Bugtraq mailing list archives

Re: iDEFENSE Security Advisory 12.21.04: libtiff STRIPOFFSETS Integer Overflow Vulnerability

From: Marcus Meissner <meissner () suse de>
Date: Mon, 27 Dec 2004 11:37:02 +0100

On Tue, Dec 21, 2004 at 05:09:30PM -0500, customer service mailbox wrote:

libtiff STRIPOFFSETS Integer Overflow Vulnerability

iDEFENSE Security Advisory 12.21.04
www.idefense.com/application/poi/display?id=173&type=vulnerabilities
December 21, 2004

....

The overflow occurs in the parsing of TIFF files set with the 
STRIPOFFSETS flag in libtiff/tif_dirread.c. In the TIFFFetchStripThing()

function, the number of strips (nstrips) is used directly in a 
CheckMalloc() routine without sanity checking. The call ultimately boils
      
      - SuSE Linux


This problem had already been fixed in SUSE Linux with the last libtiff
update:
        http://www.novell.com/linux/security/advisories/2004_38_libtiff.html

Ciao, Marcus

Attachment: _bin
Description:

Current thread:

iDEFENSE Security Advisory 12.21.04: libtiff STRIPOFFSETS Integer Overflow Vulnerability customer service mailbox (Dec 21)
- Re: iDEFENSE Security Advisory 12.21.04: libtiff STRIPOFFSETS Integer Overflow Vulnerability Dmitry V. Levin (Dec 22)
- Re: iDEFENSE Security Advisory 12.21.04: libtiff STRIPOFFSETS Integer Overflow Vulnerability Moritz Muehlenhoff (Dec 23)
- Re: iDEFENSE Security Advisory 12.21.04: libtiff STRIPOFFSETS Integer Overflow Vulnerability Marcus Meissner (Dec 28)