{"id": "EDB-ID:34279", "hash": "3b05ba2c300a4fb1889935915ce3466a", "type": "exploitdb", "bulletinFamily": "exploit", "title": "LibTIFF <= 3.9.4 - Unknown Tag Second Pass Processing Remote Denial of Service Vulnerability", "description": "LibTIFF 3.9.4 Unknown Tag Second Pass Processing Remote Denial of Service Vulnerability. CVE-2010-2631. Dos exploit for linux platform", "published": "2010-06-14T00:00:00", "modified": "2010-06-14T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/34279/", "reporter": "Tom Lane", "references": [], "cvelist": ["CVE-2010-2631"], "lastseen": "2016-02-03T20:51:18", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 5.2, "vector": "NONE", "modified": "2016-02-03T20:51:18"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-2631"]}, {"type": "gentoo", "idList": ["GLSA-201209-02"]}, {"type": "openvas", "idList": ["OPENVAS:72419", "OPENVAS:136141256231072419"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-201209-02.NASL"]}], "modified": "2016-02-03T20:51:18"}, "vulnersScore": 5.2}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/34279/", "sourceData": "source: http://www.securityfocus.com/bid/41477/info\r\n\r\nLibTIFF is prone to a denial-of-service vulnerability because it fails to properly validate user-supplied input.\r\n\r\nAn attacker can exploit this issue to crash an application that uses the vulnerable library, denying service to legitimate users. \r\n\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/34279.tif", "osvdbidlist": ["66090"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}

{"cve": [{"lastseen": "2019-05-29T18:10:28", "bulletinFamily": "NVD", "description": "LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during the second stage, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.", "modified": "2013-05-15T03:10:00", "id": "CVE-2010-2631", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2631", "published": "2010-07-06T17:17:00", "title": "CVE-2010-2631", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:00", "bulletinFamily": "unix", "description": "### Background\n\nlibTIFF provides support for reading and manipulating TIFF (Tagged Image File Format) images. \n\n### Description\n\nMultiple vulnerabilities have been discovered in libTIFF. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted TIFF file with an application making use of libTIFF, possibly resulting in execution of arbitrary code with the privileges of the user running the application or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll libTIFF 4.0 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/tiff-4.0.2-r1\"\n \n\nAll libTIFF 3.9 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/tiff-3.9.5-r2\"", "modified": "2014-06-02T00:00:00", "published": "2012-09-23T00:00:00", "id": "GLSA-201209-02", "href": "https://security.gentoo.org/glsa/201209-02", "type": "gentoo", "title": "libTIFF: Multiple vulnerabilities", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-24T12:51:20", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 201209-02.", "modified": "2017-07-07T00:00:00", "published": "2012-09-26T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=72419", "id": "OPENVAS:72419", "title": "Gentoo Security Advisory GLSA 201209-02 (tiff)", "type": "openvas", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in libTIFF could result in execution of\narbitrary code or Denial of Service.\";\ntag_solution = \"All libTIFF 4.0 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/tiff-4.0.2-r1'\n \n\nAll libTIFF 3.9 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/tiff-3.9.5-r2'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201209-02\nhttp://bugs.gentoo.org/show_bug.cgi?id=307001\nhttp://bugs.gentoo.org/show_bug.cgi?id=324885\nhttp://bugs.gentoo.org/show_bug.cgi?id=357271\nhttp://bugs.gentoo.org/show_bug.cgi?id=359871\nhttp://bugs.gentoo.org/show_bug.cgi?id=371308\nhttp://bugs.gentoo.org/show_bug.cgi?id=410931\nhttp://bugs.gentoo.org/show_bug.cgi?id=422673\nhttp://bugs.gentoo.org/show_bug.cgi?id=427166\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201209-02.\";\n\n \n \nif(description)\n{\n script_id(72419);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-2347\", \"CVE-2009-5022\", \"CVE-2010-1411\", \"CVE-2010-2065\", \"CVE-2010-2067\", \"CVE-2010-2233\", \"CVE-2010-2443\", \"CVE-2010-2481\", \"CVE-2010-2482\", \"CVE-2010-2483\", \"CVE-2010-2595\", \"CVE-2010-2596\", \"CVE-2010-2597\", \"CVE-2010-2630\", \"CVE-2010-2631\", \"CVE-2010-3087\", \"CVE-2010-4665\", \"CVE-2011-0192\", \"CVE-2011-1167\", \"CVE-2012-1173\", \"CVE-2012-2088\", \"CVE-2012-2113\", \"CVE-2012-3401\");\n script_version(\"$Revision: 6593 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:18:14 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-26 11:20:48 -0400 (Wed, 26 Sep 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201209-02 (tiff)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"media-libs/tiff\", unaffected: make_list(\"ge 4.0.2-r1\", \"rge 3.9.5-r2\"), vulnerable: make_list(\"lt 4.0.2-r1\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:53", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 201209-02.", "modified": "2018-10-12T00:00:00", "published": "2012-09-26T00:00:00", "id": "OPENVAS:136141256231072419", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231072419", "title": "Gentoo Security Advisory GLSA 201209-02 (tiff)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201209_02.