Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2012:0468
HistoryApr 10, 2012 - 9:10 p.m.

libtiff security update

2012-04-1021:10:32
CentOS Project
lists.centos.org
51

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.092 Low

EPSS

Percentile

94.6%

JSON

CentOS Errata and Security Advisory CESA-2012:0468

The libtiff packages contain a library of functions for manipulating Tagged
Image File Format (TIFF) files.

Two integer overflow flaws, leading to heap-based buffer overflows, were
found in the way libtiff attempted to allocate space for a tile in a TIFF
image file. An attacker could use these flaws to create a specially-crafted
TIFF file that, when opened, would cause an application linked against
libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-1173)

All libtiff users should upgrade to these updated packages, which contain a
backported patch to resolve these issues. All running applications linked
against libtiff must be restarted for this update to take effect.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2012-April/080722.html
https://lists.centos.org/pipermail/centos-announce/2012-April/080726.html

Affected packages:
libtiff
libtiff-devel
libtiff-static

Upstream details at:
https://access.redhat.com/errata/RHSA-2012:0468

Related

openvas 35
nessus 23
prion 1
altlinux 1
veracode 1
fedora 6
redhat 1
slackware 1
debiancve 1
securityvulns 8
amazon 1
cve 1
oraclelinux 1
debian 1
zdi 1
ubuntucve 2
f5 2
ubuntu 1
gentoo 1
openvas
openvas
Mandriva Update for libtiff MDVSA-2012:054 (libtiff)
2012-08-03 00:00:00
Fedora Update for libtiff FEDORA-2012-5463
2012-08-30 00:00:00
Fedora Update for libtiff FEDORA-2012-5410
2012-04-23 00:00:00
nessus
nessus
CentOS 5 / 6 : libtiff (CESA-2012:0468)
2012-04-11 00:00:00
Fedora 16 : libtiff-3.9.5-3.fc16 (2012-5410)
2012-04-23 00:00:00
openSUSE Security Update : tiff (openSUSE-SU-2012:0539-1)
2014-06-13 00:00:00
prion
prion
Integer overflow
2012-06-04 20:55:00
altlinux
altlinux
Security fix for the ALT Linux 10 package libtiff version 3.9.6-alt1
2012-04-08 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2018-10-04 04:47:21
fedora
fedora
[SECURITY] Fedora 16 Update: libtiff-3.9.5-3.fc16
2012-04-22 03:27:04
[SECURITY] Fedora 17 Update: libtiff-3.9.5-3.fc17
2012-04-12 02:24:24
[SECURITY] Fedora 15 Update: libtiff-3.9.5-3.fc15
2012-04-18 19:27:41
redhat
redhat
(RHSA-2012:0468) Important: libtiff security update
2012-04-10 00:00:00
slackware
slackware
[slackware-security] libtiff
2012-04-04 17:44:30
debiancve
debiancve
CVE-2012-1173
2012-06-04 20:55:00
securityvulns
securityvulns
[ MDVSA-2012:054 ] libtiff
2012-04-09 00:00:00
libtiff library integer overflow
2012-07-09 00:00:00
Apple Mac OS X multiple security vulnerabilities
2012-10-01 00:00:00
amazon
amazon
Important: libtiff
2012-04-30 14:43:00
cve
cve
CVE-2012-1173
2012-06-04 20:55:00
oraclelinux
oraclelinux
libtiff security update
2012-04-10 00:00:00
debian
debian
[SECURITY] [DSA 2447-1] tiff security update
2012-04-04 20:00:29
zdi
zdi
LibTIFF TileSize Parsing Remote Code Execution Vulnerability
2012-03-13 00:00:00
ubuntucve
ubuntucve
CVE-2012-1173
2012-04-04 00:00:00
CVE-2012-2113
2012-06-22 00:00:00
f5
f5
SOL15863 - Libtiff vulnerabilities CVE-2012-1173 and CVE-2012-2088
2014-11-25 00:00:00
K15863 : Libtiff vulnerabilities CVE-2012-1173 and CVE-2012-2088
2015-01-30 00:00:00
ubuntu
ubuntu
tiff vulnerabilities
2012-04-04 00:00:00
gentoo
gentoo
libTIFF: Multiple vulnerabilities
2012-09-23 00:00:00

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.092 Low

EPSS

Percentile

94.6%

JSON
Related for CESA-2012:0468
openvas35nessus23prion1altlinux1veracode1fedora6redhat1slackware1debiancve1securityvulns8amazon1cve1oraclelinux1debian1zdi1ubuntucve2f52ubuntu1gentoo1