Date: Fri, 02 Nov 2012 15:53:07 +0530 From: Huzaifa Sidhpurwala <huzaifas@...hat.com> To: oss-security@...ts.openwall.com Subject: libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file Hi All, A flaw was found in the way ppm2tiff, a tool to create a TIFF file from PPM, PGM and PBM image files, did not check the return value of TIFFScanlineSize() function. When TIFFScanlineSize encountered an integer-overflow and returned zero, this value was not checked. A remote attacker could provide a specially-crafted PPM image format file, that when processed by ppm2tiff would lead to ppm2tiff executable crash or, potentially, arbitrary code execution with the privileges of the user running the ppm2tiff binary. Reference: https://bugzilla.redhat.com/show_bug.cgi?id=871700 -- Huzaifa Sidhpurwala / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