ID CVE-2012-1173
Summary Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow.
References
Vulnerable Configurations
  • LibTIFF 3.9.4
    cpe:2.3:a:libtiff:libtiff:3.9.4
CVSS
Base: 6.8 (as of 05-06-2012 - 14:37)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_7_5.NASL
    description The remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.5. The newer version contains multiple security-related fixes for the following components : - Apache - BIND - CoreText - Data Security - ImageIO - Installer - International Components for Unicode - Kernel - Mail - PHP - Profile Manager - QuickLook - QuickTime - Ruby - USB
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 62214
    published 2012-09-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62214
    title Mac OS X 10.7.x < 10.7.5 Multiple Vulnerabilities (BEAST)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2012-004.NASL
    description The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2012-004 applied. This update contains multiple security-related fixes for the following components : - Apache - Data Security - DirectoryService - ImageIO - International Components for Unicode - Mail - PHP - QuickLook - QuickTime - Ruby
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 62213
    published 2012-09-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62213
    title Mac OS X Multiple Vulnerabilities (Security Update 2012-004) (BEAST)
  • NASL family Gain a shell remotely
    NASL id APPLETV_5_1.NASL
    description According to its banner, the remote Apple TV 2nd generation or later device has a version of iOS that is prior to 5.1. It is, therefore, reportedly affected by several vulnerabilities : - An uninitialized memory access issue in the handling of Sorenson encoded movie files could lead to arbitrary code execution. (CVE-2012-3722) - Following the DNAv4 protocol, the device may broadcast MAC addresses of previously accessed networks when connecting to a Wi-Fi network. (CVE-2012-3725) - A buffer overflow in libtiff's handling of ThunderScan encoded TIFF images could lead to arbitrary code execution. (CVE-2011-1167) - Multiple memory corruption issues in libpng's handling of PNG images could lead to arbitrary code execution. (CVE-2011-3026 / CVE-2011-3048 / CVE-2011-3328) - A double free issue in ImageIO's handling of JPEG images could lead to arbitrary code execution. (CVE-2012-3726) - An integer overflow issue in libTIFF's handling of TIFF images could lead to arbitrary code execution. (CVE-2012-1173) - A stack-based buffer overflow in the handling of ICU locale IDs could lead to arbitrary code execution. (CVE-2011-4599) - Multiple vulnerabilities in libxml could have a variety of impacts, including arbitrary code execution. (CVE-2011-1944 / CVE-2011-2821 / CVE-2011-2834 / CVE-2011-3919) - Multiple memory corruption issues in JavaScriptCore could lead to arbitrary code execution. (CVE-2012-0682 / CVE-2012-0683 / CVE-2012-3589 / CVE-2012-3590 / CVE-2012-3591 / CVE-2012-3592 / CVE-2012-3678 / CVE-2012-3679)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 62357
    published 2012-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62357
    title Apple TV < 5.1 Multiple Vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1416-1.NASL
    description Alexander Gavrun discovered that the TIFF library incorrectly allocated space for a tile. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. (CVE-2012-1173) It was discovered that the tiffdump utility incorrectly handled directory data structures with many directory entries. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue only applied to Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2010-4665). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 58600
    published 2012-04-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58600
    title Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : tiff vulnerabilities (USN-1416-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201209-02.NASL
    description The remote host is affected by the vulnerability described in GLSA-201209-02 (libTIFF: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libTIFF. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted TIFF file with an application making use of libTIFF, possibly resulting in execution of arbitrary code with the privileges of the user running the application or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 62235
    published 2012-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62235
    title GLSA-201209-02 : libTIFF: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBTIFF-DEVEL-120405.NASL
    description This update of tiff fixes an issue where specially crafted tiff files could have triggered an integer overflow which would have lead to a heap-based buffer overflow. (CVE-2012-1173)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 58775
    published 2012-04-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58775
    title SuSE 11.1 Security Update : libtiff (SAT Patch Number 6106)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-5463.NASL
    description Add fix for CVE-2012-1173 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-09
    plugin id 58713
    published 2012-04-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58713
    title Fedora 17 : libtiff-3.9.5-3.fc17 (2012-5463)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120410_LIBTIFF_ON_SL5_X.NASL
    description The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Two integer overflow flaws, leading to heap-based buffer overflows, were found in the way libtiff attempted to allocate space for a tile in a TIFF image file. An attacker could use these flaws to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-1173) All libtiff users should upgrade to these updated packages, which contain a backported patch to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61296
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61296
    title Scientific Linux Security Update : libtiff on SL5.x, SL6.x i386/x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-0468.NASL
    description Updated libtiff packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Two integer overflow flaws, leading to heap-based buffer overflows, were found in the way libtiff attempted to allocate space for a tile in a TIFF image file. An attacker could use these flaws to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-1173) All libtiff users should upgrade to these updated packages, which contain a backported patch to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 58666
    published 2012-04-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58666
    title CentOS 5 / 6 : libtiff (CESA-2012:0468)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2012-054.NASL
    description A vulnerability has been found and corrected in libtiff : An integer overflow was discovered in the libtiff/tiff_getimage.c file in the tiff library which could cause execution of arbitrary code using a specially crafted TIFF image file (CVE-2012-1173). The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 58599
