Vulnerabilities > CVE-2009-2285 - Buffer Errors vulnerability in Libtiff 3.8.2
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Exploit-Db
description LibTIFF 3.8.2 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability. CVE-2009-2285. Dos exploit for linux platform id EDB-ID:33049 last seen 2016-02-03 modified 2009-05-21 published 2009-05-21 reporter wololo source https://www.exploit-db.com/download/33049/ title LibTIFF 3.8.2 - 'LZWDecodeCompat' Remote Buffer Underflow Vulnerability description LibTIFF - 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability. CVE-2009-2285. Dos exploits for multiple platform id EDB-ID:10205 last seen 2016-02-01 modified 2009-11-12 published 2009-11-12 reporter wololo source https://www.exploit-db.com/download/10205/ title LibTIFF - 'LZWDecodeCompat' Remote Buffer Underflow Vulnerability
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1835.NASL description Several vulnerabilities have been discovered in the library for the Tag Image File Format (TIFF). The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2285 It was discovered that malformed TIFF images can lead to a crash in the decompression code, resulting in denial of service. - CVE-2009-2347 Andrea Barisani discovered several integer overflows, which can lead to the execution of arbitrary code if malformed images are passed to the rgb2ycbcr or tiff2rgba tools. last seen 2020-06-01 modified 2020-06-02 plugin id 44700 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44700 title Debian DSA-1835-1 : tiff - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1835. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(44700); script_version("1.11"); script_cvs_date("Date: 2019/08/02 13:32:22"); script_cve_id("CVE-2009-2285", "CVE-2009-2347"); script_bugtraq_id(35451, 35652); script_xref(name:"DSA", value:"1835"); script_name(english:"Debian DSA-1835-1 : tiff - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in the library for the Tag Image File Format (TIFF). The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2285 It was discovered that malformed TIFF images can lead to a crash in the decompression code, resulting in denial of service. - CVE-2009-2347 Andrea Barisani discovered several integer overflows, which can lead to the execution of arbitrary code if malformed images are passed to the rgb2ycbcr or tiff2rgba tools." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534137" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-2285" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-2347" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2009/dsa-1835" ); script_set_attribute( attribute:"solution", value: "Upgrade the tiff packages. For the old stable distribution (etch), these problems have been fixed in version 3.8.2-7+etch3. For the stable distribution (lenny), these problems have been fixed in version 3.8.2-11.2." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:tiff"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0"); script_set_attribute(attribute:"patch_publication_date", value:"2009/07/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"4.0", prefix:"libtiff-opengl", reference:"3.8.2-7+etch3")) flag++; if (deb_check(release:"4.0", prefix:"libtiff-tools", reference:"3.8.2-7+etch3")) flag++; if (deb_check(release:"4.0", prefix:"libtiff4", reference:"3.8.2-7+etch3")) flag++; if (deb_check(release:"4.0", prefix:"libtiff4-dev", reference:"3.8.2-7+etch3")) flag++; if (deb_check(release:"4.0", prefix:"libtiffxx0c2", reference:"3.8.2-7+etch3")) flag++; if (deb_check(release:"5.0", prefix:"libtiff-doc", reference:"3.8.2-11.2")) flag++; if (deb_check(release:"5.0", prefix:"libtiff-opengl", reference:"3.8.2-11.2")) flag++; if (deb_check(release:"5.0", prefix:"libtiff-tools", reference:"3.8.2-11.2")) flag++; if (deb_check(release:"5.0", prefix:"libtiff4", reference:"3.8.2-11.2")) flag++; if (deb_check(release:"5.0", prefix:"libtiff4-dev", reference:"3.8.2-11.2")) flag++; if (deb_check(release:"5.0", prefix:"libtiffxx0c2", reference:"3.8.2-11.2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Fedora Local Security Checks NASL id FEDORA_2009-7417.NASL description Fixes latest libtiff LZW decoding crash problem Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 39613 published 2009-07-06 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39613 title Fedora 11 : libtiff-3.8.2-13.fc11 (2009-7417) NASL family Solaris Local Security Checks NASL id SOLARIS10_119900.NASL description GNOME 2.6.0: GNOME libtiff - library for reading and writing TIFF. Date this patch was last updated by Sun : Sep/15/16 This plugin has been deprecated and either replaced with individual 119900 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 22959 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=22959 title Solaris 10 (sparc) : 119900-18 (deprecated) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1159.NASL description Updated libtiff packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Several integer overflow flaws, leading to heap-based buffer overflows, were found in various libtiff color space conversion tools. An attacker could create a specially crafted TIFF file, which once opened by an unsuspecting