FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

tiff -- buffer overflow vulnerability

Affected packages
tiff < 3.7.3
linux-tiff < 3.6.1_3
pdflib < 6.0.1_2
pdflib-perl < 6.0.1_2
gdal < 1.2.1_2
ivtools < 1.2.3
paraview < 2.4.3
fractorama < 1.6.7_1
0 < iv
0 < ja-iv
0 < ja-libimg

Details

VuXML ID 68222076-010b-11da-bc08-0001020eed82
Discovery 2005-05-10
Entry 2005-07-30
Modified 2006-06-08

A Gentoo Linux Security Advisory reports:

Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a stack based buffer overflow in the libTIFF library when reading a TIFF image with a malformed BitsPerSample tag.

Successful exploitation would require the victim to open a specially crafted TIFF image, resulting in the execution of arbitrary code.

[source]

References

CVE Name CVE-2005-1544
URL http://bugzilla.remotesensing.org/show_bug.cgi?id=843
URL http://www.gentoo.org/security/en/glsa/glsa-200505-07.xml
URL http://www.remotesensing.org/libtiff/v3.7.3.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.