GLSA-200501-06 : tiff: New overflows in image decoding

NASLDB: GLSA-200501-06 : tiff: New overflows in image decoding

General

ID: 16397
Name: GLSA-200501-06 : tiff: New overflows in image decoding

Summary: Checks for updated package(s) in /var/db/pkg

Credits: –

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: –

Port: 0
Family: Gentoo Local Security Checks
Type: Local

Description

The remote host is affected by the vulnerability described in GLSA-200501-06
(tiff: New overflows in image decoding)

infamous41md found a potential integer overflow in the directory
entry count routines of the TIFF library (CAN-2004-1308). Dmitry V.
Levin found another similar issue in the tiffdump utility
(CAN-2004-1183).

Impact :

A remote attacker could entice a user to view a carefully crafted
TIFF image file, which would potentially lead to execution of arbitrary
code with the rights of the user viewing the image. This affects any
program that makes use of the TIFF library, including many web browsers
or mail readers.

Workaround :

There is no known workaround at this time.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2004-1183
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: 2005/01/06
Patch Release: 2005/01/05
Plugin Release: 2005/02/14

Plugin

Version: 1.14
Filename: gentoo_GLSA-200501-06.nasl
Filesize: 3748 bytes
MD5 Hash: bd91ed964af69d022ebc0c8196562924

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list
Dependencies: "ssh_get_info.nasl"

Latest Plugins

Latest Plugins

scip AG