Vigil@nce: libtiff 3, integer overflow via tile/strip
July 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can invite the victim to open a malicious TIFF image,
in order to create a denial of service or to execute code in
applications linked to libtiff version 3.
– Severity: 2/4
– Creation date: 03/07/2012
IMPACTED PRODUCTS
– Fedora
– Mandriva Enterprise Server
– Mandriva Linux
– openSUSE
– Red Hat Enterprise Linux
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The libtiff library is used to process TIFF images.
The libtiff/tif_tile.c file of libtiff version 3 decodes images
composed of tiles (rectangles). The tif_strip.c file decodes
images composed of strips (lines).
Both files multiply two integers to allocate a memory area.
However, this multiplication can overflow, and the memory area
becomes to short to store data.
An attacker can therefore invite the victim to open a malicious
TIFF image, in order to create a denial of service or to execute
code in applications linked to libtiff version 3.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/libtiff-3-integer-overflow-via-tile-strip-11738