vulnerability bulletin CVE-2012-2088
libtiff 3: integer overflow via tile/strip
Synthesis of the vulnerability
An attacker can invite the victim to open a malicious TIFF image, in order to create a denial of service or to execute code in applications linked to libtiff version 3.Impacted products:
BES, Fedora, MBS, MES, Mandriva Linux, openSUSE, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Unix (platform).
810551, 832864, BID-54270, BSRT-2013-003, CVE-2012-2088, FEDORA-2012-10081, FEDORA-2012-10089, KB33425, MDVSA-2012:101, MDVSA-2013:046, openSUSE-SU-2012:0829-1, RHSA-2012:1054-01, SUSE-SU-2012:0894-1, VIGILANCE-VUL-11738.
Description of the vulnerability
The libtiff library is used to process TIFF images.
The libtiff/tif_tile.c file of libtiff version 3 decodes images composed of tiles (rectangles). The tif_strip.c file decodes images composed of strips (lines).
Both files multiply two integers to allocate a memory area. However, this multiplication can overflow, and the memory area becomes to short to store data.
An attacker can therefore invite the victim to open a malicious TIFF image, in order to create a denial of service or to execute code in applications linked to libtiff version 3.Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides application vulnerability patches
. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The technology watch team tracks security threats targeting the computer system.