Computer Security

libtiff multiple security vulnerabilities
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



libtiff multiple security vulnerabilities
updated since 07.07.2009
Published:14.07.2009
Source:BUGTRAQ
SecurityVulns ID:10048
Type:library
Level:6/10
Description:Crash on LZWDecodeCompat. Potantial integer overflows in tiff2rgba and rgb2ycbcr.
Affected:LIBTIFF : libtiff 3.8
CVE:CVE-2009-2347 (Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.)
 CVE-2009-2285 (Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.)
Original documentdocumentAndrea Barisani, [oCERT-2009-012] libtiff tools integer overflows (14.07.2009)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru