The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of libtiff: memory corruption via tiff2pdf

Synthesis of the vulnerability 

An attacker can invite the victim to open a malicious TIFF image with tiff2pdf, in order to create a denial of service or to execute code.
Impacted products: Debian, Fedora, Junos Space, LibTIFF, Mandriva Linux, openSUSE, Solaris, Trusted Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity of this bulletin: 2/4.
Creation date: 19/07/2012.
Références of this threat: 837577, BID-54601, CERTA-2012-AVI-434, CVE-2012-3401, DSA-2552-1, FEDORA-2012-10978, FEDORA-2012-11000, JSA11023, MDVSA-2012:127, MDVSA-2013:046, openSUSE-SU-2012:0955-1, RHSA-2012:1590-01, SUSE-SU-2012:0919-1, VIGILANCE-VUL-11781.

Description of the vulnerability 

The tiff2pdf tool of the libtiff suite is used to convert a TIFF image to a PDF document.

A TIFF image contains one or several IFD (Image File Directory) indicating specific parameters ("tags") for the image (BitsPerSample, ColorMap, etc.).

The t2p_read_tiff_init() function of the tools/tiff2pdf.c file reads TIFF data. It uses the TIFFSetDirectory() function to skip to the next IFD. If the IFD is malformed, the TIFFSetDirectory() function fails, but the t2p_read_tiff_init() function does not return an error. The tiff2pdf program thus continues to write in memory.

An attacker can therefore invite the victim to open a malicious TIFF image with tiff2pdf, in order to create a denial of service or to execute code.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer weakness note impacts software or systems such as Debian, Fedora, Junos Space, LibTIFF, Mandriva Linux, openSUSE, Solaris, Trusted Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES.

Our Vigil@nce team determined that the severity of this security bulletin is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this weakness announce.

Solutions for this threat 

libtiff: version 4.0.3.
The version 4.0.3 is corrected:
  http://www.remotesensing.org/libtiff/

libtiff: version 3.9.7.
The version 3.9.7 is fixed:
  http://www.remotesensing.org/libtiff/

libtiff: patch for tiff2pdf.
A patch is available in information sources.

Debian: new tiff packages (27/09/2012).
New packages are available:
  tiff 3.9.4-5+squeeze5

Fedora: new libtiff packages.
New packages are available:
  libtiff-3.9.6-2.fc16
  libtiff-3.9.6-2.fc17

Junos Space: version 20.1R1.
The version 20.1R1 is fixed:
  https://www.juniper.net/support/downloads/

Mandriva Business Server: new libtiff packages.
New packages are available:
  libtiff-4.0.1-3.1.mbs1

Mandriva: new libtiff packages.
New packages are available:
  libtiff-3.9.5-1.3-mdv2011.0
  libtiff-3.8.2-12.8mdvmes5.2

RHEL: new libtiff packages.
New packages are available:
  RHEL 5 : libtiff-3.8.2-18
  RHEL 6 : libtiff-3.9.4-9

Solaris 11: version 11/11 SRU 12.4.
The version 11/11 SRU 12.4 is available:
  https://support.oracle.com/rs?type=doc&id=1497909.1

Solaris 8, 9, 10: patch for libtiff.
A patch is available:
  Solaris 8 :
    Contact support.
  Solaris 9 :
    Contact support.
  Solaris 10 :
    SPARC: 119900-16
    X86: 119901-15

SUSE: new libtiff packages.
New packages are available:
  openSUSE 11.4 : libtiff-3.9.4-31.1
  openSUSE 12.1 : libtiff-3.9.5-8.10.1
  SUSE LE 10 : libtiff-3.8.2-5.30.5
  SUSE LE 11 : libtiff-3.8.2-141.148.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a cybersecurity announce. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.