Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> Gentoo Local Security Checks >> [GLSA-200505-07] libTIFF: Buffer overflow

Vulnerability Assessment Details

[GLSA-200505-07] libTIFF: Buffer overflow
Vulnerability Assessment Summary
libTIFF: Buffer overflow

Detailed Explanation for this Vulnerability Assessment
The remote host is affected by the vulnerability described in GLSA-200505-07
(libTIFF: Buffer overflow)


Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a
stack based buffer overflow in the libTIFF library when reading a TIFF
image with a malformed BitsPerSample tag.

Impact

Successful exploitation would require the victim to open a
specially crafted TIFF image, resulting in the execution of arbitrary
code.

Workaround

There is no known workaround at this time.

References:
http://bugzilla.remotesensing.org/show_bug.cgi?id=843


Solution:
All libTIFF users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/tiff-3.7.2"


Network Security Threat Level: Medium


Networks Security ID:

Vulnerability Assessment Copyright: (C) 2005 Michel Arboi
Cables, Connectors


Vintage 5362 IBM System/36 Mini-Computer Mainframe 5291 2, CRT Terminal DM12N501 picture

Vintage 5362 IBM System/36 Mini-Computer Mainframe 5291 2, CRT Terminal DM12N501

$249.99


Vintage Family owned Atari 1200xl computer sold as is tested turns on with cable picture

Vintage Family owned Atari 1200xl computer sold as is tested turns on with cable

$299.99


Magitronic Quad Speed Creative picture

Magitronic Quad Speed Creative

$150.00


IBM Type 4869 External 5 1/4in Floppy Disk Drive Mainframe Collection - UNTESTED picture

IBM Type 4869 External 5 1/4in Floppy Disk Drive Mainframe Collection - UNTESTED

$65.00


IBM 3390 DASD Hard Drive 10.8” from Vintage Mainframe picture

IBM 3390 DASD Hard Drive 10.8” from Vintage Mainframe

$325.00


VINTAGE IBM Type 4869 External 5 1/4

VINTAGE IBM Type 4869 External 5 1/4" ~ Floppy Disk Drive Mainframe ~

$159.99


IBM Type 4869 External 5 1/4in Floppy Disk Drive Mainframe Collection picture

IBM Type 4869 External 5 1/4in Floppy Disk Drive Mainframe Collection

$130.99


Cray Research Supercomputer Cray X-MP ECL Logic Board picture

Cray Research Supercomputer Cray X-MP ECL Logic Board

$149.99


IVIS Mainframe Mechanical Keyboard RJ11 Wired Keyboard Mainframe Collection picture

IVIS Mainframe Mechanical Keyboard RJ11 Wired Keyboard Mainframe Collection

$584.99


Xargon 1 Beyond Reality RARE Game Floppy 3.5” Floppy Mainframe Collection picture

Xargon 1 Beyond Reality RARE Game Floppy 3.5” Floppy Mainframe Collection

$349.99


Discussions

Warning: mysql_connect(): Too many connections in /home/vscan/public_html/comments.php on line 3

Warning: mysql_select_db() expects parameter 2 to be resource, boolean given in /home/vscan/public_html/comments.php on line 4

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home/vscan/public_html/comments.php on line 16

No Discussions have been posted on this vulnerability.