An OOB Write was found in the LZW decompressor used in gif2tiff, a tool to convert GIF images to TIFF. A remote attacker could provide a specially-crafted GIF file that, when processed by gif2tiff, would cause gif2tiff to crash or, potentially, execute arbitrary code with the privileges of the user running gif2tiff.
Created attachment 786398 [details] Proposed patch
Created attachment 786399 [details] Proposed patch (unified)
Created libtiff tracking bugs for this issue: Affects: fedora-all [bug 996832]
Created mingw-libtiff tracking bugs for this issue: Affects: fedora-all [bug 996833]
This issue was addressed in libtiff upstream CVS repo, via the following commit: revision 1.14 date: 2013-08-14 13:59:17 +0000; author: fwarmerdam; state: Exp; lines: +5 -1; commitid: zanjJMEQdd22zq1x; fix possible OOB write in gif2tiff.c
libtiff-4.0.3-9.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
libtiff-4.0.3-9.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
Acknowledgements: This issue was discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2014:0223 https://rhn.redhat.com/errata/RHSA-2014-0223.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2014:0222 https://rhn.redhat.com/errata/RHSA-2014-0222.html
Statement: (none)