ID CVE-2009-2347
Summary Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.
References
Vulnerable Configurations
  • LibTIFF 3.8.0
    cpe:2.3:a:libtiff:libtiff:3.8.0
  • LibTIFF 3.8.1
    cpe:2.3:a:libtiff:libtiff:3.8.1
  • LibTIFF 3.8.2
    cpe:2.3:a:libtiff:libtiff:3.8.2
  • LibTIFF 3.9
    cpe:2.3:a:libtiff:libtiff:3.9
  • libTIFF 4.0
    cpe:2.3:a:libtiff:libtiff:4.0
CVSS
Base: 9.3 (as of 15-07-2009 - 08:54)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119900.NASL
    description GNOME 2.6.0: GNOME libtiff - library for reading and writing TIFF. Date this patch was last updated by Sun : Sep/15/16 This plugin has been deprecated and either replaced with individual 119900 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 22959
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22959
    title Solaris 10 (sparc) : 119900-18 (deprecated)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_8816BF3A792911DFBCCE0018F3E2EB82.NASL
    description Tielei Wang : Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 47033
    published 2010-06-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47033
    title FreeBSD : tiff -- Multiple integer overflows (8816bf3a-7929-11df-bcce-0018f3e2eb82)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBTIFF-DEVEL-6406.NASL
    description This update of the tiff package fixes various integer overflows in the tools. (CVE-2009-2347)
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 42018
    published 2009-10-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42018
    title openSUSE 10 Security Update : libtiff-devel (libtiff-devel-6406)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-801-1.NASL
    description Tielei Wang and Tom Lane discovered that the TIFF library did not correctly handle certain malformed TIFF images. If a user or automated system were tricked into processing a malicious image, an attacker could execute arbitrary code with the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 39788
    published 2009-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39788
    title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : tiff vulnerability (USN-801-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1159.NASL
    description Updated libtiff packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Several integer overflow flaws, leading to heap-based buffer overflows, were found in various libtiff color space conversion tools. An attacker could create a specially crafted TIFF file, which once opened by an unsuspecting user, would cause the conversion tool to crash or, potentially, execute arbitrary code with the privileges of the user running the tool. (CVE-2009-2347) A buffer underwrite flaw was found in libtiff's Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a specially crafted LZW-encoded TIFF file, which once opened by an unsuspecting user, would cause an application linked with libtiff to access an out-of-bounds memory location, leading to a denial of service (application crash). (CVE-2009-2285) The CVE-2009-2347 flaws were discovered by Tielei Wang from ICST-ERCIS, Peking University. All libtiff users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, all applications linked with the libtiff library (such as Konqueror) must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 39850
    published 2009-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39850
    title RHEL 3 / 4 / 5 : libtiff (RHSA-2009:1159)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2011-043.NASL
    description A buffer overflow was discovered in libtiff which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with CCITT Group 4 encoding (CVE-2011-0192). Additionally it was discovered that the fixes for CVE-2009-2347 and CVE-2010-2065 were incomplete for Mandriva Linux 2010.0 and 2010.2 and being resolved as well. Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149 products_id=490 The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 52592
    published 2011-03-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52592
    title Mandriva Linux Security Advisory : libtiff (MDVSA-2011:043)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2009-0027.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix buffer overrun risks caused by unchecked integer overflow (CVE-2009-2347) Resolves: #507725 - Fix some more LZW decoding vulnerabilities (CVE-2009-2285) Resolves: #507725 - Update upstream URL - Use -fno-strict-aliasing per rpmdiff recommendation - Fix LZW decoding vulnerabilities (CVE-2008-2327) Resolves: #458812 - Remove sgi2tiff.1 and tiffsv.1, since they are for programs we don't ship Resolves: #460120
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 79467
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79467
    title OracleVM 2.1 : libtiff (OVMSA-2009-0027)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119901.NASL
    description GNOME 2.6.0_x86: GNOME libtiff - library for reading and writing T. Date this patch was last updated by Sun : Sep/15/16 This plugin has been deprecated and either replaced with individual 119901 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 22992
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22992
    title Solaris 10 (x86) : 119901-17 (deprecated)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBTIFF-DEVEL-090807.NASL
    description This update of the tiff package fixes various integer overflows in the tools. (CVE-2009-2347)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 41430
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41430
    title SuSE 11 Security Update : libtiff (SAT Patch Number 1172)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_LIBTIFF-DEVEL-090807.NASL
    description This update of the tiff package fixes various integer overflows in the tools. (CVE-2009-2347)
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 40646
