Libtiff version 4.0.3 suffers from an integer overflow vulnerability that results in an out-of-bounds memory read.
9fe0f92666d1dda0f8fc69edc3f1572b6a7eddcaf75f93240712c87c6704def8
----------
Background
----------
Libtiff provides support for the Tag Image File Format (TIFF), a widely
used format for storing image data.
----------------
Software Version
----------------
All tests were performed using libtiff 4.0.3
-----------
Description
-----------
Fuzzing bmp2tiff, using the afl-fuzzer, revealed an integer overflow
issue related to the dimensions of the input BMP image. The issue
resulted in an out-of-bounds memory read which causes the application to
crash. Details can be found at
http://bugzilla.maptools.org/show_bug.cgi?id=2494.
--------
Timeline
--------
2014-12-09 Discovery reported to libtiff bug tracker
2014-12-21 Issue was fixed
2014-12-22 Public Disclosure
-------
Credits
-------
Reported by Paris Zoumpouloglou of Project Zero labs
--
Project Zero Labs
@projectzerolabs
https://www.projectzero.gr