ID CVE-2008-1586
Summary ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allow remote attackers to cause a denial of service (memory consumption and device reset) via a crafted TIFF image.
References
Vulnerable Configurations
  • Apple iPod Touch
    cpe:2.3:h:apple:ipod_touch
  • cpe:2.3:h:apple:iphone
  • Apple iPhone OS 2.1
    cpe:2.3:o:apple:iphone_os:2.1
  • Apple iPhone OS 2.0.2
    cpe:2.3:o:apple:iphone_os:2.0.2
  • Apple iPhone OS 2.0.1
    cpe:2.3:o:apple:iphone_os:2.0.1
  • Apple iPhone OS 2.0
    cpe:2.3:o:apple:iphone_os:2.0
  • Apple iPhone OS 1.1.5
    cpe:2.3:o:apple:iphone_os:1.1.5
  • Apple iPhone OS 1.1.4
    cpe:2.3:o:apple:iphone_os:1.1.4
  • Apple iPhone OS 1.1.3
    cpe:2.3:o:apple:iphone_os:1.1.3
  • Apple iPhone OS 1.1.2
    cpe:2.3:o:apple:iphone_os:1.1.2
  • Apple iPhone OS 1.1.1
    cpe:2.3:o:apple:iphone_os:1.1.1
  • cpe:2.3:o:apple:iphone_os:1.1
    cpe:2.3:o:apple:iphone_os:1.1
  • Apple iPhone OS 1.0.2
    cpe:2.3:o:apple:iphone_os:1.0.2
  • Apple iPhone OS 1.0.1
    cpe:2.3:o:apple:iphone_os:1.0.1
  • cpe:2.3:o:apple:iphone_os:1.0
    cpe:2.3:o:apple:iphone_os:1.0
CVSS
Base: 7.1 (as of 26-11-2008 - 08:46)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_LIBTIFF-DEVEL-090205.NASL
    description specially crafted tiff images could lead to allocating large amounts of memory therefore crashing applications that process such files (CVE-2008-1586).
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 40049
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40049
    title openSUSE Security Update : libtiff-devel (libtiff-devel-507)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBTIFF-DEVEL-5988.NASL
    description specially crafted tiff images could lead to allocating large amounts of memory therefore crashing applications that process such files (CVE-2008-1586).
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 35678
    published 2009-02-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35678
    title openSUSE 10 Security Update : libtiff-devel (libtiff-devel-5988)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_LIBTIFF-DEVEL-090205.NASL
    description specially crafted tiff images could lead to allocating large amounts of memory therefore crashing applications that process such files (CVE-2008-1586).
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 40270
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40270
    title openSUSE Security Update : libtiff-devel (libtiff-devel-507)
refmap via4
apple APPLE-SA-2008-11-20
bid 32394
confirm http://support.apple.com/kb/HT3318
osvdb 50023
sectrack 1021270
secunia 32756
suse SUSE-SR:2009:004
vupen ADV-2008-3232
statements via4
contributor Joshua Bressers
lastmodified 2009-01-19
organization Red Hat
statement Red Hat does not consider this libTIFF bug to be a security issue.
Last major update 07-03-2011 - 22:07
Published 25-11-2008 - 18:30
Back to Top