Pardus: Tiff: Buffer Underflow

Posted by Benjamin D. Thomas

malicious people to cause a DoS (Denial of Service) or to potentially compromise an application using the library.


--==============35351732=Content-Type: multipart/alternative; boundary1636988a0b4322a4046d8d62ba

--001636988a0b4322a4046d8d62ba
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

------------------------------------------------------------------------
Pardus Linux Security Advisory 2009-97            security@pardus.org.tr
------------------------------------------------------------------------

      Date: 2009-06-30
  Severity: 3
      Type: Remote
------------------------------------------------------------------------

Summary
======
A vulnerability has been reported in LibTIFF, which can be exploited by

malicious people to cause a DoS (Denial of Service) or  to  potentially
compromise an application using the library.


Description
==========
The  vulnerability is  caused  due  to  a  boundary  error  within  the

"LZWDecodeCompat()" function in libtiff/tif_lzw.c. This can be exploited
to cause a buffer underflow via a specially crafted TIFF file.



Affected packages:

  Pardus 2008:
    tiff, all before 3.8.2-10-4


Resolution
=========
There are update(s) for tiff. You can update them via Package Manager or
with a single command from console:

    pisi up tiff

References
=========
  * http://bugs.pardus.org.tr/show_bug.cgi?id113

  * http://secunia.com/advisories/35515
  * http://bugzilla.maptools.org/show_bug.cgi?id 65
  * http://www.lan.st/showthread.php?t56&page=3