Actu
Vigil@nce: libtiff, several vulnerabilities
July 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can invite the victim to open a malicious TIFF image,
in order to generate a denial of service or to execute code in
applications linked to libtiff.
– Severity: 2/4
– Creation date: 24/06/2010
DESCRIPTION OF THE VULNERABILITY
The libtiff library is used to manage TIFF images. Several
vulnerabilities were announced in libtiff.
An attacker can force TIFFExtractData() to read after the end of
data, which stops the application. [severity:1/4; CVE-2010-2481]
An attacker can force TIFFVGetField() to dereference a NULL
pointer, which stops the application. [severity:1/4; 589145,
CVE-2010-2443]
An attacker can generate a buffer overflow in TIFFRGBAImageGet(),
in order to execute code. [severity:2/4; 2216, 591605,
CVE-2010-2483]
An attacker can generate an integer overflow in tif_getimage(),
which stops the application. [severity:1/4; 2207, CVE-2010-2233]
An attacker can use malicious ReferenceBlackWhite values, in order
to stop the application. [severity:1/4; 2208]
An attacker can generate an assertion error in OJPEGPostDecode(),
which stops the application. [severity:1/4; 2209]
An attacker can force td_stripbytecount() to dereference a NULL
pointer, which stops the application. [severity:1/4; CVE-2010-2482]
An attacker can therefore invite the victim to open a malicious
TIFF image, in order to generate a denial of service or to execute
code in applications linked to libtiff.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/libtiff-several-vulnerabilities-9727
