| 제목 | LibTIFF v4.7.0 NULL Pointer Dereference |
|---|
| 설명 | A null pointer dereference vulnerability exists in the fax2ps utility of libtiff through version 4.7.0. When processing a malformed TIFF file, the utility may call memset() on a null output buffer (buf or outbuf) if the TIFFTAG_FAXFILLFUNC mechanism is active, leading to a denial-of-service via application crash.
./tools/fax2ps -p 1 -x 200 -y 200 poc
AddressSanitizer:DEADLYSIGNAL
=================================================================
==3486725==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f6bc44a4dd0 bp 0x7ffe80f7e910 sp 0x7ffe80f7e0c8 T0)
==3486725==The signal is caused by a WRITE memory access.
==3486725==Hint: address points to the zero page.
#0 0x7f6bc44a4dd0 /build/glibc-FcRMwW/glibc-2.31/string/../sysdeps/x86_64/multiarch/memset-vec-unaligned-erms.S:190
#1 0x49a773 in __asan_memset (/src/sspocgen_workspace/tools/fax2ps+0x49a773)
#2 0x53167b in TIFFReadEncodedStrip /src/libtiff/tif_read.c:557:9
#3 0x4cd894 in printTIF /src/tools/fax2ps.c:281:15
#4 0x4cebeb in fax2ps /src/tools/fax2ps.c:326:13
#5 0x4cf352 in main /src/tools/fax2ps.c:409:17
#6 0x7f6bc433d082 in __libc_start_main /build/glibc-FcRMwW/glibc-2.31/csu/../csu/libc-start.c:308:16
#7 0x41e8cd in _start (/src/sspocgen_workspace/tools/fax2ps+0x41e8cd)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /build/glibc-FcRMwW/glibc-2.31/string/../sysdeps/x86_64/multiarch/memset-vec-unaligned-erms.S:190
==3486725==ABORTING |
|---|
| 원천 | ⚠️ https://gitlab.com/libtiff/libtiff/-/issues/649 |
|---|
| 사용자 | arthurx (UID 87796) |
|---|
| 제출 | 2025. 07. 29. AM 06:04 (11 개월 ago) |
|---|
| 모더레이션 | 2025. 07. 30. PM 07:47 (2 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 318355 [LibTIFF 까지 4.7.0 fax2ps tools/tiff2pdf.c t2p_read_tiff_init 서비스 거부] |
|---|
| 포인트들 | 20 |
|---|