Lucene search

K

Veracode Vulnerability DatabaseVERACODE:24438

HistoryApr 10, 2020 - 12:54 a.m.

Arbitrary Code Execution

2020-04-1000:54:05

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

14

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

libtiff is vulnerable to arbitrary code execution. The vulnerability exists as a heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF files encoded with a 4-bit run-length encoding scheme from ThunderScan. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code.

CPENameOperatorVersion
libtiffeq3.6.1__17.el4
libtiffeq3.6.1__12.el4_7.2
libtiffeq3.6.1__12.el4_8.5
libtiffeq3.6.1__12.el4_8.4
libtiffeq3.6.1__17.el4
libtiffeq3.6.1__12.el4_7.2
libtiffeq3.6.1__12.el4_8.5
libtiffeq3.6.1__12.el4_8.4

References

blackberry.com/btsc/KB27244

bugzilla.maptools.org/show_bug.cgi?id=2300

lists.apple.com/archives/security-announce/2012/Feb/msg00000.html

lists.apple.com/archives/security-announce/2012/May/msg00001.html

lists.apple.com/archives/security-announce/2012/Sep/msg00003.html

lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html

lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html

lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html

secunia.com/advisories/43900

secunia.com/advisories/43934

secunia.com/advisories/43974

secunia.com/advisories/44117

secunia.com/advisories/44135

secunia.com/advisories/50726

security.gentoo.org/glsa/glsa-201209-02.xml

securityreason.com/securityalert/8165

slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820

support.apple.com/kb/HT5130

support.apple.com/kb/HT5281

support.apple.com/kb/HT5503

ubuntu.com/usn/usn-1102-1

www.debian.org/security/2011/dsa-2210

www.mandriva.com/security/advisories?name=MDVSA-2011:064

www.osvdb.org/71256

www.redhat.com/support/errata/RHSA-2011-0392.html

www.securityfocus.com/archive/1/517101/100/0/threaded

www.securityfocus.com/bid/46951

www.securitytracker.com/id?1025257

www.vupen.com/english/advisories/2011/0795

www.vupen.com/english/advisories/2011/0845

www.vupen.com/english/advisories/2011/0859

www.vupen.com/english/advisories/2011/0860

www.vupen.com/english/advisories/2011/0905

www.vupen.com/english/advisories/2011/0930

www.vupen.com/english/advisories/2011/0960

www.zerodayinitiative.com/advisories/ZDI-11-107

access.redhat.com/errata/RHSA-2011:0392

access.redhat.com/security/cve/CVE-2011-1167

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=684939

exchange.xforce.ibmcloud.com/vulnerabilities/66247

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

Related for VERACODE:24438

nessus29 altlinux3 openvas33 fedora7 zdi1 debiancve1 securityvulns9 centos1 prion1 ubuntucve1 cvelist1 cve1 ubuntu1 redhat1 slackware1 oraclelinux1 debian3 osv1 gentoo1