Skip to content

[security] A crafted TIFF files will cause the program to enter an infinite loop

Summary

When running a maliciously crafted TIFF file, tiffinfo enters an infinite loop, the log and POC are as follows:poc.tar.gz

Version

LIBTIFF, Version 4.4.0

Steps to reproduce

$ cmake ../ -DCMAKE_C_COMPILER=clang  -DCMAKE_CXX_COMPILER=clang++ -DCMAKE_C_FLAGS="-fsanitize=memory -U_FORTIFY_SOURCE" -DCMAKE_CXX_FLAGS="-fsanitize=memory -U_FORTIFY_SOURCE"
$ ./tools/tiffinfo id:000000,src:002969,time:22503442,execs:28750636,op:havoc,rep:4

Platform

Linux firmy-pc 5.15.0-46-generic #49~20.04.2-Ubuntu SMP Fri Aug 12 08:03:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
clang version 10.0.0-4ubuntu1