Headline
CVE-2023-2731: LZWDecode(): avoid crash when trying to read again from a strip whith… · libsdl-org/libtiff@9be22b6
A NULL pointer dereference flaw was found in Libtiff’s LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.
Expand Up
@@ -423,6 +423,10 @@ static int LZWDecode(TIFF *tif, uint8_t *op0, tmsize_t occ0, uint16_t s)
if (sp->read_error)
{
TIFFErrorExtR(tif, module,
“LZWDecode: Scanline %” PRIu32 " cannot be read due to "
"previous error",
tif->tif_row);
return 0;
}
Expand Down Expand Up
@@ -742,6 +746,7 @@ static int LZWDecode(TIFF *tif, uint8_t *op0, tmsize_t occ0, uint16_t s)
return (1);
no_eoi:
sp->read_error = 1;
TIFFErrorExtR(tif, module,
“LZWDecode: Strip %” PRIu32 " not terminated with EOI code",
tif->tif_curstrip);
Expand Down
Related news
Ubuntu Security Notice 6290-1 - It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed image files with the tiffcrop utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that LibTIFF incorrectly handled certain image files. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04.