in LibTIFF may allow a remote attacker to execute arbitrary code.
LibTIFF is a library used to encode and decode images in Tag Image File Format (TIFF). An integer overflow in the TIFFFetchStripThing() routine within the tif_dirread.c file may allow an attacker to cause a heap-based buffer overflow. A lack of input validation on user-controlled data concerning the size of an TIFF image may allow a remote attacker to manipulate a call to malloc() to create a buffer with insufficient size. When data is copied to this under-sized buffer, a heap-based buffer overflow may occur.
Note that in order to exploit this vulnerability, an attacker must craft a TIFF image with the STRIPOFFSETS flag set.
If a remote attacker can persuade a user to access a specially crafted TIFF image, that attacker may be able to execute arbitrary code with the privileges of that user.
This vulnerability was reported by iDefense Security.iDefense credits infamous41md with discovering this vulnerability.
This document was written by Jeff Gennari.
|Date First Published:||2005-05-04|
|Date Last Updated:||2005-08-23 15:37 UTC|