Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:11812
HistoryJul 14, 2009 - 12:00 a.m.

LibTIFF库tiff2rgba和rgb2ycbcr转换工具整数溢出漏洞

2009-07-1400:00:00
Root
www.seebug.org
21

0.007 Low

EPSS

Percentile

77.3%

JSON

BUGTRAQ ID: 35652
CVE(CAN) ID: CVE-2009-2347

LibTiff是负责对TIFF图象格式进行编码/解码的应用库。

libtiff软件把中捆绑了一些用于操控TIFF图形的工具集,其中tiff2rgba工具所使用的cvt_whole_image函数和 rgb2ycbcr工具所使用的tiffcvt函数没有正确地验证图形的宽度和高度,在使用宽度和高度值计算raster缓冲区大小时可能出现最终可导致堆溢出的整数溢出漏洞。如果用户受骗打开了畸形的TIFF图形就可以触发这个溢出,导致转换工具崩溃或执行任意代码。

LibTIFF LibTIFF 4.0
LibTIFF LibTIFF 3.9
LibTIFF LibTIFF 3.8.2
厂商补丁:

LibTIFF

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://article.gmane.org/gmane.linux.debian.devel.changes.unstable/178563/

Related

prion 1
nessus 29
cve 1
openvas 47
altlinux 2
ubuntucve 1
veracode 1
freebsd 1
ubuntu 1
securityvulns 2
debiancve 1
gentoo 2
oraclelinux 1
osv 1
redhat 1
centos 1
debian 1
fedora 2
prion
prion
Integer overflow
2009-07-14 20:30:00
nessus
nessus
openSUSE Security Update : libtiff-devel (libtiff-devel-1176)
2009-08-20 00:00:00
SuSE 10 Security Update : libtiff (ZYPP Patch Number 6407)
2009-09-24 00:00:00
FreeBSD : tiff -- Multiple integer overflows (8816bf3a-7929-11df-bcce-0018f3e2eb82)
2010-06-17 00:00:00
cve
cve
CVE-2009-2347
2009-07-14 20:30:00
openvas
openvas
FreeBSD Ports: tiff
2010-07-06 00:00:00
SLES10: Security update for libtiff
2009-10-13 00:00:00
SLES9: Security update for libtiff
2009-10-10 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package libtiff version 3.8.2-alt5
2009-07-15 00:00:00
Security fix for the ALT Linux 10 package libtiff version 3.8.2-alt5
2009-07-15 00:00:00
ubuntucve
ubuntucve
CVE-2009-2347
2009-07-14 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:36:26
freebsd
freebsd
tiff -- Multiple integer overflows
2009-05-22 00:00:00
ubuntu
ubuntu
tiff vulnerability
2009-07-13 00:00:00
securityvulns
securityvulns
[oCERT-2009-012] libtiff tools integer overflows
2009-07-14 00:00:00
libtiff multiple security vulnerabilities
2009-07-14 00:00:00
debiancve
debiancve
CVE-2009-2347
2009-07-14 20:30:00
gentoo
gentoo
libTIFF: User-assisted execution of arbitrary code
2009-08-07 00:00:00
libTIFF: Multiple vulnerabilities
2012-09-23 00:00:00
oraclelinux
oraclelinux
libtiff security update
2009-07-16 00:00:00
osv
osv
tiff - several vulnerabilities
2009-07-15 00:00:00
redhat
redhat
(RHSA-2009:1159) Moderate: libtiff security update
2009-07-16 00:00:00
centos
centos
libtiff security update
2009-07-22 22:35:54
debian
debian
[SECURITY] [DSA 1835-1] New tiff packages fix several vulnerabilities
2009-07-15 19:20:19
fedora
fedora
[SECURITY] Fedora 10 Update: libtiff-3.8.2-14.fc10
2009-07-19 10:12:56
[SECURITY] Fedora 11 Update: libtiff-3.8.2-14.fc11
2009-07-19 10:30:18

0.007 Low

EPSS

Percentile

77.3%

JSON
Related for SSV:11812
prion1nessus29cve1openvas47altlinux2ubuntucve1veracode1freebsd1ubuntu1securityvulns2debiancve1gentoo2oraclelinux1osv1redhat1centos1debian1fedora2