Info

Disclosure

Oct 18, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in libTIFF. LibTIFF divides by zero when receiving a TIFF image where the row bytes are equal to zero resulting in a integer overflow. With a specially crafted TIFF image, an attacker can cause the application to crash resulting in a loss of availability.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Unknown
Disclosure: Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Debian has released a patch to address this vulnerability.

Products

libtiff

3.6.1

References

Security Tracker: 1011724
Secunia Advisory ID: 12851 12885 12928 12947 12949 13043 13128 13373 13559 14791 14819 14893 14949 17645
ISS X-Force ID: 17755
CVE ID: 2004-0804 (see also: NVD)
CERT VU: 555304
Vendor Specific Advisory URL: ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://bugzilla.remotesensing.org/show_bug.cgi?id=111
http://docs.info.apple.com/article.html?artnum=61798
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57769-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1
http://support.avaya.com/elmodocs2/security/ASA-2005-002_RHSA-2004-577.pdf
http://www.debian.org/security/2004/dsa-567
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:109
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:111
Other Advisory URL: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.19/SCOSA-2005.19.txt http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888
http://rhn.redhat.com/errata/RHSA-2004-577.html
http://rhn.redhat.com/errata/RHSA-2005-021.html
http://rhn.redhat.com/errata/RHSA-2005-354.html
http://security.gentoo.org/glsa/glsa-200412-02.xml
http://www.gentoo.org/security/en/glsa/glsa-200412-17.xml
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.408946
http://www.suse.de/de/security/2004_38_libtiff.html
Vendor Specific News/Changelog Entry: http://bugs.gentoo.org/show_bug.cgi?id=69043
Vendor URL: http://www.libtiff.org/
Keyword: SCOSA-2005.49

Credit

Matthias Clasen -

Direct URL: http://osvdb.org/10909