SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   LibTIFF Vendors:   libtiff.org
LibTIFF Integer Overflow in bmp2tiff Lets Remote Users Deny Service
SecurityTracker Alert ID:  1031442
SecurityTracker URL:  http://securitytracker.com/id/1031442
CVE Reference:   CVE-2014-9330   (Links to External Site)
Date:  Dec 24 2014
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.0.3; possibly prior versions
Description:   A vulnerability was reported in LibTIFF. A remote user can cause denial of service conditions.

A remote user can send a specially crafted BMP image that, when processed by the library, will trigger an integer overflow in bmp2tiff and cause the target application to crash.

Paris Zoumpouloglou of Project Zero labs reported this vulnerability.

Impact:   A remote user can cause the target application to crash.
Solution:   The vendor has issued a source code fix.
Vendor URL:  www.libtiff.org/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Aug 2 2016 (Red Hat Issues Fix) LibTIFF Integer Overflow in bmp2tiff Lets Remote Users Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 6.
Aug 2 2016 (CentOS Issues Fix) LibTIFF Integer Overflow in bmp2tiff Lets Remote Users Deny Service
CentOS has issued a fix for CentOS 6.
Aug 2 2016 (Oracle Issues Fix for Oracle Linux) LibTIFF Integer Overflow in bmp2tiff Lets Remote Users Deny Service
Oracle has issued a fix for Oracle Linux 6.
Aug 2 2016 (Oracle Issues Fix for Oracle Linux) LibTIFF Integer Overflow in bmp2tiff Lets Remote Users Deny Service
Oracle has issued a fix for Oracle Linux 7.



 Source Message Contents

Subject:  [FD] CVE-2014-9330: Libtiff integer overflow in bmp2tiff

----------
Background
----------

Libtiff provides support for the Tag Image File Format (TIFF), a widely 
used format for storing image data.

----------------
Software Version
----------------

All tests were performed using libtiff 4.0.3

-----------
Description
-----------

Fuzzing bmp2tiff, using the afl-fuzzer, revealed an integer overflow 
issue related to the dimensions of the input BMP image. The issue 
resulted in an out-of-bounds memory read which causes the application to 
crash. Details can be found at 
http://bugzilla.maptools.org/show_bug.cgi?id=2494.

--------
Timeline
--------

2014-12-09 Discovery reported to libtiff bug tracker
2014-12-21 Issue was fixed
2014-12-22 Public Disclosure

-------
Credits
-------

Reported by Paris Zoumpouloglou of Project Zero labs

-- 
Project Zero Labs

@projectzerolabs
https://www.projectzero.gr

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC