Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2088

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-2088
Last Modified 16 Mar 2014 12:24:20
Published 22 Jul 2012 01:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-2088

Summary

Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow.

Vulnerable Systems

Application

  • Libtiff 3.4

  • Libtiff 3.5.1

  • Libtiff 3.5.2

  • Libtiff 3.5.3

  • Libtiff 3.5.4

  • Libtiff 3.5.5

  • Libtiff 3.5.6

  • Libtiff 3.5.7

  • Libtiff 3.6.0

  • Libtiff 3.6.1

  • Libtiff 3.7.0

  • Libtiff 3.7.1

  • Libtiff 3.7.2

  • Libtiff 3.7.3

  • Libtiff 3.7.4

  • Libtiff 3.8.0

  • Libtiff 3.8.1

  • Libtiff 3.8.2

  • Libtiff 3.9

  • Libtiff 3.9.0

  • Libtiff 3.9.1

  • Libtiff 3.9.2

  • Libtiff 3.9.2-5.2.1

  • Libtiff 3.9.3

  • Libtiff 3.9.4


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=832864

BID - 54270

SECUNIA - 49686

REDHAT - RHSA-2012:1054

SUSE - openSUSE-SU-2012:0829

MANDRIVA - MDVSA-2012:101

APPLE - APPLE-SA-2013-03-14-1

GENTOO - GLSA-201209-02

SECUNIA - 50726

CONFIRM - http://support.apple.com/kb/HT6163

CONFIRM - http://support.apple.com/kb/HT6162

Related Patches

Apple 2013-03-14 Mac OS X 10.8.3 Update (Rev 2)

Apple 2013-03-14 Mac OS X 10.8.3 Combo Update (Rev 3)

Apple 2013-03-14 Security Update 2013-001 Server (Lion)

Apple 2013-03-14 Security Update 2013-001 (Lion)

Apple 2013-03-14 Security Update 2013-001 (Snow Leopard)

Apple 2013-03-14 Security Update 2013-001 Server (Snow Leopard)

Red Hat 2012:1054-01 RHSA Important: libtiff security update for RHEL 5 x86

Red Hat 2012:1054-01 RHSA Important: libtiff security update for RHEL 5 x86_64

Novell SUSE 2012:6475 libtiff-devel security update for SLE 11 SP1 i586

Novell SUSE 2012:6475 libtiff-devel security update for SLE 11 SP1 x86_64

Novell SUSE 2012:8199 libtiff security update for SLE 10 SP4 i586

Novell SUSE 2012:8199 libtiff security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 10:54:56