SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   LibTIFF Vendors:   libtiff.org
LibTIFF Overflows in TIFFFetchStripThing() and in Processing Directory Entries May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1012651
SecurityTracker URL:  http://securitytracker.com/id/1012651
CVE Reference:   CVE-2004-1308   (Links to External Site)
Updated:  Dec 24 2004
Original Entry Date:  Dec 22 2004
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 3.7.1
Description:   Some buffer overflow vulnerabilities were reported in LibTIFF. A remote user may be able to execute arbitrary code.

iDEFENSE reported that a remote user can create a specially crafted TIFF file that, when loaded by the target user, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user.

A heap overflow can be triggered in the TIFFFetchStripThing() function in 'tif_dirread.c' when processing a TIFF file containing the STRIPOFFSETS flag. [Editor's note: This bug was independently corrected by the vendor in version 3.7.0.]

It is also reported that an overflow may occur in 'tif_dirread.c' when the TIFF file contains a TIFF_ASCII or TIFF_UNDEFINED directory entry.

The vendor was notified on December 17, 2004.

infamous41md[at]hotpop.com is credited with discovering the directory entry overflow flaw.

Impact:   A remote user can create a specially crafted TIFF file that, when loaded by the target user, will execute arbitrary code on the target user's system with the privileges of the target user.
Solution:   The vendor has issued a fixed version (3.7.1), available at:

ftp://ftp.remotesensing.org/pub/libtiff/tiff-3.7.1.tar.gz
ftp://ftp.remotesensing.org/pub/libtiff/tiff-3.7.1.zip

Vendor URL:  www.libtiff.org/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Dec 24 2004 (Debian Issues Fix) LibTIFF Overflows in TIFFFetchStripThing() and in Processing Directory Entries May Let Remote Users Execute Arbitrary Code
Debian has released a fix.
Dec 24 2004 (Fedora Issues Fix) LibTIFF Overflows in TIFFFetchStripThing() and in Processing Directory Entries May Let Remote Users Execute Arbitrary Code
Fedora has released a fix for Fedora Core 2.
Dec 24 2004 (Fedora Issues Fix for FC3) LibTIFF Overflows in TIFFFetchStripThing() and in Processing Directory Entries May Let Remote Users Execute Arbitrary Code
Fedora has released a fix for Fedora Core 3.
Jan 6 2005 (Gentoo Issues Fix) LibTIFF Overflows in TIFFFetchStripThing() and in Processing Directory Entries May Let Remote Users Execute Arbitrary Code
Gentoo has released a fix.
Jan 6 2005 (Mandrake Issues Fix for wxGTK2) LibTIFF Overflows in TIFFFetchStripThing() and in Processing Directory Entries May Let Remote Users Execute Arbitrary Code
Mandrake has released a fix for wxGTK2.
Jan 7 2005 (Mandrake Issues Fix) LibTIFF Overflows in TIFFFetchStripThing() and in Processing Directory Entries May Let Remote Users Execute Arbitrary Code
Mandrake has released a fix.
Jan 10 2005 (SuSE Issues Fix) LibTIFF Overflows in TIFFFetchStripThing() and in Processing Directory Entries May Let Remote Users Execute Arbitrary Code
SuSE has issued a fix.
Feb 15 2005 (Red Hat Issues Fix) LibTIFF Overflows in TIFFFetchStripThing() and in Processing Directory Entries May Let Remote Users Execute Arbitrary Code
Red Hat has released a fix.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC