{"vuid":"VU#125598","idnumber":"125598","name":"LibTIFF vulnerable to integer overflow via corrupted directory entry count","keywords":["LibTIFF","integer overflow","heap overflow","directory headers","TIFF","apple_security_update_2005_005"],"overview":"An integer overflow in LibTIFF may allow a remote attacker to execute arbitrary code.","clean_desc":"LibTIFF is a library used to encode and decode images in Tag Image File Format (TIFF). A lack of validation on user supplied input may allow buffer overflow to occur. TIFF files contain directory entry header fields to describe the data in the file. If a remote attacker creates a TIFF file with specially crafted directory headers and persuades a user to access that file, an integer overflow will occur that may eventually lead to a heap-based buffer overflow.","impact":"If a remote attacker can persuade a user to access a specially crafted TIFF image, that attacker may be able to execute arbitrary code with the privileges of that user.","resolution":"Upgrade or Patch This issue has been corrected in LibTIFF version 3.7.1. Obtain a patch or upgraded software from your vendor. Recompile statically linked applications.","workarounds":"Do Not Accept TIFF Files from Unknown or Untrusted Sources Exploitation occurs by accessing a specially crafted TIFF file (typically .tiff or .tif extension). By only accessing TIFF files from trusted or known sources, the chances of exploitation are reduced.","sysaffected":"","thanks":"This vulnerability was reported by iDefense.","author":"This document was written by Jeff Gennari.","public":["http://www.idefense.com/application/poi/display?id=174&type=vulnerabilities","http://secunia.com/advisories/13607/"],"cveids":["CVE-2004-1308"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-12-22T15:12:05Z","publicdate":"2004-12-21T00:00:00Z","datefirstpublished":"2005-01-11T16:06:08Z","dateupdated":"2005-05-12T19:34:11Z","revision":71,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"15","cam_impact":"17","cam_easeofexploitation":"9","cam_attackeraccessrequired":"10","cam_scorecurrent":"7.745625","cam_scorecurrentwidelyknown":"9.8971875","cam_scorecurrentwidelyknownexploited":"18.5034375","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":7.745625,"vulnote":null}