LibTIFF Two Integer Overflow Vulnerabilities

Monday, December 27th, 2004
by Marc Erickson

Secunia Advisory: SA13607

Critical: Highly critical

Impact: System access

Where: From remote

Solution Status: Vendor Patch

Software: LibTIFF 3.x

infamous41md has reported two vulnerabilities in LibTIFF, which can be exploited by malicious people to compromise a vulnerable system.

1) The vulnerability is caused due to an integer overflow in the “TIFFFetchStripThing()” function in “tif_dirread.c” when parsing TIFF files. This can be exploited via a specially crafted TIFF image file to execute arbitrary code via an application linked against the vulnerable library.

The vulnerability has been reported in version 3.6.1. Other versions may also be affected.

2) The vulnerability is caused due to an integer overflow in the “CheckMalloc()” function in “tif_dirread.c” and “tif_fax3.c” when handling data from a certain directory entry in the file header. This can be exploited via specially crafted TIFF image file to execute arbitrary code via an application linked against the vulnerable library.

The vulnerability has been reported in versions 3.5.7 and 3.7.0. Other versions may also be affected.

Solution: Update to version 3.7.1.

ftp://ftp.remotesensing.org/pub/libtiff/

Tags

Categories

Security

What Do You Think?

Want to Start a Blog Here for Free?

Are you an expert in one subject or another? If your goal is to help others and dispense hard-earned information back to the community, stake a claim on your very own Lockergnome blog today! You can write about anything - no matter the topic. Sign-up to start blogging!

How-To, Linux - Aug 6, 2008

How To Configure Wireless Internet In Linux

Open LINA - Useful Open Source Program
Wednesday, August 6, 2008
gOS Announces gOS 3 Gadgets At LinuxWorld Expo
Wednesday, August 6, 2008
Java And Flash On Ubuntu Heron 64 bit Linux
Wednesday, May 21, 2008
Spandex Force Now Available For Linux
Monday, March 3, 2008
Kingston 8GB Class 4 Secure Digital High Capacity (SDHC) Memory Card
Monday, March 3, 2008

Download, Feedback - Mar 3, 2008

Interesting Links For Linux Users

Top 5 Tips For Configuring Hardware In Linux
Monday, March 3, 2008
NVIDIA 169.07 Linux Display Driver Released
Thursday, December 20, 2007
KOffice vs OOXML: Practical, Not Political
Wednesday, December 19, 2007
Dell Announces Ubuntu PCs with DVD Playback
Tuesday, December 18, 2007
How to Speed Up Linux
Monday, December 17, 2007

Open Source - Dec 6, 2007

How to Create a Custom Ubuntu LiveCD

Red Hat Launches Real Time Linux
Wednesday, December 5, 2007
Linux Kernel Developer Ted Ts’o Joins Linux Foundation as Chief Platform Strategist
Tuesday, December 4, 2007
5 Myths That Stymie Linux Growth
Monday, December 3, 2007
Using Gmail As The Default Email Client - Ubuntu
Thursday, November 29, 2007
Quick Tip - Getting Started With GIMP
Wednesday, November 28, 2007

Tip - Nov 27, 2007

Ubuntu Wired Networking Woes? Read This Closely

Dock Any Application To The System Tray
Monday, November 26, 2007
VPN With Linux Made Easy
Friday, November 23, 2007
Default Sound Card Not Sticking In Ubuntu!
Tuesday, November 20, 2007
Scanners Broken By A System Update
Monday, November 19, 2007
Top 5 Ways To Prevent A Damaged Ubuntu Installation
Sunday, November 18, 2007

57 queries / 0.285 seconds.