SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Multimedia)  >   LibTIFF Vendors:   libtiff.org
LibTIFF Buffer Overflows May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1011667
SecurityTracker URL:  http://securitytracker.com/id/1011667
CVE Reference:   CAN-2004-0803   (Links to External Site)
Updated:  Oct 14 2004
Original Entry Date:  Oct 14 2004
Impact:   Execution of arbitrary code via network, User access via network

Version(s): 3.6.1
Description:   Some buffer overflow vulnerabilities were reported in LibTIFF. A remote user may be able to execute arbitrary code on the target user's system.

Gentoo reported that a remote user may be able to create a specially crafted image file that, when processed by the library, will execute arbitrary code with the privileges of the target user.

Chris Evans is credited with discovering these flaws.

The flaws reside in the RLE decoding routines in tif_next.c, tif_thunder.c, and potentially tif_luv.c.

Some demonstration exploit TIFFs are available at:

http://scary.beasts.org/misc/bad_next.tiff

http://scary.beasts.org/misc/bad_thunder.tiff

The original advisory is available at:

http://scary.beasts.org/security/CESA-2004-006.txt
Impact:   A remote user can create TIFF files that, when loaded by the target library, will execute arbitrary code.
Solution:   No upstream solution was available at the time of this entry.
Vendor URL:  www.libtiff.org/ (Links to External Site)
Cause:   Boundary error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Oct 14 2004 (Gentoo Issues Fix) LibTIFF Buffer Overflows May Let Remote Users Execute Arbitrary Code   (Thierry Carrez <koon@gentoo.org>)
Gentoo has released a fix.
Oct 15 2004 (Fedora Issues Fix for FC2) LibTIFF Buffer Overflows May Let Remote Users Execute Arbitrary Code   (Matthias Clasen <mclasen@redhat.com>)
Fedora has released a fix for Fedora Core 2.
Oct 15 2004 (Debian Issues Fix) LibTIFF Buffer Overflows May Let Remote Users Execute Arbitrary Code   (joey@infodrom.org (Martin Schulze))
Debian has released a fix.
Oct 16 2004 (Trustix Issues Fix) LibTIFF Buffer Overflows May Let Remote Users Execute Arbitrary Code   (Trustix Security Advisor <tsl@trustix.org>)
Trustix has released a fix.
Oct 20 2004 (Mandrake Issues Fix) LibTIFF Buffer Overflows May Let Remote Users Execute Arbitrary Code   (Mandrake Linux Security Team <security@linux-mandrake.com>)
Mandrake has issued a fix.
Oct 21 2004 (Mandrake Issues Fix for wxGTK2) LibTIFF Buffer Overflows May Let Remote Users Execute Arbitrary Code   (Mandrake Linux Security Team <security@linux-mandrake.com>)
Mandrake has released a fix for GTK2, which includes libtiff.
Oct 23 2004 (Red Hat Issues Fix) LibTIFF Buffer Overflows May Let Remote Users Execute Arbitrary Code   (bugzilla@redhat.com)
Red Hat has released a fix for Red Hat Enterprise Linux 2.1 and 3.
Oct 29 2004 (Fedroa Issues Fix for KDE on FC2) LibTIFF Buffer Overflows May Let Remote Users Execute Arbitrary Code   (Than Ngo <than@redhat.com>)
Fedora has released a fix for kdegraphics on Fedora Core 2.
Nov 1 2004 (Slackware Issues Fix) LibTIFF Buffer Overflows May Let Remote Users Execute Arbitrary Code   (Slackware Security Team <security@slackware.com>)
Slackware has released a fix.
Nov 8 2004 (Conectiva Issues Fix) LibTIFF Buffer Overflows May Let Remote Users Execute Arbitrary Code   (Conectiva Updates <secure@conectiva.com.br>)
Conectiva has released a fix.
Dec 2 2004 (Apple Issues Fix for AppKit) LibTIFF Buffer Overflows May Let Remote Users Execute Arbitrary Code
Apple has issued a fix for AppKit, which is affected by the libtiff vulnerability.
Dec 6 2004 (Gentoo Issues Fix for PDFlib) LibTIFF Buffer Overflows May Let Remote Users Execute Arbitrary Code   (Luke Macken <lewk@gentoo.org>)
Gentoo has released a fix for PDFlib.
Dec 9 2004 (KDE Issues Fix for kfax) LibTIFF Buffer Overflows May Let Remote Users Execute Arbitrary Code   (Dirk Mueller <mueller@kde.org>)
KDE issues fix for KDE kfax, which is affected by the LibTIFF vulnerability.
Dec 19 2004 (Gentoo Describes Workaround for KDE kfax) LibTIFF Buffer Overflows May Let Remote Users Execute Arbitrary Code   (Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>)
Gentoo has described a workaround for KDE kfax.
Apr 14 2005 (Red Hat Issues Fix for KDE graphics) LibTIFF Buffer Overflows May Let Remote Users Execute Arbitrary Code   (bugzilla@redhat.com)
Red Hat has released a fix for KDE graphics.


 Source Message Contents
Date:  Wed, 13 Oct 2004 21:49:25 -0400
Subject:  [none]


CVE:  CAN-2004-0803

tiff: Buffer overflows in image decoding

Gentoo reported thatthere are several heap-based buffer overflows in the tiff library 
image decoding routines.  A remote user may be able to create a specially crafted
image file that, when processed by the library, will execute arbitrary code with
the privileges of the target user.

xv is also affected, as it links to the vulnerable tiff library.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC