Info

Disclosure

Oct 14, 2004

Discovery

Unknown

Dates

Exploit

Oct 14, 2004

Solution

Unknown

Description

A local overflow exists in LibTIFF. LibTIFF fails to decode a specially crafted image resulting in a heap-based overflow during RLE decoding in tif_next.c and in tif_thunder.c. There may be heap-based overflows when doing RLE decoding in tif_luv.c. With a specially crafted image, an attacker can cause a buffer overflow resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified, Vendor Verified

Solution

Upgrade to version 3.7.0beta2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

libtiff

3.6.1

References

Security Tracker: 1011667 1011725 1011731
Secunia Advisory ID: 12818 12824 12832 12851 12885 12928 12947 12949 13020 13043 13128 13373 13394 13559 13749 14791 14819 14893 14949 16266 17645
ISS X-Force ID: 17703
CVE ID: 2004-0803 (see also: NVD)
CERT VU: 948752
Vendor Specific Advisory URL: ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://docs.info.apple.com/article.html?artnum=61798
http://security.gentoo.org/glsa/glsa-200410-11.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57769-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1
http://support.avaya.com/elmodocs2/security/ASA-2005-002_RHSA-2004-577.pdf
http://www.debian.org/security/2004/dsa-567
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:109
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:111
Other Advisory URL: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.19/SCOSA-2005.19.txt http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000914
http://rhn.redhat.com/errata/RHSA-2004-577.html
http://rhn.redhat.com/errata/RHSA-2005-021.html
http://rhn.redhat.com/errata/RHSA-2005-354.html
http://scary.beasts.org/security/CESA-2004-006.txt
http://security.gentoo.org/glsa/glsa-200412-02.xml
http://www.gentoo.org/security/en/glsa/glsa-200412-17.xml
http://www.kde.org/info/security/advisory-20041209-1.txt
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.408946
http://www.suse.de/de/security/2004_38_libtiff.html
http://www.ubuntulinux.org/support/documentation/usn/usn-156-1
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-12/0100.html
Vendor Specific News/Changelog Entry: http://bugs.gentoo.org/show_bug.cgi?id=69043
Keyword: SCOSA-2005.49

Credit

Chris Evans - chrisscary.beasts.org -

Direct URL: http://osvdb.org/10750