SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Multimedia)  >  LibTIFF Vendors:  libtiff.org
LibTIFF Integer Overflows Let Remote Users Crash the Application
SecurityTracker Alert ID:  1011674
SecurityTracker URL:  http://securitytracker.com/id?1011674
CVE Reference:  CAN-2004-0886   (Links to External Site)
Date:  Oct 14 2004
Impact:  Denial of service via network
Description:  Some vulnerabilities were reported in LibTIFF. A remote user can cause an application using LibTIFF to crash.

Red Hat reported that a remote user can create a specially crafted image file that, when loaded by the target user, will trigger an integer overflow and cause LibTIFF to crash.

Dimitry Levin is credited with reporting this flaw.
Impact:  A remote user can cause the target application to crash.
Solution:  No upstream solution was available at the time of this entry.

Red Hat will be issuing fixes in 3.5.5-17 (RHEL2.1) and 3.5.7-20.1 (RHEL3).
Vendor URL:  www.libtiff.org/ (Links to External Site)
Cause:  Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Oct 15 2004 (Fedora Issues Fix for FC2) LibTIFF Integer Overflows Let Remote Users Crash the Application   (Matthias Clasen <mclasen@redhat.com>)
Fedora has released a fix for Fedora Core 2.
Oct 15 2004 (Debian Issues Fix) LibTIFF Integer Overflows Let Remote Users Crash the Application   (joey@infodrom.org (Martin Schulze))
Debian has released a fix.
Oct 16 2004 (Trustix Issues Fix) LibTIFF Integer Overflows Let Remote Users Crash the Application   (Trustix Security Advisor <tsl@trustix.org>)
Trustix has released a fix.
Oct 20 2004 (Mandrake Issues Fix) LibTIFF Integer Overflows Let Remote Users Crash the Application   (Mandrake Linux Security Team <security@linux-mandrake.com>)
Mandrake has issued a fix.
Oct 21 2004 (Mandrake Issues Fix for wxGTK2) LibTIFF Integer Overflows Let Remote Users Crash the Application   (Mandrake Linux Security Team <security@linux-mandrake.com>)
Mandrake has released a fix for GTK2, which includes libtiff.
Oct 23 2004 (Red Hat Issues Fix) LibTIFF Integer Overflows Let Remote Users Crash the Application   (bugzilla@redhat.com)
Red Hat has released a fix for Red Hat Enterprise Linux 2.1 and 3.
Oct 29 2004 (Fedroa Issues Fix for KDE on FC2) LibTIFF Integer Overflows Let Remote Users Crash the Application   (Than Ngo <than@redhat.com>)
Fedora has released a fix for kdegraphics on Fedora Core 2.
Nov 1 2004 (Slackware Issues Fix) LibTIFF Integer Overflows Let Remote Users Crash the Application   (Slackware Security Team <security@slackware.com>)
Slackware has released a fix.
Nov 8 2004 (Conectiva Issues Fix) LibTIFF Integer Overflows Let Remote Users Crash the Application   (Conectiva Updates <secure@conectiva.com.br>)
Conectiva has released a fix.
Dec 2 2004 (Apple Issues Fix for AppKit) LibTIFF Integer Overflows Let Remote Users Crash the Application
Apple has issued a fix for AppKit, which is affected by the libtiff vulnerability.
Dec 9 2004 (KDE Issues Fix for kfax) LibTIFF Integer Overflows Let Remote Users Crash the Application   (Dirk Mueller <mueller@kde.org>)
KDE issues fix for KDE kfax, which is affected by the LibTIFF vulnerability.
Dec 19 2004 (Gentoo Describes Workaround for KDE kfax) LibTIFF Integer Overflows Let Remote Users Crash the Application   (Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>)
Gentoo has described a workaround for KDE kfax.
Apr 14 2005 (Red Hat Issues Fix for KDE graphics) LibTIFF Integer Overflows Let Remote Users Crash the Application   (bugzilla@redhat.com)
Red Hat has released a fix for KDE graphics.


 Source Message Contents
Date:  Thu, 14 Oct 2004 01:42:38 -0400
Subject:  [none]

 
 
CVE: CAN-2004-0886
 
Red Hat reported that there are several integer overflows in LibTIFF.  A specially 
crafted image file could cause LibTIFF to crash.
 
Dimitry Levin is credited with reporting this flaw.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2005, SecurityGlobal.net LLC