CVE-2009-2285

Related Files

Mandriva Linux Security Advisory 2009-169

Posted Dec 4, 2009

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-169 - Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327. Fix several places in tiff2rgba and rgb2ycbcr that were being careless about possible integer overflow in calculation of buffer sizes. This update provides fixes for these vulnerabilities. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, denial of service, overflow, vulnerability

systems | linux, mandriva

advisories | CVE-2009-2285, CVE-2009-2347

SHA-256 | 45d95127402793a3fd0da4d97ff4af68efb1a762e184604e26b562f4cf3e42a6

Download | Favorite | View

Gentoo Linux Security Advisory 200908-3

Posted Aug 7, 2009

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200908-03 - Multiple boundary checking vulnerabilities in libTIFF may allow for the remote execution of arbitrary code. Versions less than 3.8.2-r8 are affected.

tags | advisory, remote, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2009-2285, CVE-2009-2347

SHA-256 | f7c68056e3b92a22ed1f5be10fff48a024de8701ef5c50cb4bc4d3177d05c354

Download | Favorite | View

Mandriva Linux Security Advisory 2009-169

Posted Jul 28, 2009

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-169 - Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327. Fix several places in tiff2rgba and rgb2ycbcr that were being careless about possible integer overflow in calculation of buffer sizes. This update provides fixes for these vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability

systems | linux, mandriva

advisories | CVE-2009-2285, CVE-2009-2347

SHA-256 | 90aff0a5960233fb9cd84f73ebc463ce903c3508c40dd8edf5d93294d238679a

Download | Favorite | View

Debian Linux Security Advisory 1835-1

Posted Jul 16, 2009

Authored by Debian | Site debian.org

Debian Security Advisory 1835-1 - Several vulnerabilities have been discovered in the library for the Tag Image File Format (TIFF).

tags | advisory, vulnerability

systems | linux, debian

advisories | CVE-2009-2285, CVE-2009-2347

SHA-256 | 5169c0b4d9807452ec091dc33435bd5b563acc2795c454a89ecd296a597c2ac2

Download | Favorite | View

Mandriva Linux Security Advisory 2009-150

Posted Jul 13, 2009

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-150 - Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327. Fix several places in tiff2rgba and rgb2ycbcr that were being careless about possible integer overflow in calculation of buffer sizes. This update provides fixes for these vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability

systems | linux, mandriva

advisories | CVE-2009-2285, CVE-2009-2347

SHA-256 | 10574ff24efb8275b0d6a98f173fd59b823216304e43547bd800fc89a9846c46

Download | Favorite | View

Ubuntu Security Notice 797-1

Posted Jul 6, 2009

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-797-1 - It was discovered that the TIFF library did not correctly handle certain malformed TIFF images. If a user or automated system were tricked into processing a malicious image, a remote attacker could cause an application linked against libtiff to crash, leading to a denial of service.

tags | advisory, remote, denial of service

systems | linux, ubuntu

advisories | CVE-2009-2285

SHA-256 | 7a72370d5fd4910515c0a0d165701f1585e989a74655c1eb76451cd4ddb6b631

Download | Favorite | View