CVE-2011-1167
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
9.4 High
AI Score
Confidence
High
0.239 Low
EPSS
Percentile
96.6%
Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.
Affected configurations
References
blackberry.com/btsc/KB27244
bugzilla.maptools.org/show_bug.cgi?id=2300
lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
lists.apple.com/archives/security-announce/2012/May/msg00001.html
lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html
lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html
lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
secunia.com/advisories/43900
secunia.com/advisories/43934
secunia.com/advisories/43974
secunia.com/advisories/44117
secunia.com/advisories/44135
secunia.com/advisories/50726
security.gentoo.org/glsa/glsa-201209-02.xml
securityreason.com/securityalert/8165
slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820
support.apple.com/kb/HT5130
support.apple.com/kb/HT5281
support.apple.com/kb/HT5503
ubuntu.com/usn/usn-1102-1
www.debian.org/security/2011/dsa-2210
www.mandriva.com/security/advisories?name=MDVSA-2011:064
www.osvdb.org/71256
www.redhat.com/support/errata/RHSA-2011-0392.html
www.securityfocus.com/archive/1/517101/100/0/threaded
www.securityfocus.com/bid/46951
www.securitytracker.com/id?1025257
www.vupen.com/english/advisories/2011/0795
www.vupen.com/english/advisories/2011/0845
www.vupen.com/english/advisories/2011/0859
www.vupen.com/english/advisories/2011/0860
www.vupen.com/english/advisories/2011/0905
www.vupen.com/english/advisories/2011/0930
www.vupen.com/english/advisories/2011/0960
www.zerodayinitiative.com/advisories/ZDI-11-107
bugzilla.redhat.com/show_bug.cgi?id=684939
exchange.xforce.ibmcloud.com/vulnerabilities/66247
Related
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
9.4 High
AI Score
Confidence
High
0.239 Low
EPSS
Percentile
96.6%