Vigil@nce - libtiff: buffer overflow via PixarLog
October 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can invite the victim to open a malicious TIFF image
with an application linked to libtiff, in order to create a denial
of service or to execute code.
Impacted products: Unix (platform)
Severity: 2/4
Creation date: 26/09/2012
DESCRIPTION OF THE VULNERABILITY
The libtiff library is used to process TIFF images.
A TIFF image can be compacted using the PixarLog format, which
stores integers on 11 bit.
The PixarLogSetupDecode() function of file libtiff/tif_pixarlog.c
prepares the memory area to store data. However, a short buffer is
allocated because the number of strides is ignored.
An attacker can therefore invite the victim to open a malicious
TIFF image with an application linked to libtiff, in order to
create a denial of service or to execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/libtiff-buffer-overflow-via-PixarLog-11978