Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4564

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-4564
Last Modified 07 Feb 2013 11:54:02
Published 11 Nov 2012 08:00:58
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4564

Summary

ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow.

Vulnerable Systems

Application

  • Libtiff -


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=871700

XF - libtiff-ppm2tiff-bo(79750)

BID - 56372

OSVDB - 86878

MLIST - [oss-security] 20121102 Re: libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file

MLIST - [oss-security] 20121102 libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file

SECUNIA - 51133

UBUNTU - USN-1631-1

DEBIAN - DSA-2575

SUSE - openSUSE-SU-2013:0187

REDHAT - RHSA-2012:1590

Related Patches

Red Hat 2012:1590-01 RHSA Moderate: libtiff security update for RHEL 5 x86

Novell SUSE 2013:7216 libtiff-devel security update for SLE 11 SP2 i586

Novell SUSE 2013:7216 libtiff-devel security update for SLE 11 SP2 x86_64

Novell SUSE 2013:8419 libtiff security update for SLE 10 SP4 i586

Novell SUSE 2013:8419 libtiff security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 10:47:22