fkie_nvd - fkie_cve-2012-2088

fkie_cve-2012-2088

Vulnerability from fkie_nvd

Published

2012-07-22 17:55

Modified

2025-04-11 00:51

Severity ?

Summary

Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow.

References

URL	Tags
secalert@redhat.com	http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00010.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2012-1054.html
secalert@redhat.com	http://secunia.com/advisories/49686	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/50726
secalert@redhat.com	http://security.gentoo.org/glsa/glsa-201209-02.xml
secalert@redhat.com	http://support.apple.com/kb/HT6162
secalert@redhat.com	http://support.apple.com/kb/HT6163
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2012:101
secalert@redhat.com	http://www.securityfocus.com/bid/54270
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=832864
secalert@redhat.com	https://hermes.opensuse.org/messages/15083566
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00010.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2012-1054.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/49686	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/50726
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-201209-02.xml
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT6162
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT6163
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2012:101
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/54270
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=832864
af854a3a-2127-422b-91ae-364da2661108	https://hermes.opensuse.org/messages/15083566

Impacted products

Vendor	Product	Version
libtiff	libtiff	*
libtiff	libtiff	3.4
libtiff	libtiff	3.4
libtiff	libtiff	3.4
libtiff	libtiff	3.4
libtiff	libtiff	3.4
libtiff	libtiff	3.4
libtiff	libtiff	3.4
libtiff	libtiff	3.4
libtiff	libtiff	3.4
libtiff	libtiff	3.4
libtiff	libtiff	3.4
libtiff	libtiff	3.5.1
libtiff	libtiff	3.5.2
libtiff	libtiff	3.5.3
libtiff	libtiff	3.5.4
libtiff	libtiff	3.5.5
libtiff	libtiff	3.5.6
libtiff	libtiff	3.5.6
libtiff	libtiff	3.5.7
libtiff	libtiff	3.5.7
libtiff	libtiff	3.5.7
libtiff	libtiff	3.5.7
libtiff	libtiff	3.5.7
libtiff	libtiff	3.5.7
libtiff	libtiff	3.6.0
libtiff	libtiff	3.6.0
libtiff	libtiff	3.6.0
libtiff	libtiff	3.6.1
libtiff	libtiff	3.7.0
libtiff	libtiff	3.7.0
libtiff	libtiff	3.7.0
libtiff	libtiff	3.7.0
libtiff	libtiff	3.7.1
libtiff	libtiff	3.7.2
libtiff	libtiff	3.7.3
libtiff	libtiff	3.7.4
libtiff	libtiff	3.8.0
libtiff	libtiff	3.8.1
libtiff	libtiff	3.8.2
libtiff	libtiff	3.9
libtiff	libtiff	3.9.0
libtiff	libtiff	3.9.0
libtiff	libtiff	3.9.1
libtiff	libtiff	3.9.2
libtiff	libtiff	3.9.2-5.2.1
libtiff	libtiff	3.9.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C408BBA4-E24A-4062-AC42-9B86AA493776",
              "versionEndIncluding": "3.9.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCA5EEB8-9D2C-49A9-BB08-CE5017B79D81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.4:beta18:*:*:*:*:*:*",
              "matchCriteriaId": "A0FB4929-8937-458C-88F0-E0484F84F921",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.4:beta24:*:*:*:*:*:*",
              "matchCriteriaId": "10457960-162A-443D-91D0-2857DCEB5B62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.4:beta28:*:*:*:*:*:*",
              "matchCriteriaId": "157D32AA-0783-4316-A8AA-1F4063B31C9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.4:beta29:*:*:*:*:*:*",
              "matchCriteriaId": "1C3379CF-499D-46CA-90DF-11F4CB7F4FC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.4:beta31:*:*:*:*:*:*",
              "matchCriteriaId": "52D44C48-E6DE-4E37-920F-7591771C7A39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.4:beta32:*:*:*:*:*:*",
              "matchCriteriaId": "08C0C0E9-6338-4320-BACF-B10939E53FA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.4:beta34:*:*:*:*:*:*",
              "matchCriteriaId": "C19CD7D3-036D-41E1-9E61-B274D079ACAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.4:beta35:*:*:*:*:*:*",
              "matchCriteriaId": "1A8470B2-2D9F-4507-85CB-2702555F7146",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.4:beta36:*:*:*:*:*:*",
              "matchCriteriaId": "09FF2649-4998-479D-9FC5-9C749BA12E5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.4:beta37:*:*:*:*:*:*",
              "matchCriteriaId": "F304C7D0-7CA3-42D4-AB9F-382AA418E781",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "261FAE51-5207-4136-9FFE-2330A281266C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B32C83B9-F7DA-450A-A687-9A73734CD712",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9485283A-B73E-4567-914A-42A86F5FFCB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "95892168-0FB6-4E3F-9303-2F9B3CF60D2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5021564-5E0A-4DDC-BC68-200B6050043E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "11C50750-FE1D-42BA-9125-7D8E872AA2DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.6:beta:*:*:*:*:*:*",