    published 2009-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40646
    title openSUSE Security Update : libtiff-devel (libtiff-devel-1176)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-7775.NASL
    description CVE-2009-2347 libtiff: integer overflows in various inter-color spaces conversion tools (crash, ACE) Not the same as last week's libtiff security issue ... Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-11
    plugin id 39864
    published 2009-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39864
    title Fedora 11 : libtiff-3.8.2-14.fc11 (2009-7775)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-7724.NASL
    description CVE-2009-2347 libtiff: integer overflows in various inter-color spaces conversion tools (crash, ACE) Not the same as last week's libtiff security issue ... Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-11
    plugin id 39858
    published 2009-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39858
    title Fedora 10 : libtiff-3.8.2-14.fc10 (2009-7724)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_LIBTIFF-DEVEL-090807.NASL
    description This update of the tiff package fixes various integer overflows in the tools. (CVE-2009-2347)
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 40653
    published 2009-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40653
    title openSUSE Security Update : libtiff-devel (libtiff-devel-1176)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201209-02.NASL
    description The remote host is affected by the vulnerability described in GLSA-201209-02 (libTIFF: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libTIFF. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted TIFF file with an application making use of libTIFF, possibly resulting in execution of arbitrary code with the privileges of the user running the application or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 62235
    published 2012-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62235
    title GLSA-201209-02 : libTIFF: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12470.NASL
    description This update of the tiff package fixes various integer overflows in the tools. (CVE-2009-2347)
    last seen 2019-02-21
    modified 2012-04-23
    plugin id 41320
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41320
    title SuSE9 Security Update : libtiff (YOU Patch Number 12470)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBTIFF-6407.NASL
    description This update of the tiff package fixes various integer overflows in the tools. (CVE-2009-2347)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 41553
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41553
    title SuSE 10 Security Update : libtiff (ZYPP Patch Number 6407)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200908-03.NASL
    description The remote host is affected by the vulnerability described in GLSA-200908-03 (libTIFF: User-assisted execution of arbitrary code) Two vulnerabilities have been reported in libTIFF: wololo reported a buffer underflow in the LZWDecodeCompat() function (CVE-2009-2285). Tielei Wang of ICST-ERCIS, Peking University reported two integer overflows leading to heap-based buffer overflows in the tiff2rgba and rgb2ycbcr tools (CVE-2009-2347). Impact : A remote attacker could entice a user to open a specially crafted TIFF file with an application making use of libTIFF or the tiff2rgba and rgb2ycbcr tools, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 40519
    published 2009-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40519
    title GLSA-200908-03 : libTIFF: User-assisted execution of arbitrary code
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-169.NASL
    description Multiple vulnerabilities has been found and corrected in libtiff : Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327 (CVE-2009-2285). Fix several places in tiff2rgba and rgb2ycbcr that were being careless about possible integer overflow in calculation of buffer sizes (CVE-2009-2347). This update provides fixes for these vulnerabilities. Update : Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 42991
    published 2009-12-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42991
    title Mandriva Linux Security Advisory : libtiff (MDVSA-2009:169-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1835.NASL
    description Several vulnerabilities have been discovered in the library for the Tag Image File Format (TIFF). The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2285 It was discovered that malformed TIFF images can lead to a crash in the decompression code, resulting in denial of service. - CVE-2009-2347 Andrea Barisani discovered several integer overflows, which can lead to the execution of arbitrary code if malformed images are passed to the rgb2ycbcr or tiff2rgba tools.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44700
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44700
    title Debian DSA-1835-1 : tiff - several vulnerabilities
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119901-16.NASL
    description GNOME 2.6.0_x86: GNOME libtiff - library for reading and writing T. Date this patch was last updated by Sun : Jun/14/14
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 107852
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107852
    title Solaris 10 (x86) : 119901-16
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119900-18.NASL
    description GNOME 2.6.0: GNOME libtiff - library for reading and writing TIFF. Date this patch was last updated by Sun : Sep/15/16
    last seen 2019-01-19
    modified 2019-01-18
    plugin id 107350
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107350
    title Solaris 10 (sparc) : 119900-18
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119900-17.NASL
    description GNOME 2.6.0: GNOME libtiff - library for reading and writing TIFF. Date this patch was last updated by Sun : Jun/14/14
