AWARE SYSTEMS
TIFF and LibTiff Mail List Archive

Thread

2005.09.28 00:49 "[Tiff] PSP libtiff hack?", by Frank Warmerdam
2005.09.28 02:21 "Re: [Tiff] PSP libtiff hack?", by Joris
2005.09.28 04:04 "Re: [Tiff] PSP libtiff hack?", by
2005.09.28 04:20 "Re: [Tiff] PSP libtiff hack?", by Chris Cox
2005.09.28 13:39 "Re: [Tiff] PSP libtiff hack?", by Dmitry V. Levin
2005.10.15 12:43 "[Tiff] Small bug report, and error handler parameter issue", by Joris
2005.10.20 22:52 "Re: [Tiff] Read EXIF Tag", by Chris Losinger
[...]

2005.09.28 00:49 "[Tiff] PSP libtiff hack?", by Frank Warmerdam

Folks,

According to Slashdot a recent Sony PSP hack was accomplished using a vulnerability in libtiff (who knew libtiff was on the PSP?). I tried the file in question with TIFFOpen() and it seems to have no problem. That is TIFFOpen() properly identifies it as corrupt and gives up. So I think the vulnerability has already been corrected in the current libtiff.

The file is available at:

  http://home.gdal.org/~warmerda/overflow.tif

In case anyone wants to test TIFF applications with it.

BTW, it does crash tiffdump but I'm not too concerned about that.

What would be ideal is if one or more of these hardware makers using libtiff actually provided some funding for a detailed vulnerability analysis. Then they (and we) wouldn't have egg on our faces.

Best regards,
--

---------------------------------------+--------------------------------------
I set the clouds in motion - turn up   | Frank Warmerdam, warmerdam@pobox.com
light and sound - activate the windows | http://pobox.com/~warmerdam
and watch the world go round - Rush    | Geospatial Programmer for Rent