Headline
CVE-2023-26965: tiffcrop: Do not reuse input buffer for subsequent images. Fix issue 527 (!472) · Merge requests · libtiff / libtiff · GitLab
loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.
Skip to content
GitLab
- GitLab: the DevOps platform
- Explore GitLab
- Install GitLab
- How GitLab compares
- Get started
- GitLab docs
- GitLab Learn
Pricing
Talk to an expert
/
Help
Help
Support
Community forum
Submit feedback
Contribute to GitLab
Switch to GitLab Next
Projects Groups Topics Snippets
Register
Sign in
libtiff
libtiff
Merge requests
!472
tiffcrop: Do not reuse input buffer for subsequent images. Fix issue 527
- Review changes
Download
Patches
Plain diff
Merged Su Laus requested to merge Su_Laus/libtiff:tiffcrop_dont_reuse_input_buffer_fix_527 into master Feb 14, 2023
- Overview 1
- Commits 1
- Pipelines 1
- Changes 1
tiffcrop: Do not reuse input buffer for subsequent images. Fix issue 527
Reuse of read_buff within loadImage() from previous image is quite unsafe, because other functions (like rotateImage() etc.) reallocate that buffer with different size without updating the local prev_readsize value.
Closes #527 (closed)
Related news
Ubuntu Security Notice 6290-1 - It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed image files with the tiffcrop utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that LibTIFF incorrectly handled certain image files. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04.
Ubuntu Security Notice 6229-1 - It was discovered that LibTIFF was not properly handling variables used to perform memory management operations when processing an image through tiffcrop, which could lead to a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that LibTIFF was not properly processing numerical values when dealing with little-endian input data, which could lead to the execution of an invalid operation. An attacker could possibly use this issue to cause a denial of service