The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of libtiff: integer overflow of FAX3

Synthesis of the vulnerability 

An attacker can invite the victim to open a malicious compressed TIFF image in format FAX3, in order to execute code in applications linked to libtiff.
Impacted software: Debian, Fedora, LibTIFF, Mandriva Linux, openSUSE, RHEL, Slackware, SLES.
Severity of this computer vulnerability: 2/4.
Creation date: 14/06/2010.
Références of this announce: BID-40823, CERTA-2002-AVI-279, CERTA-2010-AVI-262, CVE-2010-1411, DSA-2084-1, FEDORA-2010-10333, FEDORA-2010-10334, FEDORA-2010-10359, FEDORA-2010-10460, FEDORA-2010-10469, MDVSA-2010:145, MDVSA-2010:146, RHSA-2010:0519-01, RHSA-2010:0520-01, SSA:2010-180-02, SUSE-SR:2010:014, VIGILANCE-VUL-9706.

Description of the vulnerability 

The libtiff library is used to manage TIFF images.

The CCITT FAX3 compression algorithm can be applied on black and white TIFF images. The libtiff/tif_fax3.c file manages these images.

The Fax3SetupState() function of the tif_fax3.c file incorrectly computes sizes of memory areas to allocate. This integer overflow corrupts the memory.

An attacker can therefore invite the victim to open a malicious compressed TIFF image in format FAX3, in order to execute code in applications linked to libtiff.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security announce impacts software or systems such as Debian, Fedora, LibTIFF, Mandriva Linux, openSUSE, RHEL, Slackware, SLES.

Our Vigil@nce team determined that the severity of this threat is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this computer vulnerability announce.

Solutions for this threat 

libtiff: version 3.9.3.
Version 3.9.3 is corrected:
  http://www.remotesensing.org/libtiff/

libtiff: patch for FAX3.
A patch is available in information sources.

Debian: new tiff packages.
New packages are available:
  http://security.debian.org/pool/updates/main/t/tiff/*_3.8.2-11.3_*.deb

Fedora 11: new libtiff packages.
New packages are available:
  libtiff-3.8.2-15.fc11

Fedora: new libtiff packages (06/07/2010).
New packages are available:
  libtiff-3.9.4-1.fc12
  libtiff-3.9.4-1.fc13

Fedora: new mingw32-libtiff packages.
New packages are available:
  mingw32-libtiff-3.9.4-1.fc12
  mingw32-libtiff-3.9.4-1.fc13

Mandriva: new libtiff packages (09/08/2010).
New packages are available:
  Mandriva Linux 2008.0: libtiff-3.8.2-8.3mdv2008.0
  Mandriva Linux 2009.0: libtiff-3.8.2-12.3mdv2009.0
  Mandriva Linux 2009.1: libtiff-3.8.2-13.2mdv2009.1
  Mandriva Linux 2010.0: libtiff-3.9.1-4.1mdv2010.0
  Mandriva Linux 2010.1: libtiff-3.9.2-2.1mdv2010.1
  Corporate 4.0: libtiff-3.6.1-12.9.20060mlcs4
  Mandriva Enterprise Server 5: libtiff-3.8.2-12.3mdvmes5.1

RHEL 3: new libtiff packages.
New packages are available:
Red Hat Enterprise Linux version 3:
  libtiff-3.5.7-34.el3

RHEL 4, 5: new libtiff packages.
New packages are available:
Red Hat Enterprise Linux version 4:
  libtiff-3.6.1-12.el4_8.5
Red Hat Enterprise Linux version 5:
  libtiff-3.8.2-7.el5_5.5

Slackware: new libtiff packages.
New packages are available:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/libtiff-3.8.2-i386-2_slack9.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/libtiff-3.8.2-i486-2_slack9.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/libtiff-3.8.2-i486-2_slack10.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/libtiff-3.8.2-i486-2_slack10.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/libtiff-3.8.2-i486-2_slack10.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/libtiff-3.8.2-i486-3_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/libtiff-3.8.2-i486-4_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/libtiff-3.8.2-i486-4_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/libtiff-3.8.2-i486-4_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libtiff-3.8.2-i486-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libtiff-3.8.2-x86_64-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libtiff-3.9.4-i486-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libtiff-3.9.4-x86_64-1_slack13.1.txz

SUSE: new packages (02/08/2010).
New packages are available, as indicated in information sources.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides software vulnerabilities analysis. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.