              "matchCriteriaId": "C92B050F-30C7-421B-8556-9CC1A6D457B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "19AA66E5-FDDD-4243-B945-DFEBDD25F258",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.7:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "38D31C28-1DB2-454F-AF44-9898106FF5E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.7:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "4DCCA926-3993-4CE2-A3CB-B9FE2A1991F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.7:alpha3:*:*:*:*:*:*",
              "matchCriteriaId": "E68FD79C-D26E-4B86-A22C-96FC60438EFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.7:alpha4:*:*:*:*:*:*",
              "matchCriteriaId": "1EC9867E-0FC3-4D93-8166-DA17ED88D199",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.7:beta:*:*:*:*:*:*",
              "matchCriteriaId": "1397747F-8A50-47B3-8164-221650080F76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62F359CD-5DC4-4919-B8E1-95BDDBD27EFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.6.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "65173C5E-B3D8-4428-8600-C3B34E3BB789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.6.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "0E99997F-033C-42FE-BCE8-CAC329DAFFAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2C8C550-3313-4266-B4B3-E9E9047CFE04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABEEBA7B-81D5-4148-912B-9AD448BBE741",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.7.0:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "1663754A-2AF4-46BC-9196-E29D8C019892",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.7.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "566C6E9C-318C-4C1E-86A8-429615215EEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.7.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "22987AEF-ADA2-4D60-8C02-AFE6CD9A930B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "448555FE-8E91-4EA7-BA05-6915F5508319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CA0A79A-0591-4AC0-A2D1-40C34FA75B01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C8C1070-4A65-41A3-AD01-F12626042CA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6CD3B7F-24C5-49F4-93D2-CA43FF284907",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "44BC5E2C-B6A6-4999-A1EA-B91DA5C350C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2850FD9-8BE8-410E-8A24-28549DAACEB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "60A24DC5-2DF5-4CA2-A0CD-BE0650CA6F5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "81A01676-7D0B-4F92-A874-28ACDB728A5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D0901DF-4C9A-46A6-A5F9-6CFC945B39AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.9.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "057A1E58-0D95-4EA6-88B1-B05136E03770",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A67179D4-2714-42FE-8115-19DBC5D1E3E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABA6B36E-B99E-4F3A-BD19-C1525A4479D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.9.2-5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "71F123A4-81BC-4A69-85AC-7228AAC2C993",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D83405B-B94F-4631-9B1A-00131797B936",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow."
    },
    {
      "lang": "es",
      "value": "Error de signo de entero en la funci\u00f3n TIFFReadDirectory en tif_dirread.c en libtiff v3.9.4 y anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una profundidad en una imagen TIFF, lo que provoca una inadecuada conversi\u00f3n entre los tipos de signo y sin signo, dando lugar a un desbordamiento de b\u00fafer basado en memoria din\u00e1mica."
    }
  ],
  "id": "CVE-2012-2088",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-07-22T17:55:01.210",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00010.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1054.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/49686"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/50726"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.apple.com/kb/HT6162"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.apple.com/kb/HT6163"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:101"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/54270"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=832864"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://hermes.opensuse.org/messages/15083566"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1054.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/49686"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/50726"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT6162"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT6163"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:101"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/54270"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=832864"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://hermes.opensuse.org/messages/15083566"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2012-2088 (GCVE-0-2012-2088)

Vulnerability from cvelistv5

Published

2012-07-22 17:00