libtiff (tiff2pdf) Multiple Buffer Overflow

2013.05.02
Risk: High
Local: Yes
Remote: Yes
CWE: CWE-119

Two flaws were reported to us in tiff2pdf utility shipped with the libtiff library. Details as follows: 1. CVE-2013-1961 libtiff (tiff2pdf): Stack-based buffer overflow with malformed image-length and resolution A stack-based buffer overflow was found in the way tiff2pdf, a TIFF image to a PDF document conversion tool, of libtiff, a library of functions for manipulating TIFF (Tagged Image File Format) image format files, performed write of TIFF image content into particular PDF document file, when malformed image-length and resolution values are used in the TIFF file. A remote attacker could provide a specially- crafted TIFF image format file, that when processed by tiff2pdf would lead to tiff2pdf executable crash. Reference: https://bugzilla.redhat.com/show_bug.cgi?id=952131 2. CVE-2013-1960 libtiff (tiff2pdf): Heap-based buffer overflow in t2_process_jpeg_strip() A heap-based buffer overflow flaw was found in the way tiff2pdf, a TIFF image to a PDF document conversion tool, of libtiff, a library of functions for manipulating TIFF (Tagged Image File Format) image format files, performed write of TIFF image content into particular PDF document file, in the tp_process_jpeg_strip() function. A remote attacker could provide a specially-crafted TIFF image format file, that when processed by tiff2pdf would lead to tiff2pdf executable crash or, potentially, arbitrary code execution with the privileges of the user running the tiff2pdf binary. Reference: https://bugzilla.redhat.com/show_bug.cgi?id=952158 The enclosed bugs contains the relevant patches. -- Huzaifa Sidhpurwala / Red Hat Security Response Team

References:

https://bugzilla.redhat.com/show_bug.cgi?id=952158
https://bugzilla.redhat.com/show_bug.cgi?id=952131
http://seclists.org/oss-sec/2013/q2/255


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top