INFORMATION BULLETIN
INFORMATION BULLETIN
| PROBLEM: | Vulnerabilities were discovered in libtiff, the Tag Image file Format library for processing TIFF graphics files. |
| PLATFORM: | Debian GNU/Linux 3.0 alias woody Red Hat Desktop (v. 3) Red Hat Enterprise Linux AS, ES, WS (v. 2.1) and (v. 3) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor SGI ProPack 3 Service Pack 1 SGI ProPack 3 Service Pack 5 Mac OS X v10.2.x and v10.3.x Mac OS X Servers v10.2.x and v10.3.x Solaris 7, 8, 9 and 10 |
| DAMAGE: | An attacker could prepare a specially crafted TIFF graphic that would cause a client to execute arbitrary code or crash. |
| SOLUTION: | Apply the available package updates. |
| VULNERABILITY ASSESSMENT: |
The risk is LOW. An attacker must entice a user to open a malicious file with an application that uses a vulnerable TIFF graphics files. Opening the file may then cause a denial of service or execute arbitrary code with the privileges of the running application. |
REVISION HISTORY:
10/22/2004 - Add a link to Red Hat RHSA-2004:577-16 for Red Hat Desktop (v.3)
and Enterprise Linux AS, ES, WS (v. 2.1) and (v. 3).
10/28/2004 - Added a link to SGI Security Advisory 20041004-01-U that provides
Patch 10112 for SGI ProPack 3 Service Pack 1 addressing this
vulnerability.
12/06/2004 - Added Apple products to Platforms. Added link to
Apple's Security Update 2004-12-02. This information also on our
CIRC Bulletin P-049.
04/01/2005 - Added a link to Red Hat RHSA-2005:354-03 that provides updates for
the vulnerabilities described in CAN-2004-0803 and CAN-2004-0804.
04/12/2005 - revised to add a link to Red Hat RHSA-2005:021-09.
04/21/2005 - Added a link to SGI Security Advisory 20050404-01-U that provides
Patch 10164 for SGI ProPack 3 Service Pack 5.
04/26/2005 - Added a link to Sun Alert ID: 57769 that provides patches for
Solaris 7, 8, 9, and 10.
10/27/2005 - Impact Section in Sun Alert ID: 101677, formerly 57769 had been revised.
[***** Start Debian Security Advisory DSA 567-1 *****]
Debian Security Advisory
DSA-567-1 tiff -- heap overflows
Date Reported: 15 Oct 2004
Affected Packages: tiff
Vulnerable: Yes
Security database references:
In Mitre's CVE dictionary: CAN-2004-0803, CAN-2004-0804, CAN-2004-0886.
More information:
Several problems have been discovered in libtiff, the Tag Image File Format
library for processing TIFF graphics files. An attacker could prepare a specially
crafted TIFF graphic that would cause the client to execute arbitrary code or
crash. The Common Vulnerabilities and Exposures Project has identified the
following problems:
CAN-2004-0803
Chris Evans discovered several problems in the RLE (run length encoding)
decoders that could lead to arbitrary code execution.
CAN-2004-0804
Matthias Clasen discovered a division by zero through an integer overflow.
CAN-2004-0886
Dmitry V. Levin discovered several integer overflows that caused malloc issues
which can result to either plain crash or memory corruption.
For the stable distribution (woody) these problems have been fixed in version
3.5.5-6woody1.
For the unstable distribution (sid) these problems have been fixed in version
3.6.1-2.
We recommend that you upgrade your libtiff package.
Fixed in:
Debian GNU/Linux 3.0 (woody)
MD5 checksums of the listed files are available in the original advisory.
[***** End Debian Security Advisory DSA 567-1 *****]
Voice: +1 866-941-2472 (7 x 24)
E-mail: doecirc@doecirc.energy.gov
World Wide Web: http://www.doecirc.energy.gov/