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107349
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107349
    title Solaris 10 (sparc) : 119900-17
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-1159.NASL
    description Updated libtiff packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Several integer overflow flaws, leading to heap-based buffer overflows, were found in various libtiff color space conversion tools. An attacker could create a specially crafted TIFF file, which once opened by an unsuspecting user, would cause the conversion tool to crash or, potentially, execute arbitrary code with the privileges of the user running the tool. (CVE-2009-2347) A buffer underwrite flaw was found in libtiff's Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a specially crafted LZW-encoded TIFF file, which once opened by an unsuspecting user, would cause an application linked with libtiff to access an out-of-bounds memory location, leading to a denial of service (application crash). (CVE-2009-2285) The CVE-2009-2347 flaws were discovered by Tielei Wang from ICST-ERCIS, Peking University. All libtiff users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, all applications linked with the libtiff library (such as Konqueror) must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 40344
    published 2009-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40344
    title CentOS 3 / 5 : libtiff (CESA-2009:1159)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20090728_LIBTIFF_FOR_SL3_0_X.NASL
    description CVE-2009-2285 libtiff: LZWDecodeCompat underflow CVE-2009-2347 libtiff: integer overflows in various inter-color spaces conversion tools (crash, ACE) Several integer overflow flaws, leading to heap-based buffer overflows, were found in various libtiff color space conversion tools. An attacker could create a specially crafted TIFF file, which once opened by an unsuspecting user, would cause the conversion tool to crash or, potentially, execute arbitrary code with the privileges of the user running the tool. (CVE-2009-2347) A buffer underwrite flaw was found in libtiff's Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a specially crafted LZW-encoded TIFF file, which once opened by an unsuspecting user, would cause an application linked with libtiff to access an out-of-bounds memory location, leading to a denial of service (application crash). (CVE-2009-2285) The CVE-2009-2347 flaws were discovered by Tielei Wang from ICST-ERCIS, Peking University.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60623
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60623
    title Scientific Linux Security Update : libtiff for SL3.0.x, SL 4.x, SL 5.x on i386/x86_64
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119900-16.NASL
    description GNOME 2.6.0: GNOME libtiff - library for reading and writing TIFF. Date this patch was last updated by Sun : Nov/10/12
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107348
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107348
    title Solaris 10 (sparc) : 119900-16
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-150.NASL
    description Multiple vulnerabilities has been found and corrected in libtiff : Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327 (CVE-2009-2285). Fix several places in tiff2rgba and rgb2ycbcr that were being careless about possible integer overflow in calculation of buffer sizes (CVE-2009-2347). This update provides fixes for these vulnerabilities.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 39849
    published 2009-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39849
    title Mandriva Linux Security Advisory : libtiff (MDVSA-2009:150)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119901-17.NASL
    description GNOME 2.6.0_x86: GNOME libtiff - library for reading and writing T. Date this patch was last updated by Sun : Sep/15/16
    last seen 2019-01-19
    modified 2019-01-18
    plugin id 107853
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107853
    title Solaris 10 (x86) : 119901-17
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-1159.NASL
    description From Red Hat Security Advisory 2009:1159 : Updated libtiff packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Several integer overflow flaws, leading to heap-based buffer overflows, were found in various libtiff color space conversion tools. An attacker could create a specially crafted TIFF file, which once opened by an unsuspecting user, would cause the conversion tool to crash or, potentially, execute arbitrary code with the privileges of the user running the tool. (CVE-2009-2347) A buffer underwrite flaw was found in libtiff's Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a specially crafted LZW-encoded TIFF file, which once opened by an unsuspecting user, would cause an application linked with libtiff to access an out-of-bounds memory location, leading to a denial of service (application crash). (CVE-2009-2285) The CVE-2009-2347 flaws were discovered by Tielei Wang from ICST-ERCIS, Peking University. All libtiff users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, all applications linked with the libtiff library (such as Konqueror) must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67892
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67892
    title Oracle Linux 3 / 4 / 5 : libtiff (ELSA-2009-1159)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119901-15.NASL
    description GNOME 2.6.0_x86: GNOME libtiff - library for reading and writing T. Date this patch was last updated by Sun : Nov/10/12
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 107851
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107851
    title Solaris 10 (x86) : 119901-15
oval via4
accepted 2013-04-29T04:10:29.553-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.
