Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2009-2285

Published: 01/07/2009 Updated: 03/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 440
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Libtiff

Vulnerability Summary

Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent malicious users to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.

Vulnerable Product Search on Vulmon Subscribe to Product

libtiff libtiff 3.8.2

Vendor Advisories

Red Hat: Moderate: libtiff security update
Synopsis Moderate: libtiff security update Type/Severity Security Advisory: Moderate Topic Updated libtiff packages that fix several security issues are now availablefor Red Hat Enterprise Linux 3, 4, and 5This update has been rated as having moderate security impact by the RedHat Security Response Team ...
Ubuntu Security Notice: tiff vulnerability
It was discovered that the TIFF library did not correctly handle certain malformed TIFF images If a user or automated system were tricked into processing a malicious image, a remote attacker could cause an application linked against libtiff to crash, leading to a denial of service ...
Debian Security Advisories: DSA-1835-1 tiff -- several vulnerabilities
Several vulnerabilities have been discovered in the library for the Tag Image File Format (TIFF) The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2285 It was discovered that malformed TIFF images can lead to a crash in the decompression code, resulting in denial of service CVE-2009-2347 Andrea ...

Exploits

Exploit DB: LibTIFF - 'LZWDecodeCompat()' Remote Buffer Underflow
Bugtraq ID: 35451 Class: Boundary Condition Error Published: Jun 21 2009 12:00AM Updated: Nov 12 2009 06:46PM Credit: wololo Vulnerable: Ubuntu Ubuntu Linux 904 sparc Ubuntu Ubuntu Linux 904 powerpc Ubuntu Ubuntu Linux 904 lpia Ubuntu Ubuntu Linux 904 i386 Ubuntu Ubuntu Linux 904 amd64 Ubuntu Ubuntu Linux 810 sparc Ubuntu Ubuntu Linux 810 p ...
Exploit DB: LibTIFF 3.8.2 - 'LZWDecodeCompat()' Remote Buffer Underflow
source: wwwsecurityfocuscom/bid/35451/info LibTIFF is prone to a remote buffer-underflow vulnerability because it fails to perform adequate boundary checks on user-supplied data An attacker can exploit this issue to execute arbitrary malicious code in the context of a user running an application that uses the affected library Failed ex ...

References

CWE-119https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/380149http://www.openwall.com/lists/oss-security/2009/06/29/5http://www.openwall.com/lists/oss-security/2009/06/22/1http://bugzilla.maptools.org/show_bug.cgi?id=2065http://www.lan.st/showthread.php?t=1856&page=3http://www.openwall.com/lists/oss-security/2009/06/23/1https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00230.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-July/msg00142.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-July/msg00161.htmlhttp://secunia.com/advisories/35883http://secunia.com/advisories/35716http://secunia.com/advisories/35695http://www.debian.org/security/2009/dsa-1835http://secunia.com/advisories/35866http://www.redhat.com/support/errata/RHSA-2009-1159.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-July/msg00714.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-July/msg00655.htmlhttp://security.gentoo.org/glsa/glsa-200908-03.xmlhttp://secunia.com/advisories/35912http://secunia.com/advisories/36194http://secunia.com/advisories/36831http://sunsolve.sun.com/search/document.do?assetkey=1-66-267808-1http://support.apple.com/kb/HT3937http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.htmlhttp://www.vupen.com/english/advisories/2009/3184http://support.apple.com/kb/HT4004http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.htmlhttp://www.vupen.com/english/advisories/2010/0173http://secunia.com/advisories/38241http://support.apple.com/kb/HT4013http://lists.apple.com/archives/security-announce/2010/Feb/msg00000.htmlhttp://www.vupen.com/english/advisories/2009/2727http://www.vupen.com/english/advisories/2009/1637http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.htmlhttp://support.apple.com/kb/HT4070http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.htmlhttp://secunia.com/advisories/39135http://support.apple.com/kb/HT4105https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7049https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10145https://usn.ubuntu.com/797-1/https://access.redhat.com/errata/RHSA-2009:1159https://usn.ubuntu.com/797-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/10205/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895blind SQL injectionCVE-2024-5064CVE-2023-52677CVE-2023-52682CVE-2024-30051CVE-2024-35849remote attackersremote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook