Info

Disclosure

Feb 09, 2009

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Apr 09, 2011

Description

LibTIFF is prone to an overflow condition. The OJPEGReadHeaderInfoSecStreamSof() function fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted TIFF file, a context-dependent attacker can potentially cause arbitrary code execution.

Classification

Location: Local / Remote, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Unknown
Disclosure: Vendor Verified

Solution

Upgrade to version 3.9.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

libtiff.org

libtiff

3.9.4

References

Security Tracker: 1025380
CVE ID: 2009-5022 (see also: NVD)
Exploit Database: 22681
Secunia Advisory ID: 44226 44242 44271 44394 44891 49856 50726
Bugtraq ID: 47338
ISS X-Force ID: 66774
VUPEN Advisory: ADV-2011-1014 ADV-2011-1082
Vendor Specific News/Changelog Entry: http://bugzilla.maptools.org/show_bug.cgi?id=1999
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058478.html
http://lists.opensuse.org/opensuse-updates/2011-04/msg00078.html
http://www.gentoo.org/security/en/glsa/glsa-201209-02.xml
http://www.irfanview.com/main_history.htm
http://www.remotesensing.org/libtiff/v3.9.5.html
https://bugzilla.redhat.com/show_bug.cgi?id=695885
https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-April/001314.html
Mail List Post: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058478.html
Other Advisory URL: http://openwall.com/lists/oss-security/2011/04/12/10
http://www.mandriva.com/security/advisories?name=MDVSA-2011:078
http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=64&Itemid=64
http://www.ubuntu.com/usn/USN-1120-1
Vendor Specific Advisory URL: http://www.debian.org/security/2011/dsa-2256
Vendor URL: http://www.libtiff.org/
RedHat RHSA: https://rhn.redhat.com/errata/RHSA-2011-0452.html
RHSA-2011:0452

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/72260