LibTIFF contains multiple heap-based buffer overflows that may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
LibTIFF is a library used to encode and decode images in Tag Image File Format (TIFF). Multiple LibTIFF routines contain buffer overflow vulnerabilities including, but not necessarily limited to, the following functions:
These issues are the result of insufficient validation of user-supplied data. Consequently, a remote attacker may be able to exploit these vulnerabilities by supplying an application using LibTIFF with a specially crafted TIFF image.
Any program that uses the LibTIFF library may be affected by this issue. Users are encouraged to contact their vendors to determine if they are vulnerable.
Specific impacts depend on the application and LibTIFF routine being attacked. Potential consequences range from abrupt and abnormal program termination to the execution of arbitrary code with the privileges of the compromised program.
Apple Computer Inc. Affected
NEC Corporation Not Affected
Cray Inc. Unknown
EMC Corporation Unknown
F5 Networks Unknown
Hewlett-Packard Company Unknown
IBM eServer Unknown
Ingrian Networks Unknown
Juniper Networks Unknown
MontaVista Software Unknown
Openwall GNU/*/Linux Unknown
Red Hat Inc. Unknown
Sony Corporation Unknown
SuSE Inc. Unknown
Sun Microsystems Inc. Unknown
Wind River Systems Inc. Unknown
This vulnerability was reported by Thierry Carrez and discovered by Chris Evans.
This document was written by Jeff Gennari based on information provided by Gentoo Linux Security Advisory GLSA 200410-11.
|Date First Published:||2004-12-01|
|Date Last Updated:||2005-03-17 16:01 UTC|