what you don't know can hurt you
Showing 1 - 9 of 9 RSS Feed

CVE-2009-2347

Status Candidate

Overview

Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.

Related Files

Gentoo Linux Security Advisory 201209-02
Posted Sep 24, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201209-2 - Multiple vulnerabilities in libTIFF could result in execution of arbitrary code or Denial of Service. Versions less than 4.0.2-r1 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-2347, CVE-2009-5022, CVE-2010-1411, CVE-2010-2065, CVE-2010-2067, CVE-2010-2233, CVE-2010-2443, CVE-2010-2481, CVE-2010-2482, CVE-2010-2483, CVE-2010-2595, CVE-2010-2596, CVE-2010-2597, CVE-2010-2630, CVE-2010-2631, CVE-2010-3087, CVE-2010-4665, CVE-2011-0192, CVE-2011-0192, CVE-2011-1167, CVE-2011-1167, CVE-2012-1173, CVE-2012-2088, CVE-2012-2113, CVE-2012-3401
MD5 | b1e333c1e644cbcc9addafc4e21e030b
Mandriva Linux Security Advisory 2011-043
Posted Mar 8, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-043 - A buffer overflow was discovered in libtiff which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted TIFF image with CCITT Group 4 encoding.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2011-0192, CVE-2009-2347, CVE-2010-2065
MD5 | 49d062c22289205b5258adc04c124f6e
Mandriva Linux Security Advisory 2009-169
Posted Dec 4, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-169 - Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327. Fix several places in tiff2rgba and rgb2ycbcr that were being careless about possible integer overflow in calculation of buffer sizes. This update provides fixes for these vulnerabilities. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, mandriva
advisories | CVE-2009-2285, CVE-2009-2347
MD5 | c3aa2058ad49c6e01c78cc679cf4e509
Gentoo Linux Security Advisory 200908-3
Posted Aug 7, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200908-03 - Multiple boundary checking vulnerabilities in libTIFF may allow for the remote execution of arbitrary code. Versions less than 3.8.2-r8 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-2285, CVE-2009-2347
MD5 | 13a80046bb6e685e9277961f2fc6b5ce
Mandriva Linux Security Advisory 2009-169
Posted Jul 28, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-169 - Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327. Fix several places in tiff2rgba and rgb2ycbcr that were being careless about possible integer overflow in calculation of buffer sizes. This update provides fixes for these vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, mandriva
advisories | CVE-2009-2285, CVE-2009-2347
MD5 | c2cb1be5bdb1f6cc552b4d556874cbf8
Debian Linux Security Advisory 1835-1
Posted Jul 16, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1835-1 - Several vulnerabilities have been discovered in the library for the Tag Image File Format (TIFF).

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2009-2285, CVE-2009-2347
MD5 | dd1a0b2fba3b09d64fc647da4eb752fc
Ubuntu Security Notice 801-1
Posted Jul 13, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-801-1 - Tielei Wang and Tom Lane discovered that the TIFF library did not correctly handle certain malformed TIFF images. If a user or automated system were tricked into processing a malicious image, an attacker could execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2009-2347
MD5 | d7dae23ae367916f0423437eb1b2dc98
Mandriva Linux Security Advisory 2009-150
Posted Jul 13, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-150 - Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327. Fix several places in tiff2rgba and rgb2ycbcr that were being careless about possible integer overflow in calculation of buffer sizes. This update provides fixes for these vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, mandriva
advisories | CVE-2009-2285, CVE-2009-2347
MD5 | 33b59999b058fe5c11bbed5224e53bc0
Open Source CERT Security Advisory 2009.12
Posted Jul 13, 2009
Authored by Andrea Barisani, Open Source CERT | Site ocert.org

The libtiff image library tools suffer from integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. The libtiff package ships a library, for reading and writing TIFF, as well as a small collection of tools for manipulating TIFF images. The cvt_whole_image function used in the tiff2rgba tool and the tiffcvt function used in the rgb2ycbcr tool do not properly validate the width and height of the image. Specific TIFF images with large width and height can be crafted to trigger the vulnerability.

tags | advisory, overflow, arbitrary, code execution
advisories | CVE-2009-2347
MD5 | fcb3f51181cf6c6954e889e7098ad494
Page 1 of 1
Back1Next

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    65 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close