Vigil@nce - libtiff: integer overflow of tiff2pdf
July 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can invite the victim to open a malicious TIFF image
with tiff2pdf, in order to create a denial of service or to
execute code.
Severity: 2/4
Creation date: 20/06/2012
IMPACTED PRODUCTS
– Mandriva Enterprise Server
– Mandriva Linux
– openSUSE
– Red Hat Enterprise Linux
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The tiff2pdf tool of the libtiff suite is used to convert a TIFF
image to a PDF document.
The t2p_read_tiff_size() function of the tools/tiff2pdf.c file
reads the size of the TIFF image. This function computes several
multiplications and additions. However, these operations can
overflow, and lead to the allocation of a short memory area.
An attacker can therefore invite the victim to open a malicious
TIFF image with tiff2pdf, in order to create a denial of service
or to execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/libtiff-integer-overflow-of-tiff2pdf-11725