LibTIFF TiffFetchShortPair远程缓冲区溢出漏洞

2006-12-06T00:00:00
ID SSV:720
Type seebug
Reporter Root
Modified 2006-12-06T00:00:00

Description

Libtiff是一种TIFF规范的标准ANSI C实现库。 Libtiff包含的tif_dirread.c存在多个堆栈溢出,远程攻击者可以利用漏洞以应用进程权限执行任意命令。 TIFFFetchShortPair()用于从输入文件中读取两个无符号短整数,其通过CheckDirCount()进行边界检查,但对tdir_count数据缺少正确检查,可导致拒绝服务攻击,也可能以应用进程权限执行任意命令。

S.u.S.E. UnitedLinux 1.0 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 10.1 S.u.S.E. Linux Enterprise Server for S/390 9.0 S.u.S.E. Linux Enterprise Server for S/390 S.u.S.E. Linux Enterprise Server 9 S.u.S.E. Linux Enterprise Server 10 + Linux kernel 2.6.5 S.u.S.E. Linux Enterprise SDK 10 S.u.S.E. Linux Desktop 1.0 rPath rPath Linux 1 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Linux Mandrake 2006.0 x86_64 MandrakeSoft Linux Mandrake 2006.0 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 LibTIFF LibTIFF 3.8.2 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 alpha + Debian Linux 3.1 LibTIFF LibTIFF 3.8.1 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 alpha + Debian Linux 3.1 LibTIFF LibTIFF 3.8 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 alpha + Debian Linux 3.1 LibTIFF LibTIFF 3.7.3 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 alpha + Debian Linux 3.1 LibTIFF LibTIFF 3.7.2 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 alpha + Debian Linux 3.1 LibTIFF LibTIFF 3.7.1 LibTIFF LibTIFF 3.7 + Slackware Linux 10.0 + Slackware Linux -current LibTIFF LibTIFF 3.6.1 + Gentoo Linux 1.4 + Gentoo Linux + OpenPKG OpenPKG Current + Turbolinux Turbolinux Server 10.0 + Ubuntu Ubuntu Linux 5.0 4 powerpc + Ubuntu Ubuntu Linux 5.0 4 i386 + Ubuntu Ubuntu Linux 5.0 4 amd64 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 LibTIFF LibTIFF 3.6 .0 LibTIFF LibTIFF 3.5.7 + RedHat Fedora Core2 + Slackware Linux 9.1 + Slackware Linux 9.0 + Slackware Linux 8.1 + Turbolinux Appliance Server Hosting Edition 1.0 + Turbolinux Appliance Server Workgroup Edition 1.0 + Turbolinux Turbolinux Desktop 10.0 + Turbolinux Turbolinux Server 8.0 LibTIFF LibTIFF 3.5.5 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 + Turbolinux Turbolinux Server 7.0 + Turbolinux Turbolinux Workstation 8.0 + Turbolinux Turbolinux Workstation 7.0 LibTIFF LibTIFF 3.5.4 LibTIFF LibTIFF 3.5.3 LibTIFF LibTIFF 3.5.2 LibTIFF LibTIFF 3.5.1 LibTIFF LibTIFF 3.4

<a href="http://www.libtiff.org/" target="_blank">http://www.libtiff.org/</a>