Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   KDE Vendors:
(KDE Issues Fix for kfax) LibTIFF Integer Overflow in 'tif_dirread' Lets Remote Users Deny Service
SecurityTracker Alert ID:  1012469
SecurityTracker URL:
CVE Reference:   CVE-2004-0804   (Links to External Site)
Date:  Dec 9 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 3.3.2
Description:   A vulnerability was reported in LibTIFF. A remote user can cause an application using LibTIFF to crash. KDE kfax is affected.

Debian reported that Matthias Clasen discovered a division by zero error through an integer overflow. The flaw resides in 'libtiff/tif_dirread.c'.

Impact:   A remote user can cause the target application to crash.
Solution:   KDE has issued a fix for KDE kfax, which is affected by the LibTIFF vulnerability. The fixed version of KDE (3.3.2) is available at:

Vendor URL: (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Oct 15 2004 LibTIFF Integer Overflow in 'tif_dirread' Lets Remote Users Deny Service

 Source Message Contents

Subject:  KDE Security Advisory: kfax libtiff vulnerabilities

Hash: SHA1

KDE Security Advisory: kfax libtiff vulnerabilities
Original Release Date: 2004-12-09

0. References


1. Systems affected:

        All KDE releases earlier than KDE 3.3.2.

2. Overview:

        Chris Evans and others discovered multiple vulnerabilities
        in the libtiff library. The Common Vulnerabilities and
        Exposures project assigned CAN-2004-0803 to this issue.

        kfax, a small utility for displaying fax files, contains
        for historic reasons a private copy of libtiff. Therefore
        it is vulnerable to these issues as well.

        kfax and the kfax KPart are invoked by KMail or Konqueror
        for viewing .g3 files.

        For the active KDE maintenance branches, which are
        KDE 3.2.x and KDE 3.3.x, this problem has been solved by
        removing the private copy of libtiff. In KDE 3.2.x, kfax
        will use the tiff2ps and fax2tiff utilities at runtime as
        backend. In KDE 3.3.x the code requiring libtiff or any other
        runtime dependencies has been replaced by a native solution
        that is unaffected by the mentioned vulnerabilities.

        Due to the complexity of the change, no simple diff is
        provided. The problems have been addressed in the KDE 3.3.2

        As a workaround, you can remove the kfax binary and the KPart from your system to be on the safe

3. Impact:

        Specially crafted fax files can trigger buffer overflows
        in libtiff and execute arbitrary code. 

4. Solution:

        Source code updates have been made available which fix these
        vulnerabilities. Contact your OS vendor / binary package provider
        for information about how to obtain updated binary packages.

5. Patch:

        No patches are being made available due to complexity of the change.

6. Time line and credits:

        13/10/2004 KDE Security Team alerted by Than Ngo
        28/10/2004 private libtiff fork removed from CVS, updated
                   packages finished.
        XX/11/2004 Regression fixing, several refinements.
        09/12/2004 Public announcement
Version: GnuPG v1.2.5 (GNU/Linux)



Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, LLC