Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2012-3401

Published: 13/08/2012 Updated: 13/02/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Libtiff

Vulnerability Summary

The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and previous versions does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow.

Vulnerable Product Search on Vulmon Subscribe to Product

libtiff libtiff 3.4

libtiff libtiff 3.7.0

libtiff libtiff 4.0

libtiff libtiff 3.6.0

libtiff libtiff 3.6.1

libtiff libtiff 3.8.0

libtiff libtiff 3.7.3

libtiff libtiff 3.8.1

libtiff libtiff 3.9.3

libtiff libtiff 3.5.7

libtiff libtiff 3.8.2

libtiff libtiff 3.7.2

libtiff libtiff 3.9.2-5.2.1

libtiff libtiff 3.5.3

libtiff libtiff 3.7.1

libtiff libtiff 3.5.4

libtiff libtiff 3.5.2

libtiff libtiff 4.0.1

libtiff libtiff

libtiff libtiff 3.9.2

libtiff libtiff 3.7.4

libtiff libtiff 3.9.4

libtiff libtiff 3.5.5

libtiff libtiff 3.9.0

libtiff libtiff 3.5.6

libtiff libtiff 3.5.1

libtiff libtiff 3.9.1

libtiff libtiff 3.9

Vendor Advisories

Red Hat: Moderate: libtiff security update
Synopsis Moderate: libtiff security update Type/Severity Security Advisory: Moderate Topic Updated libtiff packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulne ...
Ubuntu Security Notice: tiff vulnerability
tiff2pdf could be made to crash or run programs as your login if it opened a specially crafted file ...
Debian Security Advisories: DSA-2552-1 tiff -- several vulnerabilities
Several vulnerabilities were discovered in TIFF, a library set and tools to support the Tag Image File Format (TIFF), allowing denial of service and potential privilege escalation These vulnerabilities can be exploited via a specially crafted TIFF image CVE-2012-2113 The tiff2pdf utility has an integer overflow error when parsing images CVE-2 ...
Debian CVElist Bug Report Logs: tiff: CVE-2012-4564
Debian Bug report logs - #692345 tiff: CVE-2012-4564 Package: tiff; Maintainer for tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Mon, 5 Nov 2012 08:36:01 UTC Severity: grave Tags: security Found in version 402-4 Fixed in versions tiff/402-5, tiff/394 ...
Debian CVElist Bug Report Logs: tiff: CVE-2012-3401 heap overflow in tiff2pdf
Debian Bug report logs - #682115 tiff: CVE-2012-3401 heap overflow in tiff2pdf Package: tiff; Maintainer for tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Marc Deslauriers <marcdeslauriers@ubuntucom> Date: Thu, 19 Jul 2012 14:57:01 UTC Severity: grave Tags: patch, security Found in version 402- ...
Debian CVElist Bug Report Logs: tiff: CVE-2012-4447
Debian Bug report logs - #688944 tiff: CVE-2012-4447 Package: tiff; Maintainer for tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 27 Sep 2012 07:30:18 UTC Severity: grave Tags: security Fixed in versions tiff/402-3, tiff/394-5+squeeze6 Done: Jay Be ...
Debian CVElist Bug Report Logs: Two tiff issues: CVE-2012-2113 / CVE-2012-2088
Debian Bug report logs - #678140 Two tiff issues: CVE-2012-2113 / CVE-2012-2088 Package: tiff; Maintainer for tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Tue, 19 Jun 2012 14:09:03 UTC Severity: grave Tags: security Found in version 394-5+sque ...
Amazon Linux AMI: ALAS-2012-147
A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF images using the Pixar Log Format encoding An attacker could create a specially-crafted TIFF file that, when opened, could cause an application using libtiff to crash or, possibly, execute arbitrary code with the privileges of the user running the application (C ...

References

CWE-119http://osvdb.org/84090http://www.openwall.com/lists/oss-security/2012/07/19/4http://secunia.com/advisories/50007http://secunia.com/advisories/49938http://libjpeg-turbo.svn.sourceforge.net/viewvc/libjpeg-turbo?view=revision&revision=830https://bugzilla.redhat.com/show_bug.cgi?id=837577http://www.openwall.com/lists/oss-security/2012/07/19/1https://bugzilla.redhat.com/attachment.cgi?id=596457http://www.ubuntu.com/usn/USN-1511-1http://lists.opensuse.org/opensuse-updates/2012-08/msg00011.htmlhttp://www.debian.org/security/2012/dsa-2552http://www.securityfocus.com/bid/54601http://rhn.redhat.com/errata/RHSA-2012-1590.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:127http://secunia.com/advisories/50726http://security.gentoo.org/glsa/glsa-201209-02.xmlhttp://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdfhttps://exchange.xforce.ibmcloud.com/vulnerabilities/77088https://access.redhat.com/errata/RHSA-2012:1590https://usn.ubuntu.com/1511-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook