Heap-based buffer overflow in LibTIFF - CVE-2012-3401

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which. A remote attacker can use a crafted TIFF image that triggers a heap-based buffer overflow. to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2012-3401

Sources

• http://libjpeg-turbo.svn.sourceforge.net/viewvc/libjpeg-turbo?view=revision&revision=830
• http://lists.opensuse.org/opensuse-updates/2012-08/msg00011.html
• http://osvdb.org/84090
• http://rhn.redhat.com/errata/RHSA-2012-1590.html
• http://secunia.com/advisories/49938
• http://secunia.com/advisories/50007
• http://secunia.com/advisories/50726
• http://security.gentoo.org/glsa/glsa-201209-02.xml
• http://www.debian.org/security/2012/dsa-2552
• http://www.mandriva.com/security/advisories?name=MDVSA-2012:127
• http://www.openwall.com/lists/oss-security/2012/07/19/1
• http://www.openwall.com/lists/oss-security/2012/07/19/4
• http://www.securityfocus.com/bid/54601
• http://www.ubuntu.com/usn/USN-1511-1
• http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
• https://bugzilla.redhat.com/attachment.cgi?id=596457
• https://bugzilla.redhat.com/show_bug.cgi?id=837577
• https://exchange.xforce.ibmcloud.com/vulnerabilities/77088