Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[ GLSA 200410-11 ] tiff: Buffer overflows in image decoding
From: Thierry Carrez <koon () gentoo org>
Date: Wed, 13 Oct 2004 16:45:13 +0200

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200410-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: tiff: Buffer overflows in image decoding
      Date: October 13, 2004
        ID: 200410-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple heap-based overflows have been found in the tiff library image
decoding routines, potentially allowing to execute arbitrary code with
the rights of the user viewing a malicious image.

Background
==========

The tiff library contains encoding and decoding routines for the Tag
Image File Format. It is called by numerous programs, including GNOME
and KDE, to help in displaying TIFF images. xv is a multi-format image
manipulation utility that is statically linked to the tiff library.

Affected packages
=================

    -------------------------------------------------------------------
     Package          /   Vulnerable   /                    Unaffected
    -------------------------------------------------------------------
  1  media-libs/tiff      < 3.6.1-r2                       >= 3.6.1-r2
  2  media-gfx/xv         <= 3.10a-r7                      >= 3.10a-r8
    -------------------------------------------------------------------
     2 affected packages on all of their supported architectures.
    -------------------------------------------------------------------

Description
===========

Chris Evans found heap-based overflows in RLE decoding routines in
tif_next.c, tif_thunder.c and potentially tif_luv.c.

Impact
======

A remote attacker could entice a user to view a carefully crafted TIFF
image file, which would potentially lead to execution of arbitrary code
with the rights of the user viewing the image. This affects any program
that makes use of the tiff library, including GNOME and KDE web
browsers or mail readers.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All tiff library users should upgrade to the latest version:

    # emerge sync

    # emerge -pv ">=media-libs/tiff-3.6.1-r2"
    # emerge ">=media-libs/tiff-3.6.1-r2"

xv makes use of the tiff library and needs to be recompiled to receive
the new patched version of the library. All xv users should also
upgrade to the latest version:

    # emerge sync

    # emerge -pv ">=media-gfx/xv-3.10a-r8"
    # emerge ">=media-gfx/xv-3.10a-r8"

References
==========

  [ 1 ] CAN-2004-0803
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200410-11.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security () gentoo org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2004 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/1.0

Attachment: signature.asc
Description: OpenPGP digital signature


  By Date           By Thread  

Current thread:
  • [ GLSA 200410-11 ] tiff: Buffer overflows in image decoding Thierry Carrez (Oct 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]