Lucene search

[email protected]CVE-2009-2285

HistoryJul 01, 2009 - 1:00 p.m.

CVE-2009-2285

2009-07-0113:00:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2009-2285

buffer underflow

lzwdecodecompat

libtiff 3.8.2

denial of service

tiff image

6.3 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

64.7%

JSON

Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.

CPENameOperatorVersion
libtiff:libtifflibtiffeq3.8.2

CPE	Name	Operator	Version
libtiff:libtiff	libtiff	eq	3.8.2

References

bugzilla.maptools.org/show_bug.cgi?id=2065

lists.apple.com/archives/security-announce/2009/Nov/msg00000.html

lists.apple.com/archives/security-announce/2010//Mar/msg00003.html

lists.apple.com/archives/security-announce/2010/Feb/msg00000.html

lists.apple.com/archives/security-announce/2010/Jan/msg00000.html

lists.apple.com/archives/security-announce/2010/Mar/msg00000.html

secunia.com/advisories/35695

secunia.com/advisories/35716

secunia.com/advisories/35866

secunia.com/advisories/35883

secunia.com/advisories/35912

secunia.com/advisories/36194

secunia.com/advisories/36831

secunia.com/advisories/38241

secunia.com/advisories/39135

security.gentoo.org/glsa/glsa-200908-03.xml

sunsolve.sun.com/search/document.do?assetkey=1-66-267808-1

support.apple.com/kb/HT3937

support.apple.com/kb/HT4004

support.apple.com/kb/HT4013

support.apple.com/kb/HT4070

support.apple.com/kb/HT4105

www.debian.org/security/2009/dsa-1835

www.lan.st/showthread.php?t=1856&page=3

www.openwall.com/lists/oss-security/2009/06/22/1

www.openwall.com/lists/oss-security/2009/06/23/1

www.openwall.com/lists/oss-security/2009/06/29/5

www.redhat.com/support/errata/RHSA-2009-1159.html

www.vupen.com/english/advisories/2009/1637

www.vupen.com/english/advisories/2009/2727

www.vupen.com/english/advisories/2009/3184

www.vupen.com/english/advisories/2010/0173

bugs.launchpad.net/ubuntu/+source/tiff/+bug/380149

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10145

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7049

usn.ubuntu.com/797-1/

www.redhat.com/archives/fedora-package-announce/2009-July/msg00142.html

www.redhat.com/archives/fedora-package-announce/2009-July/msg00161.html

www.redhat.com/archives/fedora-package-announce/2009-July/msg00230.html

www.redhat.com/archives/fedora-package-announce/2009-July/msg00655.html

www.redhat.com/archives/fedora-package-announce/2009-July/msg00714.html

6.3 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

64.7%

JSON

Related for CVE-2009-2285

prion2 fedora10 openvas85 ubuntucve2 debiancve2 nessus63 ubuntu2 veracode2 oraclelinux4 osv1 redhat4 securityvulns5 centos5 gentoo2 debian2 threatpost2 altlinux2 cve1 seebug1 vmware2