FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

tiff -- directory entry count integer overflow vulnerability

Affected packages
tiff < 3.7.1
linux-tiff < 3.6.1_1
pdflib < 6.0.1_1
pdflib-perl < 6.0.1_1
gdal < 1.2.1_2
ivtools < 1.2.3
paraview < 2.4.3
fractorama < 1.6.7_1
0 < iv
0 < ja-iv
0 < ja-libimg

Details

VuXML ID fc7e6a42-6012-11d9-a9e7-0001020eed82
Discovery 2004-12-17
Entry 2005-01-06
Modified 2006-06-08

In an iDEFENSE Security Advisory infamous41md reports:

Remote exploitation of a heap-based buffer overflow vulnerability within the LibTIFF package could allow attackers to execute arbitrary code.

The vulnerability specifically exists due to insufficient validation of user-supplied data when calculating the size of a directory entry. A TIFF file includes a number of directory entry header fields that describe the data in the file. Included in these entries is an entry count and offset value that are calculated to determine the size and location of the data for that entry.

References

Bugtraq ID 12075
CERT/CC Vulnerability Note 125598
CVE Name CVE-2004-1308
URL http://www.idefense.com/application/poi/display?id=174&type=vulnerabilities