family unix
id oval:org.mitre.oval:def:10988
status accepted
submitted 2010-07-09T03:56:16-04:00
title Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.
version 24
redhat via4
advisories
bugzilla
id 510041
title CVE-2009-2347 libtiff: integer overflows in various inter-color spaces conversion tools (crash, ACE)
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 3 is installed
      oval oval:com.redhat.rhsa:tst:20060015001
    • OR
      • AND
        • comment libtiff is earlier than 0:3.5.7-33.el3
          oval oval:com.redhat.rhsa:tst:20091159002
        • comment libtiff is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20080848003
      • AND
        • comment libtiff-devel is earlier than 0:3.5.7-33.el3
          oval oval:com.redhat.rhsa:tst:20091159004
        • comment libtiff-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20080848005
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhsa:tst:20060016001
    • OR
      • AND
        • comment libtiff is earlier than 0:3.6.1-12.el4_8.4
          oval oval:com.redhat.rhsa:tst:20091159007
        • comment libtiff is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20080848003
      • AND
        • comment libtiff-devel is earlier than 0:3.6.1-12.el4_8.4
          oval oval:com.redhat.rhsa:tst:20091159008
        • comment libtiff-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20080848005
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment libtiff is earlier than 0:3.8.2-7.el5_3.4
          oval oval:com.redhat.rhsa:tst:20091159010
        • comment libtiff is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080847003
      • AND
        • comment libtiff-devel is earlier than 0:3.8.2-7.el5_3.4
          oval oval:com.redhat.rhsa:tst:20091159012
        • comment libtiff-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080847005
rhsa
id RHSA-2009:1159
released 2009-07-16
severity Moderate
title RHSA-2009:1159: libtiff security update (Moderate)
rpms
  • libtiff-0:3.5.7-33.el3
  • libtiff-devel-0:3.5.7-33.el3
  • libtiff-0:3.6.1-12.el4_8.4
  • libtiff-devel-0:3.6.1-12.el4_8.4
  • libtiff-0:3.8.2-7.el5_3.4
  • libtiff-devel-0:3.8.2-7.el5_3.4
refmap via4
bid 35652
bugtraq 20090713 [oCERT-2009-012] libtiff tools integer overflows
confirm
debian DSA-1835
fedora
  • FEDORA-2009-7724
  • FEDORA-2009-7775
gentoo
  • GLSA-200908-03
  • GLSA-201209-02
mandriva
  • MDVSA-2009:150
  • MDVSA-2011:043
misc http://www.ocert.org/advisories/ocert-2009-012.html
osvdb
  • 55821
  • 55822
sectrack 1022539
secunia
  • 35811
  • 35817
  • 35866
  • 35883
  • 35911
  • 36194
  • 50726
ubuntu USN-801-1
vupen
  • ADV-2009-1870
  • ADV-2011-0621
xf libtiff-rgb2ycbcr-tiff2rgba-bo(51688)
Last major update 14-05-2013 - 22:57
Published 14-07-2009 - 16:30
Last modified 10-10-2018 - 15:39
Back to Top