[LUG-Ischia] tiff: Buffer overflows in image decoding

Linux User Group Ischia info@lug-ischia.org
Gio 14 Ott 2004 14:43:07 CEST 

http://www.gentoo.org/security/en/glsa/glsa-200410-11.xml 

1. Gentoo Linux Security Advisory 

Version Information
Advisory Reference 	GLSA 200410-11 / tiff
Release Date 	October 13, 2004
Latest Revision 	October 13, 2004: 01
Impact 	normal
Exploitable 	remote
Package 	Vulnerable versions 	Unaffected versions 	Architecture(s)
media-libs/tiff 	< 3.6.1-r2 	>= 3.6.1-r2 	All supported architectures
media-gfx/xv 	<= 3.10a-r7 	>= 3.10a-r8 	All supported architectures 

Related bugreports: No related gentoo bugreports 

Synopsis
Multiple heap-based overflows have been found in the tiff library image 
decoding routines, potentially allowing to execute arbitrary code with the 
rights of the user viewing a malicious image. 

2. Impact Information 

Background 

The tiff library contains encoding and decoding routines for the Tag Image 
File Format. It is called by numerous programs, including GNOME and KDE, to 
help in displaying TIFF images. xv is a multi-format image manipulation 
utility that is statically linked to the tiff library. 

Description 

Chris Evans found heap-based overflows in RLE decoding routines in 
tif_next.c, tif_thunder.c and potentially tif_luv.c. 

Impact 

A remote attacker could entice a user to view a carefully crafted TIFF image 
file, which would potentially lead to execution of arbitrary code with the 
rights of the user viewing the image. This affects any program that makes 
use of the tiff library, including GNOME and KDE web browsers or mail 
readers. 

3. Resolution Information 

Workaround 

There is no known workaround at this time. 

Resolution 

All tiff library users should upgrade to the latest version: 

Code Listing 3.1 

   # emerge sync 

   # emerge -pv ">=media-libs/tiff-3.6.1-r2"
   # emerge ">=media-libs/tiff-3.6.1-r2" 

xv makes use of the tiff library and needs to be recompiled to receive the 
new patched version of the library. All xv users should also upgrade to the 
latest version: 

Code Listing 3.2 

   # emerge sync 

   # emerge -pv ">=media-gfx/xv-3.10a-r8"
   # emerge ">=media-gfx/xv-3.10a-r8" 

4. References 

   * CAN-2004-0803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803 


########################################
......--.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
....|@_ @|   Linux User Group Ischia   ~
....|:_/ |          LUG-Ischia         ~
...//   \ \  @:. info@lug-ischia.org   ~
..(|     | ) www:.www.lug-ischia.org   ~
./'\_   _/~\  http://ischia.linux.it   ~
.\___)=(___/~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Maggiori informazioni sulla lista lugischia