LibTiff TIFFFetchData整数溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110154 漏洞类型 缓冲区溢出
发布时间 2006-04-28 更新时间 2008-09-04
CVE编号 CVE-2006-2025 CNNVD-ID CNNVD-200604-445
漏洞平台 Linux CVSS评分 6.5
|漏洞来源
https://www.exploit-db.com/exploits/27764
https://www.securityfocus.com/bid/17732
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200604-445
|漏洞详情
SiliconGraphicsLibTIFF是美国SiliconGraphics公司的一个读写TIFF(标签图像文件格式)文件的库。该库包含一些处理TIFF文件的命令行工具。LibTiff的tif_dirread.c文件的TIFFFetchData函数中存在整数溢出漏洞,允许攻击者通过特制的TIFF图形导致拒绝服务或执行任意代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/17732/info

Applications using the LibTIFF library are prone to an integer-overflow vulnerability.

An attacker could exploit this vulnerability to execute arbitrary code in the context of the vulnerable application that uses the affected library. Failed exploit attempts will likely cause denial-of-service conditions.

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/27764.tiff.11
|受影响的产品
Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu
|参考资料

来源:bugzilla.redhat.com
链接:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933
来源:MISC
链接:http://bugzilla.remotesensing.org/show_bug.cgi?id=1102
来源:XF
名称:libtiff-tifffetchdata-overflow(26134)
链接:http://xforce.iss.net/xforce/xfdb/26134
来源:UBUNTU
名称:USN-277-1
链接:http://www.ubuntulinux.org/support/documentation/usn/usn-277-1
来源:TRUSTIX
名称:2006-0024
链接:http://www.trustix.org/errata/2006/0024
来源:BID
名称:17732
链接:http://www.securityfocus.com/bid/17732
来源:REDHAT
名称:RHSA-2006:0425
链接:http://www.redhat.com/support/errata/RHSA-2006-0425.html
来源:SUSE
名称:SUSE-SR:2006:009
链接:http://www.novell.com/linux/security/advisories/2006_04_28.html
来源:MANDRIVA
名称:MDKSA-2006:082
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2006:082
来源:GENTOO
名称:GLSA-200605-17
链接:http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml
来源:VUPEN
名称:ADV-2006-1563
链接:http://www.frsirt.com/english/advisories/2006/1563
来源:DEBIAN
名称:DSA-1054
链接:http://www.debian.org/security/2006/dsa-1054
来源:support.avaya.com
链接: