Vigil@nce - libtiff: two vulnerabilities
June 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can invite the victim to open a malicious TIFF image,
in order to execute code in applications linked to libtiff.
Severity: 2/4
Creation date: 22/06/2010
DESCRIPTION OF THE VULNERABILITY
The libtiff library is used to manage TIFF images. Two
vulnerabilities were announced in libtiff.
An integer overflow in the TIFFroundup() function generates an
allocation error in tif_ojpeg.c and tif_read.c files.
[severity:2/4; BID-41011, CVE-2010-2065]
A TIFF image containing a long SubjectDistance field generates a
buffer overflow in tif_dirread.c. [severity:2/4; BID-41012,
CVE-2010-2067]
An attacker can therefore invite the victim to open a malicious
TIFF image, in order to execute code in applications linked to
libtiff.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/libtiff-two-vulnerabilities-9721