SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   LibTIFF Vendors:   libtiff.org
(Fedora Issues Fix for FC3) LibTIFF Overflows in TIFFFetchStripThing() and in Processing Directory Entries May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1012698
SecurityTracker URL:  http://securitytracker.com/id/1012698
CVE Reference:   CVE-2004-1308   (Links to External Site)
Date:  Dec 24 2004
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 3.7.1
Description:   Some buffer overflow vulnerabilities were reported in LibTIFF. A remote user may be able to execute arbitrary code.

iDEFENSE reported that a remote user can create a specially crafted TIFF file that, when loaded by the target user, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user.

A heap overflow can be triggered in the TIFFFetchStripThing() function in 'tif_dirread.c' when processing a TIFF file containing the STRIPOFFSETS flag. [Editor's note: This bug was independently corrected by the vendor in version 3.7.0.]

It is also reported that an overflow may occur in 'tif_dirread.c' when the TIFF file contains a TIFF_ASCII or TIFF_UNDEFINED directory entry.

The vendor was notified on December 17, 2004.

infamous41md[at]hotpop.com is credited with discovering the directory entry overflow flaw.

Impact:   A remote user can create a specially crafted TIFF file that, when loaded by the target user, will execute arbitrary code on the target user's system with the privileges of the target user.
Solution:   Fedora has released a fix, available at:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

0370e65c66788b4476863b29d697247e SRPMS/libtiff-3.6.1-8.fc3.src.rpm
2475b693e8188e003a54e94fca748031 x86_64/libtiff-3.6.1-8.fc3.x86_64.rpm
ba0f1e89001372552094f55dfe05fa66 x86_64/libtiff-
devel-3.6.1-8.fc3.x86_64.rpm
43f170c08e8a6c1c53083d98469d5428 x86_64/debug/libtiff-
debuginfo-3.6.1-8.fc3.x86_64.rpm
eca9284e795fcfe8e43f7fe7c15f8ee4 x86_64/libtiff-3.6.1-8.fc3.i386.rpm
eca9284e795fcfe8e43f7fe7c15f8ee4 i386/libtiff-3.6.1-8.fc3.i386.rpm
59492e392e5b0bd9e66ca8ee82627967 i386/libtiff-
devel-3.6.1-8.fc3.i386.rpm
58ff2cbc072afc35eea2efc2bac42ea4 i386/debug/libtiff-
debuginfo-3.6.1-8.fc3.i386.rpm

Vendor URL:  www.libtiff.org/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Red Hat Fedora)
Underlying OS Comments:  FC3

Message History:   This archive entry is a follow-up to the message listed below.
Dec 22 2004 LibTIFF Overflows in TIFFFetchStripThing() and in Processing Directory Entries May Let Remote Users Execute Arbitrary Code



 Source Message Contents

Subject:  [SECURITY] Fedora Core 3 Update: libtiff-3.6.1-8.fc3


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-577
2004-12-22
---------------------------------------------------------------------

Product     : Fedora Core 3
Name        : libtiff
Version     : 3.6.1                      
Release     : 8.fc3                  
Summary     : A library of functions for manipulating TIFF format image
files.
Description :
The libtiff package contains a library of functions for manipulating
TIFF (Tagged Image File Format) image format files.  TIFF is a widely
used file format for bitmapped images.  TIFF files usually end in the
.tif extension and they are often quite large.

The libtiff package should be installed if you need to manipulate TIFF
format image files.

---------------------------------------------------------------------
Update Information:

Fix several buffer overflow problems that could be used as an exploit.
Fixes the following security advisory: CAN-2004-1308

---------------------------------------------------------------------
* Wed Dec 22 2004 Matthias Clasen <mclasen@redhat.com>

- fix some integer and buffer overflows (#143506)


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

0370e65c66788b4476863b29d697247e  SRPMS/libtiff-3.6.1-8.fc3.src.rpm
2475b693e8188e003a54e94fca748031  x86_64/libtiff-3.6.1-8.fc3.x86_64.rpm
ba0f1e89001372552094f55dfe05fa66  x86_64/libtiff-
devel-3.6.1-8.fc3.x86_64.rpm
43f170c08e8a6c1c53083d98469d5428  x86_64/debug/libtiff-
debuginfo-3.6.1-8.fc3.x86_64.rpm
eca9284e795fcfe8e43f7fe7c15f8ee4  x86_64/libtiff-3.6.1-8.fc3.i386.rpm
eca9284e795fcfe8e43f7fe7c15f8ee4  i386/libtiff-3.6.1-8.fc3.i386.rpm
59492e392e5b0bd9e66ca8ee82627967  i386/libtiff-
devel-3.6.1-8.fc3.i386.rpm
58ff2cbc072afc35eea2efc2bac42ea4  i386/debug/libtiff-
debuginfo-3.6.1-8.fc3.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------



--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC