Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4447

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-4447
Last Modified 07 Feb 2013 11:53:49
Published 28 Oct 2012 11:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4447

Summary

Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format.

Vulnerable Systems

Application

  • Libtiff 3.4

  • Libtiff 3.5.1

  • Libtiff 3.5.2

  • Libtiff 3.5.3

  • Libtiff 3.5.4

  • Libtiff 3.5.5

  • Libtiff 3.5.6

  • Libtiff 3.5.7

  • Libtiff 3.6.0

  • Libtiff 3.6.1

  • Libtiff 3.7.0

  • Libtiff 3.7.1

  • Libtiff 3.7.2

  • Libtiff 3.7.3

  • Libtiff 3.7.4

  • Libtiff 3.8.0

  • Libtiff 3.8.1

  • Libtiff 3.8.2

  • Libtiff 3.9

  • Libtiff 3.9.0

  • Libtiff 3.9.1

  • Libtiff 3.9.2

  • Libtiff 3.9.2-5.2.1

  • Libtiff 3.9.3

  • Libtiff 3.9.4

  • Libtiff 3.9.5

  • Libtiff 4.0

  • Libtiff 4.0.1

  • Libtiff 4.0.2


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=860198

BID - 55673

MISC - http://www.remotesensing.org/libtiff/v4.0.3.html

MLIST - [oss-security] 20120925 CVE Request: libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression

MLIST - [oss-security] 20120925 Re: CVE Request: libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression

DEBIAN - DSA-2561

SECUNIA - 51049

SECUNIA - 49938

UBUNTU - USN-1631-1

SUSE - openSUSE-SU-2013:0187

REDHAT - RHSA-2012:1590

Related Patches

Red Hat 2012:1590-01 RHSA Moderate: libtiff security update for RHEL 5 x86

Novell SUSE 2013:7216 libtiff-devel security update for SLE 11 SP2 i586

Novell SUSE 2013:7216 libtiff-devel security update for SLE 11 SP2 x86_64

Novell SUSE 2013:8419 libtiff security update for SLE 10 SP4 i586

Novell SUSE 2013:8419 libtiff security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 10:56:38