The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of libtiff: integer overflow of tiff2pdf

Synthesis of the vulnerability 

An attacker can invite the victim to open a malicious TIFF image with tiff2pdf, in order to create a denial of service or to execute code.
Vulnerable software: Debian, Fedora, Junos Space, LibTIFF, Mandriva Linux, openSUSE, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity of this announce: 2/4.
Creation date: 20/06/2012.
Références of this computer vulnerability: BID-54076, CERTA-2012-AVI-343, CVE-2012-2113, DSA-2552-1, FEDORA-2012-10081, FEDORA-2012-10089, JSA11023, MDVSA-2012:101, MDVSA-2013:046, openSUSE-SU-2012:0829-1, RHSA-2012:1054-01, SSA:2013-290-01, SUSE-SU-2012:0894-1, VIGILANCE-VUL-11725.

Description of the vulnerability 

The tiff2pdf tool of the libtiff suite is used to convert a TIFF image to a PDF document.

The t2p_read_tiff_size() function of the tools/tiff2pdf.c file reads the size of the TIFF image. This function computes several multiplications and additions. However, these operations can overflow, and lead to the allocation of a short memory area.

An attacker can therefore invite the victim to open a malicious TIFF image with tiff2pdf, in order to create a denial of service or to execute code.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security weakness impacts software or systems such as Debian, Fedora, Junos Space, LibTIFF, Mandriva Linux, openSUSE, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.

Our Vigil@nce team determined that the severity of this threat bulletin is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this threat.

Solutions for this threat 

libtiff: version 4.0.2.
The version 4.0.2 is corrected:
  ftp://ftp.remotesensing.org/pub/libtiff

libtiff: version 3.9.7.
The version 3.9.7 is fixed:
  http://www.remotesensing.org/libtiff/

libtiff: patch for tiff2pdf.
A patch is available in information sources.

Debian: new tiff packages (27/09/2012).
New packages are available:
  tiff 3.9.4-5+squeeze5

Fedora: new libtiff packages.
New packages are available:
  libtiff-3.9.6-1.fc16
  libtiff-3.9.6-1.fc17

Junos Space: version 20.1R1.
The version 20.1R1 is fixed:
  https://www.juniper.net/support/downloads/

Mandriva Business Server: new libtiff packages.
New packages are available:
  libtiff-4.0.1-3.1.mbs1

Mandriva: new libtiff packages.
New packages are available:
  libtiff-3.9.2-2.7mdv2010.2
  libtiff-3.9.5-1.2-mdv2011.0
  libtiff-3.8.2-12.7mdvmes5.2

RHEL: new libtiff packages.
New packages are available:
  libtiff-3.8.2-15.el5_8
  libtiff-3.9.4-6.el6_3

Slackware: new libtiff packages.
New packages are available:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/libtiff-3.9.7-i486-1_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/libtiff-3.9.7-i486-1_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libtiff-3.9.7-i486-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libtiff-3.9.7-x86_64-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libtiff-3.9.7-i486-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libtiff-3.9.7-x86_64-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/libtiff-3.9.7-i486-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/libtiff-3.9.7-x86_64-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libtiff-3.9.7-i486-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libtiff-3.9.7-x86_64-1_slack14.0.txz

Solaris 10: patch for libtiff.
A patch is available:
  SPARC: 119900-15
  X86: 119901-14

Solaris 11: patch 11/11 SRU 10.5.
A patch is available:
  https://support.oracle.com/CSP/main/article?type=NOT&id=1484475.1

SUSE: new tiff packages.
New packages are available:
  openSUSE 11.4 : libtiff-3.9.4-28.1
  openSUSE 12.1 : libtiff-3.9.5-8.7.1
  SUSE LE 10 : libtiff-3.8.2-5.28.1
  SUSE LE 11 : libtiff-3.8.2-141.146.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a network vulnerability note. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.