Home page logo

oss-sec logo oss-sec mailing list archives

tiff2pdf: Heap-based buffer overflow due to improper initialization of T2P context struct pointer
From: Huzaifa Sidhpurwala <huzaifas () redhat com>
Date: Thu, 19 Jul 2012 08:15:59 +0530

Hi All,

I found the following flaw in the tiff2pdf tool, shipped with libtiff:

A heap-based buffer overflow flaw was found in the way tiff2pdf, a TIFF
image to a PDF document conversion tool, of libtiff, a library of
functions for manipulating TIFF (Tagged Image File Format) image format
files, performed write of TIFF image content into particular PDF
document file, when not properly initialized T2P context struct pointer
has been provided by tiff2pdf (application requesting the conversion)
as one of parameters for the routine performing the write. A remote
attacker could provide a specially-crafted TIFF image format file, that
when processed by tiff2pdf would lead to tiff2pdf executable crash or,
potentially, arbitrary code execution with the privileges of the user
running the tiff2pdf binary.

This issue has been assigned CVE-2012-3401.


The relevant patch for the issue has been applied to upstream
libtiff-4.0.2 branch


Huzaifa Sidhpurwala / Red Hat Security Response Team

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]