oss-sec mailing list archives
Fwd: Two libtiff (tiff2pdf flaws)
From: Huzaifa Sidhpurwala <huzaifas () redhat com>
Date: Thu, 02 May 2013 09:51:39 +0530
Re-sending -------- Original Message -------- Subject: Two libtiff (tiff2pdf flaws) Date: Thu, 02 May 2013 09:30:26 +0530 From: Huzaifa Sidhpurwala <huzaifas () redhat com> To: oss-security () lists openwall com Hi all, Two flaws were reported to us in tiff2pdf utility shipped with the libtiff library. Details as follows: 1. CVE-2013-1961 libtiff (tiff2pdf): Stack-based buffer overflow with malformed image-length and resolution A stack-based buffer overflow was found in the way tiff2pdf, a TIFF image to a PDF document conversion tool, of libtiff, a library of functions for manipulating TIFF (Tagged Image File Format) image format files, performed write of TIFF image content into particular PDF document file, when malformed image-length and resolution values are used in the TIFF file. A remote attacker could provide a specially- crafted TIFF image format file, that when processed by tiff2pdf would lead to tiff2pdf executable crash. Reference: https://bugzilla.redhat.com/show_bug.cgi?id=952131 2. CVE-2013-1960 libtiff (tiff2pdf): Heap-based buffer overflow in t2_process_jpeg_strip() A heap-based buffer overflow flaw was found in the way tiff2pdf, a TIFF image to a PDF document conversion tool, of libtiff, a library of functions for manipulating TIFF (Tagged Image File Format) image format files, performed write of TIFF image content into particular PDF document file, in the tp_process_jpeg_strip() function. A remote attacker could provide a specially-crafted TIFF image format file, that when processed by tiff2pdf would lead to tiff2pdf executable crash or, potentially, arbitrary code execution with the privileges of the user running the tiff2pdf binary. Reference: https://bugzilla.redhat.com/show_bug.cgi?id=952158 The enclosed bugs contains the relevant patches. -- Huzaifa Sidhpurwala / Red Hat Security Response Team
Current thread:
- Two libtiff (tiff2pdf flaws) Huzaifa Sidhpurwala (May 01)
- Fwd: Two libtiff (tiff2pdf flaws) Huzaifa Sidhpurwala (May 01)