Lucene search

K

[email protected]NVD:CVE-2012-2088

HistoryJul 22, 2012 - 5:55 p.m.

CVE-2012-2088

2012-07-2217:55:01

CWE-189

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

High

0.07 Low

EPSS

Percentile

94.0%

Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow.

Affected configurations

NVD

Node

libtifflibtiffRange≤3.9.4

OR

libtifflibtiffMatch3.4

OR

libtifflibtiffMatch3.4beta18

OR

libtifflibtiffMatch3.4beta24

OR

libtifflibtiffMatch3.4beta28

OR

libtifflibtiffMatch3.4beta29

OR

libtifflibtiffMatch3.4beta31

OR

libtifflibtiffMatch3.4beta32

OR

libtifflibtiffMatch3.4beta34

OR

libtifflibtiffMatch3.4beta35

OR

libtifflibtiffMatch3.4beta36

OR

libtifflibtiffMatch3.4beta37

OR

libtifflibtiffMatch3.5.1

OR

libtifflibtiffMatch3.5.2

OR

libtifflibtiffMatch3.5.3

OR

libtifflibtiffMatch3.5.4

OR

libtifflibtiffMatch3.5.5

OR

libtifflibtiffMatch3.5.6

OR

libtifflibtiffMatch3.5.6beta

OR

libtifflibtiffMatch3.5.7

OR

libtifflibtiffMatch3.5.7alpha

OR

libtifflibtiffMatch3.5.7alpha2

OR

libtifflibtiffMatch3.5.7alpha3

OR

libtifflibtiffMatch3.5.7alpha4

OR

libtifflibtiffMatch3.5.7beta

OR

libtifflibtiffMatch3.6.0

OR

libtifflibtiffMatch3.6.0beta

OR

libtifflibtiffMatch3.6.0beta2

OR

libtifflibtiffMatch3.6.1

OR

libtifflibtiffMatch3.7.0

OR

libtifflibtiffMatch3.7.0alpha

OR

libtifflibtiffMatch3.7.0beta

OR

libtifflibtiffMatch3.7.0beta2

OR

libtifflibtiffMatch3.7.1

OR

libtifflibtiffMatch3.7.2

OR

libtifflibtiffMatch3.7.3

OR

libtifflibtiffMatch3.7.4

OR

libtifflibtiffMatch3.8.0

OR

libtifflibtiffMatch3.8.1

OR

libtifflibtiffMatch3.8.2

OR

libtifflibtiffMatch3.9

OR

libtifflibtiffMatch3.9.0

OR

libtifflibtiffMatch3.9.0beta

OR

libtifflibtiffMatch3.9.1

OR

libtifflibtiffMatch3.9.2

OR

libtifflibtiffMatch3.9.2-5.2.1

OR

libtifflibtiffMatch3.9.3

References

lists.apple.com/archives/security-announce/2013/Mar/msg00002.html

lists.opensuse.org/opensuse-security-announce/2012-07/msg00010.html

rhn.redhat.com/errata/RHSA-2012-1054.html

secunia.com/advisories/49686

secunia.com/advisories/50726

security.gentoo.org/glsa/glsa-201209-02.xml

support.apple.com/kb/HT6162

support.apple.com/kb/HT6163

www.mandriva.com/security/advisories?name=MDVSA-2012:101

www.securityfocus.com/bid/54270

bugzilla.redhat.com/show_bug.cgi?id=832864

hermes.opensuse.org/messages/15083566

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

High

0.07 Low

EPSS

Percentile

94.0%

Related for NVD:CVE-2012-2088

ubuntucve1 prion1 debiancve1 cvelist1 cve1 veracode2 openvas32 nessus24 amazon1 f52 ubuntu1 securityvulns7 suse1 centos1 oraclelinux1 fedora7 redhat1 altlinux1 osv1 slackware1 gentoo1