[37997] in bugtraq
Re: iDEFENSE Security Advisory 12.21.04: libtiff STRIPOFFSETS Integer Overflow Vulnerability
daemon@ATHENA.MIT.EDU (Marcus Meissner)
Tue Dec 28 13:53:23 2004
Date: Mon, 27 Dec 2004 11:37:02 +0100
From: Marcus Meissner <meissner@suse.de>
To: customer service mailbox <customerservice@idefense.com>
Cc: bugtraq@securityfocus.com, vulnwatch@vulnwatch.org
Message-ID: <20041227103702.GC1448@suse.de>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="0vzXIDBeUiKkjNJl"
Content-Disposition: inline
In-Reply-To: <1CE07882ECEE894CA2D5A89B8DEBC4010A2DE4@porgy.admin.idefense.com>
--0vzXIDBeUiKkjNJl
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Dec 21, 2004 at 05:09:30PM -0500, customer service mailbox wrote:
> libtiff STRIPOFFSETS Integer Overflow Vulnerability
>=20
> iDEFENSE Security Advisory 12.21.04
> www.idefense.com/application/poi/display?id=3D173&type=3Dvulnerabilities
> December 21, 2004
=2E...
> The overflow occurs in the parsing of TIFF files set with the=20
> STRIPOFFSETS flag in libtiff/tif_dirread.c. In the TIFFFetchStripThing()
>=20
> function, the number of strips (nstrips) is used directly in a=20
> CheckMalloc() routine without sanity checking. The call ultimately boils
> =09
> - SuSE Linux=20
This problem had already been fixed in SUSE Linux with the last libtiff
update:
http://www.novell.com/linux/security/advisories/2004_38_libtiff.html
Ciao, Marcus
--0vzXIDBeUiKkjNJl
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBz+XO6nvzlwF1Yj4RAorUAJ0bpqf3NGHbV1BvVGoBLB/i421xbwCeISJX
cuGY6iBft7C4laDgSgrhhpM=
=5qLY
-----END PGP SIGNATURE-----
--0vzXIDBeUiKkjNJl--
