LibTIFF Two Integer Overflow Vulnerabilities
- 0
- Add a Comment
- No Related Post
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: LibTIFF 3.x
infamous41md has reported two vulnerabilities in LibTIFF, which can be exploited by malicious people to compromise a vulnerable system.
1) The vulnerability is caused due to an integer overflow in the “TIFFFetchStripThing()” function in “tif_dirread.c” when parsing TIFF files. This can be exploited via a specially crafted TIFF image file to execute arbitrary code via an application linked against the vulnerable library.
The vulnerability has been reported in version 3.6.1. Other versions may also be affected.
2) The vulnerability is caused due to an integer overflow in the “CheckMalloc()” function in “tif_dirread.c” and “tif_fax3.c” when handling data from a certain directory entry in the file header. This can be exploited via specially crafted TIFF image file to execute arbitrary code via an application linked against the vulnerable library.
The vulnerability has been reported in versions 3.5.7 and 3.7.0. Other versions may also be affected.
Solution: Update to version 3.7.1.
ftp://ftp.remotesensing.org/pub/libtiff/