Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2012-5581

Published: 04/01/2013 Updated: 13/02/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Libtiff

Vulnerability Summary

Stack-based buffer overflow in tif_dir.c in LibTIFF prior to 4.0.2 allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image.

Vulnerable Product Search on Vulmon Subscribe to Product

libtiff libtiff 3.4

libtiff libtiff 3.7.0

libtiff libtiff 4.0

libtiff libtiff 3.6.0

libtiff libtiff 3.6.1

libtiff libtiff 3.8.0

libtiff libtiff 3.7.3

libtiff libtiff 3.8.1

libtiff libtiff 3.9.5

libtiff libtiff 3.9.3

libtiff libtiff 3.5.7

libtiff libtiff 3.8.2

libtiff libtiff 3.7.2

libtiff libtiff

libtiff libtiff 3.9.2-5.2.1

libtiff libtiff 3.5.3

libtiff libtiff 3.7.1

libtiff libtiff 3.5.4

libtiff libtiff 3.5.2

libtiff libtiff 3.9.2

libtiff libtiff 3.7.4

libtiff libtiff 3.9.4

libtiff libtiff 3.5.5

libtiff libtiff 3.9.0

libtiff libtiff 3.5.6

libtiff libtiff 3.5.1

libtiff libtiff 3.9.1

libtiff libtiff 3.9

Vendor Advisories

Red Hat: Moderate: libtiff security update
Synopsis Moderate: libtiff security update Type/Severity Security Advisory: Moderate Topic Updated libtiff packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulne ...
Debian CVElist Bug Report Logs: tiff: CVE-2012-5581
Debian Bug report logs - #694693 tiff: CVE-2012-5581 Package: libtiff4; Maintainer for libtiff4 is (unknown); Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 29 Nov 2012 08:21:01 UTC Severity: grave Tags: security Found in version tiff3/396-9 Fixed in version tiff3/396-10 Done: Jay Berkenbilt <qjb@debi ...
Ubuntu Security Notice: tiff vulnerability
Programs that use LibTIFF could be made to crash or run programs if they opened a specially crafted file ...
Debian Security Advisories: DSA-2589-1 tiff -- buffer overflow
The tiff library for handling TIFF image files contained a stack-based buffer overflow, potentially allowing attackers who can submit such files to a vulnerable system to execute arbitrary code For the stable distribution (squeeze), this problem has been fixed in version 394-5+squeeze8 For the testing distribution (wheezy) and the unstable dist ...
Amazon Linux AMI: ALAS-2012-147
A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF images using the Pixar Log Format encoding An attacker could create a specially-crafted TIFF file that, when opened, could cause an application using libtiff to crash or, possibly, execute arbitrary code with the privileges of the user running the application (C ...

References

CWE-119http://www.openwall.com/lists/oss-security/2012/11/28/1http://www.securityfocus.com/bid/56715http://www.ubuntu.com/usn/USN-1655-1https://bugzilla.redhat.com/show_bug.cgi?id=867235http://secunia.com/advisories/51491http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1590.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/80339http://www.debian.org/security/2012/dsa-2589https://access.redhat.com/errata/RHSA-2012:1590https://usn.ubuntu.com/1655-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook