Home / vulnerabilities Libtiff 4.0.3 Integer Overflow
Posted on 23 December 2014
Source : packetstormsecurity.org Link
----------
Background
----------
Libtiff provides support for the Tag Image File Format (TIFF), a widely
used format for storing image data.
----------------
Software Version
----------------
All tests were performed using libtiff 4.0.3
-----------
Description
-----------
Fuzzing bmp2tiff, using the afl-fuzzer, revealed an integer overflow
issue related to the dimensions of the input BMP image. The issue
resulted in an out-of-bounds memory read which causes the application to
crash. Details can be found at
http://bugzilla.maptools.org/show_bug.cgi?id=2494.
--------
Timeline
--------
2014-12-09 Discovery reported to libtiff bug tracker
2014-12-21 Issue was fixed
2014-12-22 Public Disclosure
-------
Credits
-------
Reported by Paris Zoumpouloglou of Project Zero labs
--
Project Zero Labs
@projectzerolabs
https://www.projectzero.gr
