FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

tiff -- Multiple integer overflows

Affected packages
tiff < 3.9.4
linux-f10-tiff < 3.9.4
linux-tiff < 3.9.4

Details

VuXML ID 8816bf3a-7929-11df-bcce-0018f3e2eb82
Discovery 2009-05-22
Entry 2010-06-16

Tielei Wang:

Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.

References

CVE Name CVE-2009-2347
URL http://www.ocert.org/advisories/ocert-2009-012.html
URL http://www.remotesensing.org/libtiff/v3.9.4.html