Lucene search

[email protected]NVD:CVE-2009-5022

HistoryMay 03, 2011 - 8:55 p.m.

CVE-2009-5022

2011-05-0320:55:04

CWE-119

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.268 Low

EPSS

Percentile

96.8%

JSON

Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file.

Affected configurations

NVD

Node

libtifflibtiffRange≤3.9.4

libtifflibtiffMatch3.4

libtifflibtiffMatch3.4beta18

libtifflibtiffMatch3.4beta24

libtifflibtiffMatch3.4beta28

libtifflibtiffMatch3.4beta29

libtifflibtiffMatch3.4beta31

libtifflibtiffMatch3.4beta32

libtifflibtiffMatch3.4beta34

libtifflibtiffMatch3.4beta35

libtifflibtiffMatch3.4beta36

libtifflibtiffMatch3.4beta37

libtifflibtiffMatch3.5.1

libtifflibtiffMatch3.5.2

libtifflibtiffMatch3.5.3

libtifflibtiffMatch3.5.4

libtifflibtiffMatch3.5.5

libtifflibtiffMatch3.5.6

libtifflibtiffMatch3.5.6beta

libtifflibtiffMatch3.5.7

libtifflibtiffMatch3.5.7alpha

libtifflibtiffMatch3.5.7alpha2

libtifflibtiffMatch3.5.7alpha3

libtifflibtiffMatch3.5.7alpha4

libtifflibtiffMatch3.5.7beta

libtifflibtiffMatch3.6.0

libtifflibtiffMatch3.6.0beta

libtifflibtiffMatch3.6.0beta2

libtifflibtiffMatch3.6.1

libtifflibtiffMatch3.7.0

libtifflibtiffMatch3.7.0alpha

libtifflibtiffMatch3.7.0beta

libtifflibtiffMatch3.7.0beta2

libtifflibtiffMatch3.7.1

libtifflibtiffMatch3.7.2

libtifflibtiffMatch3.7.3

libtifflibtiffMatch3.7.4

libtifflibtiffMatch3.8.0

libtifflibtiffMatch3.8.1

libtifflibtiffMatch3.8.2

libtifflibtiffMatch3.9

libtifflibtiffMatch3.9.0

libtifflibtiffMatch3.9.0beta

libtifflibtiffMatch3.9.1

libtifflibtiffMatch3.9.2

libtifflibtiffMatch3.9.2-5.2.1

libtifflibtiffMatch3.9.3

References

bugzilla.maptools.org/show_bug.cgi?id=1999

lists.fedoraproject.org/pipermail/package-announce/2011-April/058478.html

openwall.com/lists/oss-security/2011/04/12/10

secunia.com/advisories/44271

secunia.com/advisories/50726

security.gentoo.org/glsa/glsa-201209-02.xml

securitytracker.com/id?1025380

www.debian.org/security/2011/dsa-2256

www.mandriva.com/security/advisories?name=MDVSA-2011:078

www.redhat.com/support/errata/RHSA-2011-0452.html

www.remotesensing.org/libtiff/v3.9.5.html

www.securityfocus.com/bid/47338

www.ubuntu.com/usn/USN-1120-1

www.vupen.com/english/advisories/2011/1014

www.vupen.com/english/advisories/2011/1082

bugzilla.redhat.com/show_bug.cgi?id=695885

exchange.xforce.ibmcloud.com/vulnerabilities/66774

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.268 Low

EPSS

Percentile

96.8%

JSON

Related for NVD:CVE-2009-5022

nessus12 ubuntu1 debian1 ubuntucve1 cve1 openvas13 securityvulns2 oraclelinux1 cvelist1 debiancve1 prion1 redhat1 fedora2 gentoo1