header-logo
Suggest Exploit
vendor:
libtiff
by:
nitr0us
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: libtiff
Affected Version From: 3.8.2002
Affected Version To: 3.8.2002
Patch Exists: Yes
Related CWE: N/A
CPE: a:libtiff:libtiff
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

tiffsplit (libtiff <= 3.8.2) local stack buffer overflow PoC

tiffsplit from libtiff is vulnerable to a bss-based and stack-based overflow. A proof of concept code is available for the stack-based buffer overflow. The .bss section is in higher addresses than .dtors section, so, it is not possible to hijack .dtors.

Mitigation:

Update to the latest version of libtiff.
Source

Exploit-DB raw data:

# tiffsplit (libtiff <= 3.8.2) local stack buffer overflow PoC

tiffsplit from libtiff (http://www.remotesensing.org/libtiff/)
is vulnerable to a bss-based and stack-based overflow, but, I just
wrote the concept c0de for stack-based b0f 'cause I don't know how
to take advantage of the overwritten bss data (after the overflow,
that data is overwritten again correctly by a program' function).

.bss section is in higher addresses than .dtors section, so, we
can't hijack .dtors to....

PoC: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/1831.tar.gz (05262006-tiffspl33t.tar.gz)

nitr0us <nitrousenador[at]gmail[dot]com>

# milw0rm.com [2006-05-26]

Navigation

Suggest Exploit

Services By CQR