oss-sec mailing list archives
Re: tiff2pdf: Heap-based buffer overflow due to improper initialization of T2P context struct pointer
From: Henri Salo <henri () nerv fi>
Date: Thu, 19 Jul 2012 18:28:50 +0300
On Thu, Jul 19, 2012 at 08:15:59AM +0530, Huzaifa Sidhpurwala wrote:
Hi All, I found the following flaw in the tiff2pdf tool, shipped with libtiff: A heap-based buffer overflow flaw was found in the way tiff2pdf, a TIFF image to a PDF document conversion tool, of libtiff, a library of functions for manipulating TIFF (Tagged Image File Format) image format files, performed write of TIFF image content into particular PDF document file, when not properly initialized T2P context struct pointer has been provided by tiff2pdf (application requesting the conversion) as one of parameters for the routine performing the write. A remote attacker could provide a specially-crafted TIFF image format file, that when processed by tiff2pdf would lead to tiff2pdf executable crash or, potentially, arbitrary code execution with the privileges of the user running the tiff2pdf binary. This issue has been assigned CVE-2012-3401. Reference: https://bugzilla.redhat.com/show_bug.cgi?id=837577 The relevant patch for the issue has been applied to upstream libtiff-4.0.2 branch Thanks! -- Huzaifa Sidhpurwala / Red Hat Security Response Team
Do you know which versions are affected? - Henri Salo
Current thread:
- tiff2pdf: Heap-based buffer overflow due to improper initialization of T2P context struct pointer Huzaifa Sidhpurwala (Jul 18)
- Re: tiff2pdf: Heap-based buffer overflow due to improper initialization of T2P context struct pointer Henri Salo (Jul 19)
- Re: tiff2pdf: Heap-based buffer overflow due to improper initialization of T2P context struct pointer Huzaifa Sidhpurwala (Jul 19)
- Re: tiff2pdf: Heap-based buffer overflow due to improper initialization of T2P context struct pointer Solar Designer (Sep 22)
- CVE Request: libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression Huzaifa Sidhpurwala (Sep 25)
- Re: CVE Request: libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression Kurt Seifried (Sep 25)
- Re: CVE Request: libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression Sebastian Krahmer (Sep 25)
- Re: CVE Request: libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression Huzaifa Sidhpurwala (Sep 26)
- Re: CVE Request: libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression Tom Lane (Sep 26)
- CVE Request: libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression Huzaifa Sidhpurwala (Sep 25)
- Re: tiff2pdf: Heap-based buffer overflow due to improper initialization of T2P context struct pointer Henri Salo (Jul 19)