Vigil@nce: LibTIFF, code execution via LZW
August 2008 by Vigil@nce
An attacker can create a malicious TIFF image in order to execute
code on the computer of victims displaying this image with an
application linked to LibTIFF.
– Gravity: 2/4
– Consequences: user access/rights
– Provenance: document
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 27/08/2008
– Identifier: VIGILANCE-VUL-8062
IMPACTED PRODUCTS
- Debian Linux [confidential versions]
- Unix - plateform
DESCRIPTION
The LibTIFF library provides support for TIFF images (Tagged Image
File Format).
A TIFF image can optionally use the LZW (Lempel-Ziv-Welch)
compression algorithm. These images are decoded by the LZWDecode()
and LZWDecodeCompat() functions of tif_lzw.c file.
However, these functions do not correctly handle the CODE_CLEAR
value, which leads to a buffer underflow.
An attacker can therefore create a malicious TIFF image in order
to execute code on the computer of victims displaying this image
with an application linked to LibTIFF.
CHARACTERISTICS
– Identifiers: BID-30832, CVE-2008-2327, DSA 1632-1,
VIGILANCE-VUL-8062
– Url: https://vigilance.aql.fr/tree/1/8062