The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of libtiff 3: integer overflow via tile/strip

Synthesis of the vulnerability 

An attacker can invite the victim to open a malicious TIFF image, in order to create a denial of service or to execute code in applications linked to libtiff version 3.
Vulnerable systems: BES, Fedora, Junos Space, LibTIFF, Mandriva Linux, openSUSE, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity of this threat: 2/4.
Creation date: 03/07/2012.
Références of this weakness: 810551, 832864, BID-54270, BSRT-2013-003, CVE-2012-2088, FEDORA-2012-10081, FEDORA-2012-10089, JSA11023, KB33425, MDVSA-2012:101, MDVSA-2013:046, openSUSE-SU-2012:0829-1, RHSA-2012:1054-01, SSA:2013-290-01, SUSE-SU-2012:0894-1, VIGILANCE-VUL-11738.

Description of the vulnerability 

The libtiff library is used to process TIFF images.

The libtiff/tif_tile.c file of libtiff version 3 decodes images composed of tiles (rectangles). The tif_strip.c file decodes images composed of strips (lines).

Both files multiply two integers to allocate a memory area. However, this multiplication can overflow, and the memory area becomes to short to store data.

An attacker can therefore invite the victim to open a malicious TIFF image, in order to create a denial of service or to execute code in applications linked to libtiff version 3.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer vulnerability announce impacts software or systems such as BES, Fedora, Junos Space, LibTIFF, Mandriva Linux, openSUSE, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.

Our Vigil@nce team determined that the severity of this cybersecurity bulletin is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this threat alert.

Solutions for this threat 

libtiff: version 3.9.7.
The version 3.9.7 is fixed:
  http://www.remotesensing.org/libtiff/

libtiff 3: patch for tile/strip.
A patch is available in information sources.

BlackBerry Enterprise Server: version et workaround for libtiff.
The following version is corrected:
  BlackBerry Enterprise Server Express : 5.0.4 Interim security update
  BlackBerry Enterprise Server : 5.0.4 MR2
  http://www.blackberry.com/go/serverdownloads
A workaround is to filter the image processing.

Fedora: new libtiff packages.
New packages are available:
  libtiff-3.9.6-1.fc16
  libtiff-3.9.6-1.fc17

Junos Space: version 20.1R1.
The version 20.1R1 is fixed:
  https://www.juniper.net/support/downloads/

Mandriva Business Server: new libtiff packages.
New packages are available:
  libtiff-4.0.1-3.1.mbs1

Mandriva: new libtiff packages.
New packages are available:
  libtiff-3.9.2-2.7mdv2010.2
  libtiff-3.9.5-1.2-mdv2011.0
  libtiff-3.8.2-12.7mdvmes5.2

RHEL: new libtiff packages.
New packages are available:
  libtiff-3.8.2-15.el5_8
  libtiff-3.9.4-6.el6_3

Slackware: new libtiff packages.
New packages are available:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/libtiff-3.9.7-i486-1_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/libtiff-3.9.7-i486-1_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libtiff-3.9.7-i486-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libtiff-3.9.7-x86_64-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libtiff-3.9.7-i486-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libtiff-3.9.7-x86_64-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/libtiff-3.9.7-i486-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/libtiff-3.9.7-x86_64-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libtiff-3.9.7-i486-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libtiff-3.9.7-x86_64-1_slack14.0.txz

Solaris 10: patch for libtiff.
A patch is available:
  SPARC: 119900-15
  X86: 119901-14

Solaris 11: patch 11/11 SRU 10.5.
A patch is available:
  https://support.oracle.com/CSP/main/article?type=NOT&id=1484475.1

SUSE: new tiff packages.
New packages are available:
  openSUSE 11.4 : libtiff-3.9.4-28.1
  openSUSE 12.1 : libtiff-3.9.5-8.7.1
  SUSE LE 10 : libtiff-3.8.2-5.28.1
  SUSE LE 11 : libtiff-3.8.2-141.146.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a systems vulnerabilities bulletin. The Vigil@nce vulnerability database contains several thousand vulnerabilities.