exploit the possibilities
Showing 1 - 7 of 7 RSS Feed

CVE-2012-4447

Status Candidate

Overview

Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format.

Related Files

Gentoo Linux Security Advisory 201402-21
Posted Feb 22, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201402-21 - Multiple vulnerabilities have been found in libTIFF, allowing remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 4.0.3-r6 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-4447, CVE-2012-4564, CVE-2013-1960, CVE-2013-1961, CVE-2013-4231, CVE-2013-4232, CVE-2013-4244
MD5 | ab18423357c61451848c2603309ef271
Slackware Security Advisory - libtiff Updates
Posted Oct 21, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New libtiff packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. Related CVE Numbers: CVE-2012-2088,CVE-2012-2113,CVE-2012-4447,CVE-2012-4564,CVE-2013-1960,CVE-2013-1961,CVE-2013-4231,CVE-2013-4232,CVE-2013-4244.

tags | advisory
systems | linux, slackware
advisories | CVE-2012-2088, CVE-2012-2113, CVE-2012-4447, CVE-2012-4564, CVE-2013-1960, CVE-2013-1961, CVE-2013-4231, CVE-2013-4232, CVE-2013-4244
MD5 | 9f6d55b9455a7303868fd8ac01827f9a
Mandriva Linux Security Advisory 2013-046
Posted Apr 5, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-046 - libtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the tiff2pdf tool. An attacker could use these flaws to create a specially-crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. Huzaifa Sidhpurwala discovered that the tiff2pdf utility incorrectly handled certain malformed TIFF images. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. It was discovered that a buffer overflow in libtiff's parsing of files using PixarLog compression could lead to the execution of arbitrary code. ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow. It was discovered that LibTIFF incorrectly handled certain malformed images using the DOTRANGE tag. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-2088, CVE-2012-2113, CVE-2012-3401, CVE-2012-4447, CVE-2012-4564, CVE-2012-5581
MD5 | dc2244f1bbe90f13413c2bf8eb108ebc
Red Hat Security Advisory 2012-1590-01
Posted Dec 19, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1590-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF images using the Pixar Log Format encoding. An attacker could create a specially-crafted TIFF file that, when opened, could cause an application using libtiff to crash or, possibly, execute arbitrary code with the privileges of the user running the application. A stack-based buffer overflow flaw was found in the way libtiff handled DOTRANGE tags. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-3401, CVE-2012-4447, CVE-2012-4564, CVE-2012-5581
MD5 | d3762786b7f703b144e4328bbe0acb69
Mandriva Linux Security Advisory 2012-174
Posted Nov 22, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-174 - Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format. ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-4447, CVE-2012-4564
MD5 | 4f1d205e812a3e6ccf8462eed46afc35
Ubuntu Security Notice USN-1631-1
Posted Nov 16, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1631-1 - It was discovered that LibTIFF incorrectly handled certain malformed images using the PixarLog compression format. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Huzaifa S. Sidhpurwala discovered that the ppm2tiff tool incorrectly handled certain malformed PPM images. If a user or automated system were tricked into opening a specially crafted PPM image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-4447, CVE-2012-4564, CVE-2012-4447, CVE-2012-4564
MD5 | 815e41272ec359785f7c0fac02cea1ae
Debian Security Advisory 2561-1
Posted Oct 22, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2561-1 - It was discovered that a buffer overflow in libtiff's parsing of files using PixarLog compression could lead to the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2012-4447
MD5 | f0d06757cfa6ad757896f104d0297f25
Page 1 of 1
Back1Next

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    29 Files
  • 21
    Jan 21st
    12 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    17 Files
  • 25
    Jan 25th
    34 Files
  • 26
    Jan 26th
    23 Files
  • 27
    Jan 27th
    24 Files
  • 28
    Jan 28th
    14 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close