|
oss-sec
mailing list archives
tiff2pdf: Heap-based buffer overflow due to improper initialization of T2P context struct pointer
From: Huzaifa Sidhpurwala <huzaifas () redhat com>
Date: Thu, 19 Jul 2012 08:15:59 +0530
Hi All,
I found the following flaw in the tiff2pdf tool, shipped with libtiff:
A heap-based buffer overflow flaw was found in the way tiff2pdf, a TIFF
image to a PDF document conversion tool, of libtiff, a library of
functions for manipulating TIFF (Tagged Image File Format) image format
files, performed write of TIFF image content into particular PDF
document file, when not properly initialized T2P context struct pointer
has been provided by tiff2pdf (application requesting the conversion)
as one of parameters for the routine performing the write. A remote
attacker could provide a specially-crafted TIFF image format file, that
when processed by tiff2pdf would lead to tiff2pdf executable crash or,
potentially, arbitrary code execution with the privileges of the user
running the tiff2pdf binary.
This issue has been assigned CVE-2012-3401.
Reference:
https://bugzilla.redhat.com/show_bug.cgi?id=837577
The relevant patch for the issue has been applied to upstream
libtiff-4.0.2 branch
Thanks!
--
Huzaifa Sidhpurwala / Red Hat Security Response Team
 By Date 
By Thread
Current thread:
- tiff2pdf: Heap-based buffer overflow due to improper initialization of T2P context struct pointer Huzaifa Sidhpurwala (Jul 19)
|
