Fuzzing.in Logo FUZZING.IN
Back to Blog
Uncategorized

CVE-2013-4232 analyis

Author Hardik Shah
April 05, 2014
3 min read
After long time i did some quick analysis. here are the details for CVE-2013-4232:   if you look at the patch here: https://github.com/willysr/SlackHacks/blob/master/SlackBuilds/libtiff/tiff-4.0.3-CVE-2013-4232.patch   there is only 1 line of code added:
_TIFFfree(buffer);
+ return(0);
} else {
  buffer=samplebuffer;
you see the return statement above? well thats it, its a user after free vulnerability. here is the full code:
if(samplebuffer==NULL){
TIFFError(TIFF2PDF_MODULE,
"Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s",
(unsigned long) t2p->tiff_datasize,
TIFFFileName(input));
t2p->t2p_error = T2P_ERR_ERROR;
_TIFFfree(buffer);
return(0); - this is the fix
} else {
buffer=samplebuffer;
t2p->tiff_datasize *= t2p->tiff_samplesperpixel;
}
t2p_sample_realize_palette(t2p, buffer); -> if function does not return then code will use buffer var, which was already freed causing vulnerability.
}
that's it.
Tags: cve-2013-4232
Previous Sulley_l2 how to install on backtrack5
Next HeartBleed Vulnerability, CVE-2014-0160 Analysis

Related Posts