Published: 14/07/2009 Updated: 10/10/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 up to and including 3.8.2, 3.9, and 4.0 allow context-dependent malicious users to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libtiff libtiff 3.8.0
libtiff libtiff 3.8.1
libtiff libtiff 3.9
libtiff libtiff 4.0
libtiff libtiff 3.8.2

Synopsis Moderate: libtiff security update Type/Severity Security Advisory: Moderate Topic Updated libtiff packages that fix several security issues are now availablefor Red Hat Enterprise Linux 3, 4, and 5This update has been rated as having moderate security impact by the RedHat Security Response Team ...

Tielei Wang and Tom Lane discovered that the TIFF library did not correctly handle certain malformed TIFF images If a user or automated system were tricked into processing a malicious image, an attacker could execute arbitrary code with the privileges of the user invoking the program ...

Several vulnerabilities have been discovered in the library for the Tag Image File Format (TIFF) The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2285 It was discovered that malformed TIFF images can lead to a crash in the decompression code, resulting in denial of service CVE-2009-2347 Andrea ...

CWE-189 http://article.gmane.org/gmane.linux.debian.devel.changes.unstable/178563/http://www.ocert.org/advisories/ocert-2009-012.html http://www.securityfocus.com/bid/35652 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2347 http://bugzilla.maptools.org/show_bug.cgi?id=2079 http://www.mandriva.com/security/advisories?name=MDVSA-2009:150 http://secunia.com/advisories/35817 http://www.vupen.com/english/advisories/2009/1870 http://www.redhat.com/support/errata/RHSA-2009-1159.html http://www.ubuntu.com/usn/USN-801-1 http://secunia.com/advisories/35883 http://osvdb.org/55822 http://www.debian.org/security/2009/dsa-1835 http://secunia.com/advisories/35811 http://osvdb.org/55821 http://secunia.com/advisories/35866 http://www.securitytracker.com/id?1022539 https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00663.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00724.html http://security.gentoo.org/glsa/glsa-200908-03.xml http://secunia.com/advisories/36194 http://secunia.com/advisories/35911 http://www.mandriva.com/security/advisories?name=MDVSA-2011:043 http://www.vupen.com/english/advisories/2011/0621 http://secunia.com/advisories/50726 http://security.gentoo.org/glsa/glsa-201209-02.xml https://exchange.xforce.ibmcloud.com/vulnerabilities/51688 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10988 http://www.securityfocus.com/archive/1/504892/100/0/threaded https://access.redhat.com/errata/RHSA-2009:1159 https://usn.ubuntu.com/801-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-2347

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect