LibTIFF STRIPOFFSETS Flag TIFFFetchStripThing() Function Overflow

2004-12-21T10:03:35
ID OSVDB:12556
Type osvdb
Reporter infamous41md(infamous41md@hotpop.com)
Modified 2004-12-21T10:03:35

Description

Vulnerability Description

A local overflow exists in LibTIFF. The TIFFFetchStripThing() function fails to validate the nstrips variable resulting in a buffer overflow. With a specially crafted file, a malicious user can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Upgrade to version 3.7.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A local overflow exists in LibTIFF. The TIFFFetchStripThing() function fails to validate the nstrips variable resulting in a buffer overflow. With a specially crafted file, a malicious user can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.remotesensing.org/libtiff/ Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1012651 Secunia Advisory ID:13629 Secunia Advisory ID:13744 Secunia Advisory ID:13776 Secunia Advisory ID:13850 Secunia Advisory ID:15227 Secunia Advisory ID:13607 Secunia Advisory ID:13666 Secunia Advisory ID:13746 Secunia Advisory ID:13939 Secunia Advisory ID:14893 Related OSVDB ID: 12555 RedHat RHSA: RHSA-2005:019 Other Advisory URL: http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities Other Advisory URL: http://www.debian.org/security/2004/dsa-617 Other Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:002 Other Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:001 Other Advisory URL: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.19/SCOSA-2005.19.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-12/0295.html CVE-2004-1307 Bugtraq ID: 13480