From: Secunia Security Advisories (sec-advsecunia.com)
Date: Thu Jan 06 2005 - 07:36:36 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
LibTIFF Unspecified tiffdump Integer Overflow Vulnerability

SECUNIA ADVISORY ID:
SA13728

VERIFY ADVISORY:
http://secunia.com/advisories/13728/

CRITICAL:
Moderately critical

IMPACT:
DoS, System access

WHERE:
From remote

SOFTWARE:
LibTIFF 3.x
http://secunia.com/product/4053/

DESCRIPTION:
Dmitry V. Levin has reported a vulnerability in LibTIFF, which
potentially can be exploited by malicious people to compromise a
user's system.

The vulnerability is caused due to an unspecified integer overflow in
the tiffdump utility.

Successful exploitation may potentially allow execution of arbitrary
code, but requires that a user is tricked into checking a malicious
TIFF image with the tiffdump utility.

SOLUTION:
Secunia is currently not aware of an official updated version, which
addresses the vulnerability.

Updated packages have been issued by some Linux vendors.

PROVIDED AND/OR DISCOVERED BY:
Dmitry V. Levin

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]