SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   LibTIFF Vendors:   libtiff.org
(Fedora Issues Fix) LibTIFF Overflows in TIFFFetchStripThing() and in Processing Directory Entries May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1012697
SecurityTracker URL:  http://securitytracker.com/id/1012697
CVE Reference:   CVE-2004-1308   (Links to External Site)
Date:  Dec 24 2004
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 3.7.1
Description:   Some buffer overflow vulnerabilities were reported in LibTIFF. A remote user may be able to execute arbitrary code.

iDEFENSE reported that a remote user can create a specially crafted TIFF file that, when loaded by the target user, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user.

A heap overflow can be triggered in the TIFFFetchStripThing() function in 'tif_dirread.c' when processing a TIFF file containing the STRIPOFFSETS flag. [Editor's note: This bug was independently corrected by the vendor in version 3.7.0.]

It is also reported that an overflow may occur in 'tif_dirread.c' when the TIFF file contains a TIFF_ASCII or TIFF_UNDEFINED directory entry.

The vendor was notified on December 17, 2004.

infamous41md[at]hotpop.com is credited with discovering the directory entry overflow flaw.

Impact:   A remote user can create a specially crafted TIFF file that, when loaded by the target user, will execute arbitrary code on the target user's system with the privileges of the target user.
Solution:   Fedora has released a fix, available at:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

a61d7738295e33663bd559e950a0ffe2 SRPMS/libtiff-3.5.7-21.fc2.src.rpm
0d4d9585b0efe3c2d6b12e192fba710e x86_64/libtiff-3.5.7-21.fc2.x86_64.rpm
3029673d8774199d44b86eb282be19ad x86_64/libtiff-
devel-3.5.7-21.fc2.x86_64.rpm
ef55f622015d28d2a2904237c5990c60 x86_64/debug/libtiff-
debuginfo-3.5.7-21.fc2.x86_64.rpm
d07013ed7c80369f9ad3beb6f6bd2148 x86_64/libtiff-3.5.7-21.fc2.i386.rpm
d07013ed7c80369f9ad3beb6f6bd2148 i386/libtiff-3.5.7-21.fc2.i386.rpm
c981efcef0a232cc627dec188bca76c4 i386/libtiff-
devel-3.5.7-21.fc2.i386.rpm
9292074615b4a8cde6459aa8b19d7de1 i386/debug/libtiff-
debuginfo-3.5.7-21.fc2.i386.rpm

Vendor URL:  www.libtiff.org/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Red Hat Fedora)
Underlying OS Comments:  FC2

Message History:   This archive entry is a follow-up to the message listed below.
Dec 22 2004 LibTIFF Overflows in TIFFFetchStripThing() and in Processing Directory Entries May Let Remote Users Execute Arbitrary Code



 Source Message Contents

Subject:  [SECURITY] Fedora Core 2 Update: libtiff-3.5.7-21.fc2


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-576
2004-12-22
---------------------------------------------------------------------

Product     : Fedora Core 2
Name        : libtiff
Version     : 3.5.7                      
Release     : 21.fc2                  
Summary     : A library of functions for manipulating TIFF format image
files.
Description :
The libtiff package contains a library of functions for manipulating
TIFF (Tagged Image File Format) image format files.  TIFF is a widely
used file format for bitmapped images.  TIFF files usually end in the
.tif extension and they are often quite large.

The libtiff package should be installed if you need to manipulate TIFF
format image files.

---------------------------------------------------------------------
Update Information:

Fix several buffer overflow problems that could be used as an exploit.
Fixes the following security advisory: CAN-2004-1308

---------------------------------------------------------------------
* Wed Dec 22 2004 Matthias Clasen <mclasen@redhat.com>

- fix some integer and buffer overflows (#143506)


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

a61d7738295e33663bd559e950a0ffe2  SRPMS/libtiff-3.5.7-21.fc2.src.rpm
0d4d9585b0efe3c2d6b12e192fba710e  x86_64/libtiff-3.5.7-21.fc2.x86_64.rpm
3029673d8774199d44b86eb282be19ad  x86_64/libtiff-
devel-3.5.7-21.fc2.x86_64.rpm
ef55f622015d28d2a2904237c5990c60  x86_64/debug/libtiff-
debuginfo-3.5.7-21.fc2.x86_64.rpm
d07013ed7c80369f9ad3beb6f6bd2148  x86_64/libtiff-3.5.7-21.fc2.i386.rpm
d07013ed7c80369f9ad3beb6f6bd2148  i386/libtiff-3.5.7-21.fc2.i386.rpm
c981efcef0a232cc627dec188bca76c4  i386/libtiff-
devel-3.5.7-21.fc2.i386.rpm
9292074615b4a8cde6459aa8b19d7de1  i386/debug/libtiff-
debuginfo-3.5.7-21.fc2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------



--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC