The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of libtiff: buffer overflow via PixarLog

Synthesis of the vulnerability 

An attacker can invite the victim to open a malicious TIFF image with an application linked to libtiff, in order to create a denial of service or to execute code.
Vulnerable systems: BES, Debian, Fedora, Mandriva Linux, openSUSE, RHEL, Slackware, Unix (platform) ~ not comprehensive.
Severity of this threat: 2/4.
Creation date: 26/09/2012.
Références of this weakness: 860198, BID-55673, BSRT-2013-003, CVE-2012-4447, DSA-2561-1, FEDORA-2012-20404, KB33425, MDVSA-2012:174, MDVSA-2013:046, openSUSE-SU-2013:0187-1, RHSA-2012:1590-01, SSA:2013-290-01, VIGILANCE-VUL-11978.

Description of the vulnerability 

The libtiff library is used to process TIFF images.

A TIFF image can be compacted using the PixarLog format, which stores integers on 11 bit.

The PixarLogSetupDecode() function of file libtiff/tif_pixarlog.c prepares the memory area to store data. However, a short buffer is allocated because the number of strides is ignored.

An attacker can therefore invite the victim to open a malicious TIFF image with an application linked to libtiff, in order to create a denial of service or to execute code.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This threat announce impacts software or systems such as BES, Debian, Fedora, Mandriva Linux, openSUSE, RHEL, Slackware, Unix (platform) ~ not comprehensive.

Our Vigil@nce team determined that the severity of this cybersecurity alert is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this security alert.

Solutions for this threat 

BlackBerry Enterprise Server: version et workaround for libtiff.
The following version is corrected:
  BlackBerry Enterprise Server Express : 5.0.4 Interim security update
  BlackBerry Enterprise Server : 5.0.4 MR2
  http://www.blackberry.com/go/serverdownloads
A workaround is to filter the image processing.

Debian: new tiff packages.
New packages are available:
  tiff 3.9.4-5+squeeze6

Fedora: new libtiff packages.
New packages are available:
  libtiff-3.9.7-1.fc16
  libtiff-3.9.7-1.fc17

Mandriva Business Server: new libtiff packages.
New packages are available:
  libtiff-4.0.1-3.1.mbs1

Mandriva: new libtiff packages.
New packages are available:
  libtiff-3.9.5-1.4-mdv2011.0
  libtiff-3.8.2-12.9mdvmes5.2

openSUSE 11.4: new tiff packages.
New packages are available:
  tiff-3.9.4-34.1

RHEL: new libtiff packages.
New packages are available:
  RHEL 5 : libtiff-3.8.2-18
  RHEL 6 : libtiff-3.9.4-9

Slackware: new libtiff packages.
New packages are available:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/libtiff-3.9.7-i486-1_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/libtiff-3.9.7-i486-1_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libtiff-3.9.7-i486-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libtiff-3.9.7-x86_64-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libtiff-3.9.7-i486-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libtiff-3.9.7-x86_64-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/libtiff-3.9.7-i486-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/libtiff-3.9.7-x86_64-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libtiff-3.9.7-i486-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libtiff-3.9.7-x86_64-1_slack14.0.txz
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides cybersecurity analysis. The technology watch team tracks security threats targeting the computer system.