SecurityTracker: LibTIFF Buffer Underflow in LZWDecodeCompat() Lets Remote Users Deny Service

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > LibTIFF

Vendors: libtiff.org

LibTIFF Buffer Underflow in LZWDecodeCompat() Lets Remote Users Deny Service

SecurityTracker Alert ID: 1022426

SecurityTracker URL: http://securitytracker.com/id/1022426

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Jun 22 2009

Impact: Denial of service via network

Fix Available: Yes Vendor Confirmed: Yes

Description: A vulnerability was reported in LibTIFF. A remote user can cause denial of service conditions.

A remote user can create a specially crafted file that, when loaded by the target application, will trigger a buffer underflow in LZWDecodeCompat() and cause the application to crash.

The vulnerability resides in 'tif_lzw.c'.

Code execution was not confirmed in the report.

wololo reported this vulnerability.

Impact: A remote user can cause the target application to crash.

Solution: The vendor has issued a source code fix, available via CVS.

Vendor URL: www.libtiff.org/ (Links to External Site)

Cause: Boundary error

Underlying OS: Linux (Any), UNIX (Any)

Message History: None.

Source Message Contents

Date: Mon, 22 Jun 2009 09:17:35 -0400
Subject: LibTIFF


> A crafted TIFF can crash libtiff in LZWDecodeCompat via underflow

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2012, SecurityGlobal.net LLC