we track for your security since 1999

vulnerabilities

The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them.

recent vulnerabilities

tracked products

RSS feed

vulnerability

vulnerability bulletin CVE-2012-2088

libtiff 3: integer overflow via tile/strip

Synthesis of the vulnerability

An attacker can invite the victim to open a malicious TIFF image, in order to create a denial of service or to execute code in applications linked to libtiff version 3.
Impacted products: BES, Fedora, MBS, MES, Mandriva Linux, openSUSE, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Unix (platform).
Severity: 2/4.
Creation date: 03/07/2012.
Identifiers: 810551, 832864, BID-54270, BSRT-2013-003, CVE-2012-2088, FEDORA-2012-10081, FEDORA-2012-10089, KB33425, MDVSA-2012:101, MDVSA-2013:046, openSUSE-SU-2012:0829-1, RHSA-2012:1054-01, SUSE-SU-2012:0894-1, VIGILANCE-VUL-11738.

Description of the vulnerability

The libtiff library is used to process TIFF images.

The libtiff/tif_tile.c file of libtiff version 3 decodes images composed of tiles (rectangles). The tif_strip.c file decodes images composed of strips (lines).

Both files multiply two integers to allocate a memory area. However, this multiplication can overflow, and the memory area becomes to short to store data.

An attacker can therefore invite the victim to open a malicious TIFF image, in order to create a denial of service or to execute code in applications linked to libtiff version 3.
Complete Vigil@nce bulletin.... (free access)

Share this bulletin

Computer vulnerabilities tracking service

Vigil@nce provides application vulnerability patches. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The technology watch team tracks security threats targeting the computer system.