OSVDB ID: 84090

Title: LibTIFF tools/tiff2pdf.c t2p_read_tiff_init() Function T2P Struct Pointer TIFF Image Handling Overflow

Info

Disclosure

Jul 19, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Jul 18, 2012

Description

LibTIFF is prone to an overflow condition. The t2p_read_tiff_init() function in tools/tiff2pdf.c fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted T2p struct pointer in a TIFF image, a remote attacker can potentially execute arbitrary code.

Classification

Location: Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS, Upgrade
Exploit: Exploit Unknown
Disclosure: Vendor Verified

Solution

Upgrade to version 3.9.7, 4.0.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

libtiff.org	libtiff	4.0.2
		3.9.1
		3.9.2
		3.9.3
		3.9.4
		3.9.5
		3.9.6
		4.0.0
		4.0.1

References

CVE ID: 2012-3401 (see also: NVD)
Secunia Advisory ID: 49938 50007 50104 50726 50761 50911 51582 52429
Bugtraq ID: 54601
Vendor Specific News/Changelog Entry: http://freecode.com/projects/libtiff/releases/348382
http://lists.opensuse.org/opensuse-updates/2012-08/msg00011.html
http://www.debian.org/security/2012/dsa-2552
http://www.gentoo.org/security/en/glsa/glsa-201209-02.xml
http://www.remotesensing.org/libtiff/v4.0.3.html
http://www.ubuntu.com/usn/usn-1511-1/
https://blogs.oracle.com/sunsecurity/entry/cve_2012_3401_denial_of
https://bugzilla.redhat.com/show_bug.cgi?id=837577
Vendor Specific Solution URL: http://libjpeg-turbo.svn.sourceforge.net/viewvc/libjpeg-turbo?view=revision&revision=830
Vendor Specific Advisory URL: http://rss.xerox.com/~r/security-bulletins/~5/LLTGnhmbIMY/cert_XRX13-004_v1.01.pdf
http://rss.xerox.com/~r/security-bulletins/~5/xzeGn6t7q7c/cert_XRX13-003_v1.0.pdf
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
Mail List Post: http://seclists.org/oss-sec/2012/q3/88
Vendor URL: http://www.libtiff.org/
RedHat RHSA: RHSA-2012:1590

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/84090

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

libtiff.org

libtiff

References

Credit