    published 2012-04-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58599
    title Mandriva Linux Security Advisory : libtiff (MDVSA-2012:054)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_LIBTIFF_20120710.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow. (CVE-2012-1173)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80679
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80679
    title Oracle Solaris Third-Party Patch Update : libtiff (cve_2012_1173_numeric_errors)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-5406.NASL
    description Add fix for CVE-2012-1173 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-09
    plugin id 58785
    published 2012-04-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58785
    title Fedora 15 : libtiff-3.9.5-3.fc15 (2012-5406)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-234.NASL
    description specially crafted tiff files could cause a heap overflow in libtiff
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 74603
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74603
    title openSUSE Security Update : tiff (openSUSE-SU-2012:0539-1)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL15863.NASL
    description CVE-2012-1173
    last seen 2019-01-05
    modified 2019-01-04
    plugin id 80447
    published 2015-01-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80447
    title F5 Networks BIG-IP : Libtiff vulnerabilities (SOL15863)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-5410.NASL
    description Add fix for CVE-2012-1173 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-09
    plugin id 58818
    published 2012-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58818
    title Fedora 16 : libtiff-3.9.5-3.fc16 (2012-5410)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2012-65.NASL
    description Two integer overflow flaws, leading to heap-based buffer overflows, were found in the way libtiff attempted to allocate space for a tile in a TIFF image file. An attacker could use these flaws to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-1173)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 69672
    published 2013-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69672
    title Amazon Linux AMI : libtiff (ALAS-2012-65)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBTIFF-8055.NASL
    description This update of tiff fixes an issue where specially crafted tiff files could trigger an integer overflow which leads to a heap-based buffer overflow. (CVE-2012-1173)
    last seen 2019-02-21
    modified 2012-06-06
    plugin id 58777
    published 2012-04-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58777
    title SuSE 10 Security Update : tiff (ZYPP Patch Number 8055)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2012-098-01.NASL
    description New libtiff packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 59478
    published 2012-06-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59478
    title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 9.0 / 9.1 / current : libtiff (SSA:2012-098-01)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2447.NASL
    description Alexander Gavrun discovered an integer overflow in the TIFF library in the parsing of the TileSize entry, which could result in the execution of arbitrary code if a malformed image is opened.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 58608
    published 2012-04-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58608
    title Debian DSA-2447-1 : tiff - integer overflow
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0468.NASL
    description Updated libtiff packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Two integer overflow flaws, leading to heap-based buffer overflows, were found in the way libtiff attempted to allocate space for a tile in a TIFF image file. An attacker could use these flaws to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-1173) All libtiff users should upgrade to these updated packages, which contain a backported patch to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 58675
    published 2012-04-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58675
    title RHEL 5 / 6 : libtiff (RHSA-2012:0468)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-0468.NASL
    description From Red Hat Security Advisory 2012:0468 : Updated libtiff packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Two integer overflow flaws, leading to heap-based buffer overflows, were found in the way libtiff attempted to allocate space for a tile in a TIFF image file. An attacker could use these flaws to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-1173) All libtiff users should upgrade to these updated packages, which contain a backported patch to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68509
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68509
    title Oracle Linux 5 / 6 : libtiff (ELSA-2012-0468)
redhat via4
advisories
bugzilla
id 803078
title CVE-2012-1173 libtiff: Heap-buffer overflow due to TileSize calculation when parsing tiff files
oval
OR
  • AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment libtiff is earlier than 0:3.9.4-5.el6_2
          oval oval:com.redhat.rhsa:tst:20120468005
        • comment libtiff is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110318011
      • AND
        • comment libtiff-devel is earlier than 0:3.9.4-5.el6_2
          oval oval:com.redhat.rhsa:tst:20120468007
        • comment libtiff-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110318015
      • AND
        • comment libtiff-static is earlier than 0:3.9.4-5.el6_2
          oval oval:com.redhat.rhsa:tst:20120468009
        • comment libtiff-static is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110318013
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment libtiff is earlier than 0:3.8.2-14.el5_8
          oval oval:com.redhat.rhsa:tst:20120468012
        • comment libtiff is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080847003
      • AND
        • comment libtiff-devel is earlier than 0:3.8.2-14.el5_8
          oval oval:com.redhat.rhsa:tst:20120468014
        • comment libtiff-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080847005
rhsa
id RHSA-2012:0468
released 2012-04-10
severity Important
title RHSA-2012:0468: libtiff security update (Important)
rpms
  • libtiff-0:3.9.4-5.el6_2
  • libtiff-devel-0:3.9.4-5.el6_2
  • libtiff-static-0:3.9.4-5.el6_2
  • libtiff-0:3.8.2-14.el5_8
  • libtiff-devel-0:3.8.2-14.el5_8
refmap via4
apple
  • APPLE-SA-2012-09-19-1
  • APPLE-SA-2012-09-19-2
bid 52891
confirm
debian DSA-2447
fedora
  • FEDORA-2012-5406
  • FEDORA-2012-5410
  • FEDORA-2012-5463
gentoo GLSA-201209-02
mandriva MDVSA-2012:054
misc
osvdb 81025
sectrack 1026895
secunia
  • 48684
  • 48722
  • 48735
  • 48757
  • 48893
  • 50726
suse openSUSE-SU-2012:0539
ubuntu USN-1416-1
xf libtiff-gttileseparate-bo(74656)
Last major update 14-05-2013 - 23:24
Published 04-06-2012 - 16:55
Last modified 17-01-2018 - 21:29
Back to Top