Note: This is an archival copy of Security Sun Alert 201072 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000794.1.
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 7 Operating System
Solaris 8 Operating System
6217996, 6203734, 6203747, 6203736
Date of Workaround Release
Date of Resolved Release
Multiple security vulnerabilities have been found in libtiff(3), a library for reading and writing Tag Image File Format (TIFF) files. These vulnerabilities may allow a remote unprivileged user to execute arbitrary code with the privileges of a local user if that local user has loaded a TIFF image file (.tiff) supplied by an untrusted user. The remote user may be able to crash the TIFF image viewing program as well. The TIFF image files may be picked up in e-mail or from an untrusted web site.
These issues are described in the following documents:
These issues can occur in the following releases:
In Solaris 8 the libtiff(3) library may be installed in the following directories:
/usr/openwin/lib (OpenWindows) /usr/dt/lib/sdtimage (CDE)
In Solaris 9 the libtiff(3) library may be installed in the following directories:
/usr/sfw/lib(SUNWTiff) /usr/sfw/lib/sparcv9 (SUNWTiffx) /usr/openwin/lib(OpenWindows) /usr/dt/lib/sdtimage (CDE)
In Solaris 10 the libtiff(3) library may be installed in the following directories:
Sun includes libtiff(3) on the Solaris Companion CD for Solaris 8 (http://wwws.sun.com/software/solaris/freeware/index.html) as an unsupported package which installs to "/opt/sfw" and is vulnerable to this issue. Sites using libtiff from the Solaris Companion CD will have to upgrade to a later version.
There are no reliable symptoms that would show the described issues have been exploited.
To work around the described issues, do not load TIFF images from untrusted sources.
These issues are addressed in the following releases:
Note: This issue is not yet resolved in Solaris 9 (with package SUNWTiff or SUNWTiffx)
A final resolution is pending completion.
04-May-2009: No further updates will be made to this document
06-JUL-2005: Updated Contributing Factors and Resolution sections
29-AUG-2005: Updated Contributing Factors and Resolution sections
26-OCT-2005: Updated Impact section
This solution has no attachment