Published: 28/10/2012 Updated: 13/02/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Heap-based buffer overflow in tif_pixarlog.c in LibTIFF prior to 4.0.3 allows remote malicious users to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libtiff libtiff 3.4
libtiff libtiff 3.7.0
libtiff libtiff 4.0
libtiff libtiff 3.6.0
libtiff libtiff 3.6.1
libtiff libtiff 3.8.0
libtiff libtiff 3.7.3
libtiff libtiff 3.8.1
libtiff libtiff 3.9.5
libtiff libtiff 3.9.3
libtiff libtiff 3.5.7
libtiff libtiff 3.8.2
libtiff libtiff 3.7.2
libtiff libtiff 3.9.2-5.2.1
libtiff libtiff 3.5.3
libtiff libtiff 3.7.1
libtiff libtiff 3.5.4
libtiff libtiff 3.5.2
libtiff libtiff 4.0.1
libtiff libtiff
libtiff libtiff 3.9.2
libtiff libtiff 3.7.4
libtiff libtiff 3.9.4
libtiff libtiff 3.5.5
libtiff libtiff 3.9.0
libtiff libtiff 3.5.6
libtiff libtiff 3.5.1
libtiff libtiff 3.9.1
libtiff libtiff 3.9

Synopsis Moderate: libtiff security update Type/Severity Security Advisory: Moderate Topic Updated libtiff packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulne ...

LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file ...

Debian Bug report logs - #692345 tiff: CVE-2012-4564 Package: tiff; Maintainer for tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Mon, 5 Nov 2012 08:36:01 UTC Severity: grave Tags: security Found in version 402-4 Fixed in versions tiff/402-5, tiff/394 ...

Debian Bug report logs - #688944 tiff: CVE-2012-4447 Package: tiff; Maintainer for tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 27 Sep 2012 07:30:18 UTC Severity: grave Tags: security Fixed in versions tiff/402-3, tiff/394-5+squeeze6 Done: Jay Be ...

It was discovered that a buffer overflow in libtiff's parsing of files using PixarLog compression could lead to the execution of arbitrary code For the stable distribution (squeeze), this problem has been fixed in version 394-5+squeeze6 For the testing distribution (wheezy) and the unstable distribution (sid), this problem has been fixed in ver ...

A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF images using the Pixar Log Format encoding An attacker could create a specially-crafted TIFF file that, when opened, could cause an application using libtiff to crash or, possibly, execute arbitrary code with the privileges of the user running the application (C ...

CWE-119 http://www.openwall.com/lists/oss-security/2012/09/25/14 http://secunia.com/advisories/49938 https://bugzilla.redhat.com/show_bug.cgi?id=860198 http://www.debian.org/security/2012/dsa-2561 http://www.securityfocus.com/bid/55673 http://secunia.com/advisories/51049 http://www.openwall.com/lists/oss-security/2012/09/25/9 http://www.remotesensing.org/libtiff/v4.0.3.html http://www.ubuntu.com/usn/USN-1631-1 http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.html http://rhn.redhat.com/errata/RHSA-2012-1590.html https://access.redhat.com/errata/RHSA-2012:1590 https://usn.ubuntu.com/1631-1/https://nvd.nist.gov

CVE-2012-4447

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect