SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   LibTIFF Vendors:   libtiff.org
LibTIFF Buffer Overflows May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1011667
SecurityTracker URL:  http://securitytracker.com/id/1011667
CVE Reference:   CVE-2004-0803   (Links to External Site)
Updated:  Oct 14 2004
Original Entry Date:  Oct 14 2004
Impact:   Execution of arbitrary code via network, User access via network

Version(s): 3.6.1
Description:   Some buffer overflow vulnerabilities were reported in LibTIFF. A remote user may be able to execute arbitrary code on the target user's system.

Gentoo reported that a remote user may be able to create a specially crafted image file that, when processed by the library, will execute arbitrary code with the privileges of the target user.

Chris Evans is credited with discovering these flaws.

The flaws reside in the RLE decoding routines in tif_next.c, tif_thunder.c, and potentially tif_luv.c.

Some demonstration exploit TIFFs are available at:

http://scary.beasts.org/misc/bad_next.tiff

http://scary.beasts.org/misc/bad_thunder.tiff

The original advisory is available at:

http://scary.beasts.org/security/CESA-2004-006.txt

Impact:   A remote user can create TIFF files that, when loaded by the target library, will execute arbitrary code.
Solution:   No upstream solution was available at the time of this entry.
Vendor URL:  www.libtiff.org/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Oct 14 2004 (Gentoo Issues Fix) LibTIFF Buffer Overflows May Let Remote Users Execute Arbitrary Code
Gentoo has released a fix.
Oct 15 2004 (Fedora Issues Fix for FC2) LibTIFF Buffer Overflows May Let Remote Users Execute Arbitrary Code
Fedora has released a fix for Fedora Core 2.
Oct 15 2004 (Debian Issues Fix) LibTIFF Buffer Overflows May Let Remote Users Execute Arbitrary Code
Debian has released a fix.
Oct 16 2004 (Trustix Issues Fix) LibTIFF Buffer Overflows May Let Remote Users Execute Arbitrary Code
Trustix has released a fix.
Oct 20 2004 (Mandrake Issues Fix) LibTIFF Buffer Overflows May Let Remote Users Execute Arbitrary Code
Mandrake has issued a fix.
Oct 21 2004 (Mandrake Issues Fix for wxGTK2) LibTIFF Buffer Overflows May Let Remote Users Execute Arbitrary Code
Mandrake has released a fix for GTK2, which includes libtiff.
Oct 23 2004 (Red Hat Issues Fix) LibTIFF Buffer Overflows May Let Remote Users Execute Arbitrary Code
Red Hat has released a fix for Red Hat Enterprise Linux 2.1 and 3.
Oct 29 2004 (Fedroa Issues Fix for KDE on FC2) LibTIFF Buffer Overflows May Let Remote Users Execute Arbitrary Code
Fedora has released a fix for kdegraphics on Fedora Core 2.
Nov 1 2004 (Slackware Issues Fix) LibTIFF Buffer Overflows May Let Remote Users Execute Arbitrary Code
Slackware has released a fix.
Nov 8 2004 (Conectiva Issues Fix) LibTIFF Buffer Overflows May Let Remote Users Execute Arbitrary Code
Conectiva has released a fix.
Dec 2 2004 (Apple Issues Fix for AppKit) LibTIFF Buffer Overflows May Let Remote Users Execute Arbitrary Code
Apple has issued a fix for AppKit, which is affected by the libtiff vulnerability.
Dec 6 2004 (Gentoo Issues Fix for PDFlib) LibTIFF Buffer Overflows May Let Remote Users Execute Arbitrary Code
Gentoo has released a fix for PDFlib.
Dec 9 2004 (KDE Issues Fix for kfax) LibTIFF Buffer Overflows May Let Remote Users Execute Arbitrary Code
KDE issues fix for KDE kfax, which is affected by the LibTIFF vulnerability.
Dec 19 2004 (Gentoo Describes Workaround for KDE kfax) LibTIFF Buffer Overflows May Let Remote Users Execute Arbitrary Code
Gentoo has described a workaround for KDE kfax.
Apr 14 2005 (Red Hat Issues Fix for KDE graphics) LibTIFF Buffer Overflows May Let Remote Users Execute Arbitrary Code
Red Hat has released a fix for KDE graphics.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC