Home page logo
/

oss-sec logo oss-sec mailing list archives

libtiff: Stack based buffer overflow when handling DOTRANGE tags
From: Huzaifa Sidhpurwala <huzaifas () redhat com>
Date: Wed, 28 Nov 2012 11:16:14 +0530

Hi All,

I found a stack-based buffer overflow in the way libtiff handled
DOTRANGE tags. An attacker could use this flaw to create a specially-
crafted TIFF file that, when opened, would cause an application linked
against libtiff to crash or, possibly, execute arbitrary code.

This issue is fixed in libtiff-4.0.2

We have assigned CVE-2012-5581 to this issue.

Reference:
https://bugzilla.redhat.com/show_bug.cgi?id=867235



--
Huzaifa Sidhpurwala / Red Hat Security Response Team


  By Date           By Thread  

Current thread:
  • libtiff: Stack based buffer overflow when handling DOTRANGE tags Huzaifa Sidhpurwala (Nov 28)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]