Vigil@nce - libtiff: unreachable memory reading via bmp2tiff
December 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can force a read at an invalid address in bmp2tiff of
libtiff, in order to trigger a denial of service.
Impacted products: LibTIFF
Severity: 1/4
Creation date: 23/12/2014
DESCRIPTION OF THE VULNERABILITY
The bmp2tiff tool of the libtiff suite converts a BMP image to a
TIFF image.
However, the tif_packbits.c file tries to read a memory area which
is not reachable, which triggers a fatal error.
An attacker can therefore force a read at an invalid address in
bmp2tiff of libtiff, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/libtiff-unreachable-memory-reading-via-bmp2tiff-15873