|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
libtiff: buffer overflow via PixarLog
Synthesis of the vulnerability
An attacker can invite the victim to open a malicious TIFF image with an application linked to libtiff, in order to create a denial of service or to execute code.
Vulnerable systems: BES, Debian, Fedora, Mandriva Linux, openSUSE, RHEL, Slackware, Unix (platform) ~ not comprehensive.
Severity of this threat: 2/4.
Consequences of a hack: user access/rights, denial of service on client.
Pirate's origin: document.
Creation date: 26/09/2012.
Références of this weakness: 860198, BID-55673, BSRT-2013-003, CVE-2012-4447, DSA-2561-1, FEDORA-2012-20404, KB33425, MDVSA-2012:174, MDVSA-2013:046, openSUSE-SU-2013:0187-1, RHSA-2012:1590-01, SSA:2013-290-01, VIGILANCE-VUL-11978.
Description of the vulnerability
The libtiff library is used to process TIFF images.
A TIFF image can be compacted using the PixarLog format, which stores integers on 11 bit.
The PixarLogSetupDecode() function of file libtiff/tif_pixarlog.c prepares the memory area to store data. However, a short buffer is allocated because the number of strides is ignored.
An attacker can therefore invite the victim to open a malicious TIFF image with an application linked to libtiff, in order to create a denial of service or to execute code.
Full Vigil@nce bulletin... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides applications vulnerabilities alerts. The technology watch team tracks security threats targeting the computer system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.