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.72419\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-2347\", \"CVE-2009-5022\", \"CVE-2010-1411\", \"CVE-2010-2065\", \"CVE-2010-2067\", \"CVE-2010-2233\", \"CVE-2010-2443\", \"CVE-2010-2481\", \"CVE-2010-2482\", \"CVE-2010-2483\", \"CVE-2010-2595\", \"CVE-2010-2596\", \"CVE-2010-2597\", \"CVE-2010-2630\", \"CVE-2010-2631\", \"CVE-2010-3087\", \"CVE-2010-4665\", \"CVE-2011-0192\", \"CVE-2011-1167\", \"CVE-2012-1173\", \"CVE-2012-2088\", \"CVE-2012-2113\", \"CVE-2012-3401\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-26 11:20:48 -0400 (Wed, 26 Sep 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201209-02 (tiff)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities in libTIFF could result in execution of\narbitrary code or Denial of Service.\");\n script_tag(name:\"solution\", value:\"All libTIFF 4.0 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/tiff-4.0.2-r1'\n\n\nAll libTIFF 3.9 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/tiff-3.9.5-r2'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201209-02\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=307001\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=324885\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=357271\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=359871\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=371308\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=410931\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=422673\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=427166\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201209-02.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"media-libs/tiff\", unaffected: make_list(\"ge 4.0.2-r1\", \"rge 3.9.5-r2\"), vulnerable: make_list(\"lt 4.0.2-r1\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2019-11-01T02:40:26", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201209-02\n(libTIFF: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in libTIFF. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted TIFF\n file with an application making use of libTIFF, possibly resulting in\n execution of arbitrary code with the privileges of the user running the\n application or a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "modified": "2019-11-02T00:00:00", "id": "GENTOO_GLSA-201209-02.NASL", "href": "https://www.tenable.com/plugins/nessus/62235", "published": "2012-09-24T00:00:00", "title": "GLSA-201209-02 : libTIFF: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201209-02.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62235);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/11 17:09:26\");\n\n script_cve_id(\"CVE-2009-2347\", \"CVE-2009-5022\", \"CVE-2010-1411\", \"CVE-2010-2065\", \"CVE-2010-2067\", \"CVE-2010-2233\", \"CVE-2010-2443\", \"CVE-2010-2481\", \"CVE-2010-2482\", \"CVE-2010-2483\", \"CVE-2010-2595\", \"CVE-2010-2596\", \"CVE-2010-2597\", \"CVE-2010-2630\", \"CVE-2010-2631\", \"CVE-2010-3087\", \"CVE-2010-4665\", \"CVE-2011-0192\", \"CVE-2011-1167\", \"CVE-2012-1173\", \"CVE-2012-2088\", \"CVE-2012-2113\", \"CVE-2012-3401\");\n script_xref(name:\"GLSA\", value:\"201209-02\");\n\n script_name(english:\"GLSA-201209-02 : libTIFF: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201209-02\n(libTIFF: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in libTIFF. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted TIFF\n file with an application making use of libTIFF, possibly resulting in\n execution of arbitrary code with the privileges of the user running the\n application or a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201209-02\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All libTIFF 4.0 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/tiff-4.0.2-r1'\n All libTIFF 3.9 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/tiff-3.9.5-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/tiff\", unaffected:make_list(\"ge 4.0.2-r1\", \"rge 3.9.5-r2\", \"rge 3.9.7-r1\"), vulnerable:make_list(\"lt 4.0.2-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libTIFF\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}