A possible heap-based buffer overflow flaw was found in the readgifimage() function in gif2tiff, a tool to convert GIF images to TIFF. A remote attacker could provide a specially-crafted GIF file that, when processed by gif2tiff, would cause gif2tiff to crash or, potentially, execute arbitrary code with the privileges of the user running gif2tiff.
Created attachment 786400 [details] Proposed patch
Created libtiff tracking bugs for this issue: Affects: fedora-all [bug 996832]
Created mingw-libtiff tracking bugs for this issue: Affects: fedora-all [bug 996833]
Acknowledgements: This issue was discovered by Murray McAllister of the Red Hat Security Response Team.
Comment on attachment 786400 [details] Proposed patch Please note: this patch is incomplete.
Upstream bug: http://bugzilla.maptools.org/show_bug.cgi?id=2451
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2014:0222 https://rhn.redhat.com/errata/RHSA-2014-0222.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2014:0223 https://rhn.redhat.com/errata/RHSA-2014-0223.html
Statement: (none)