Vulnerabilities > CVE-2008-1586 - Resource Management Errors vulnerability in Apple Iphone OS
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allow remote attackers to cause a denial of service (memory consumption and device reset) via a crafted TIFF image.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Hardware | 1 | |
| OS | 14 |
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_0_LIBTIFF-DEVEL-090205.NASL description specially crafted tiff images could lead to allocating large amounts of memory therefore crashing applications that process such files (CVE-2008-1586). last seen 2020-06-01 modified 2020-06-02 plugin id 40049 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40049 title openSUSE Security Update : libtiff-devel (libtiff-devel-507) NASL family SuSE Local Security Checks NASL id SUSE_11_1_LIBTIFF-DEVEL-090205.NASL description specially crafted tiff images could lead to allocating large amounts of memory therefore crashing applications that process such files (CVE-2008-1586). last seen 2020-06-01 modified 2020-06-02 plugin id 40270 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40270 title openSUSE Security Update : libtiff-devel (libtiff-devel-507) NASL family SuSE Local Security Checks NASL id SUSE_LIBTIFF-DEVEL-5988.NASL description specially crafted tiff images could lead to allocating large amounts of memory therefore crashing applications that process such files (CVE-2008-1586). last seen 2020-06-01 modified 2020-06-02 plugin id 35678 published 2009-02-13 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35678 title openSUSE 10 Security Update : libtiff-devel (libtiff-devel-5988)
Statements
| contributor | Joshua Bressers |
| lastmodified | 2009-01-19 |
| organization | Red Hat |
| statement | Red Hat does not consider this libTIFF bug to be a security issue. |
References
- http://www.securityfocus.com/bid/32394
- http://support.apple.com/kb/HT3318
- http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html
- http://osvdb.org/50023
- http://www.securitytracker.com/id?1021270
- http://secunia.com/advisories/32756
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
- http://www.vupen.com/english/advisories/2008/3232