Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 19 Jul 2012 08:15:59 +0530
From: Huzaifa Sidhpurwala <huzaifas@...hat.com>
To: oss-security@...ts.openwall.com
Subject: tiff2pdf: Heap-based buffer overflow due to improper initialization
 of T2P context struct pointer

Hi All,

I found the following flaw in the tiff2pdf tool, shipped with libtiff:

A heap-based buffer overflow flaw was found in the way tiff2pdf, a TIFF
image to a PDF document conversion tool, of libtiff, a library of
functions for manipulating TIFF (Tagged Image File Format) image format
files, performed write of TIFF image content into particular PDF
document file, when not properly initialized T2P context struct pointer
has been provided by tiff2pdf (application requesting the conversion)
as one of parameters for the routine performing the write. A remote
attacker could provide a specially-crafted TIFF image format file, that
when processed by tiff2pdf would lead to tiff2pdf executable crash or,
potentially, arbitrary code execution with the privileges of the user
running the tiff2pdf binary.

This issue has been assigned CVE-2012-3401.

Reference:
https://bugzilla.redhat.com/show_bug.cgi?id=837577

The relevant patch for the issue has been applied to upstream
libtiff-4.0.2 branch

Thanks!


-- 
Huzaifa Sidhpurwala / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