user, would cause the conversion tool to crash or, potentially, execute arbitrary code with the privileges of the user running the tool. (CVE-2009-2347) A buffer underwrite flaw was found in libtiff last seen 2020-06-01 modified 2020-06-02 plugin id 39850 published 2009-07-17 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/39850 title RHEL 3 / 4 / 5 : libtiff (RHSA-2009:1159) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119901-16.NASL description GNOME 2.6.0_x86: GNOME libtiff - library for reading and writing T. Date this patch was last updated by Sun : Jun/14/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107852 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107852 title Solaris 10 (x86) : 119901-16 NASL family Fedora Local Security Checks NASL id FEDORA_2009-7335.NASL description Fixes latest libtiff LZW decoding crash problem Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 39604 published 2009-07-06 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39604 title Fedora 9 : libtiff-3.8.2-13.fc9 (2009-7335) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2010-001.NASL description The remote host is running a version of Mac OS X 10.6 or 10.5 that does not have Security Update 2010-001 applied. This security update contains fixes for the following products : - CoreAudio - CUPS - Flash Player plug-in - ImageIO - Image RAW - OpenSSL last seen 2020-06-01 modified 2020-06-02 plugin id 44095 published 2010-01-20 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44095 title Mac OS X Multiple Vulnerabilities (Security Update 2010-001) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119901-17.NASL description GNOME 2.6.0_x86: GNOME libtiff - library for reading and writing T. Date this patch was last updated by Sun : Sep/15/16 last seen 2020-06-01 modified 2020-06-02 plugin id 107853 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107853 title Solaris 10 (x86) : 119901-17 NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2009-0027.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix buffer overrun risks caused by unchecked integer overflow (CVE-2009-2347) Resolves: #507725 - Fix some more LZW decoding vulnerabilities (CVE-2009-2285) Resolves: #507725 - Update upstream URL - Use -fno-strict-aliasing per rpmdiff recommendation - Fix LZW decoding vulnerabilities (CVE-2008-2327) Resolves: #458812 - Remove sgi2tiff.1 and tiffsv.1, since they are for programs we don last seen 2020-06-01 modified 2020-06-02 plugin id 79467 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79467 title OracleVM 2.1 : libtiff (OVMSA-2009-0027) NASL family Windows NASL id SAFARI_4_0_5.NASL description The version of Safari installed on the remote Windows host is earlier than 4.0.5. It thus is potentially affected by several issues : - A buffer underflow in ImageIO last seen 2020-06-01 modified 2020-06-02 plugin id 45045 published 2010-03-11 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45045 title Safari < 4.0.5 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_LIBTIFF3-090703.NASL description This update of libtiff fixes a buffer underflow in LZWDecodeCompat. (CVE-2009-2285) last seen 2020-06-01 modified 2020-06-02 plugin id 41431 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41431 title SuSE 11 Security Update : libtiff3 (SAT Patch Number 1069) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-1159.NASL description Updated libtiff packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Several integer overflow flaws, leading to heap-based buffer overflows, were found in various libtiff color space conversion tools. An attacker could create a specially crafted TIFF file, which once opened by an unsuspecting user, would cause the conversion tool to crash or, potentially, execute arbitrary code with the privileges of the user running the tool. (CVE-2009-2347) A buffer underwrite flaw was found in libtiff last seen 2020-06-01 modified 2020-06-02 plugin id 40344 published 2009-07-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40344 title CentOS 3 / 5 : libtiff (CESA-2009:1159) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119901.NASL description GNOME 2.6.0_x86: GNOME libtiff - library for reading and writing T. Date this patch was last updated by Sun : Sep/15/16 This plugin has been deprecated and either replaced with individual 119901 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 22992 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=22992 title Solaris 10 (x86) : 119901-17 (deprecated) NASL family SuSE Local Security Checks NASL id SUSE_11_0_LIBTIFF3-090703.NASL description This update of libtiff fixes a buffer underflow in LZWDecodeCompat (CVE-2009-2285). last seen 2020-06-01 modified 2020-06-02 plugin id 40499 published 2009-08-06 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40499 title openSUSE Security Update : libtiff3 (libtiff3-1071) NASL family Fedora Local Security Checks NASL id FEDORA_2009-7717.NASL description - update upstream URL - Fix some more LZW decoding vulnerabilities (CVE-2009-2285) Bugzilla: #511015 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 39857 published 2009-07-20 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39857 title Fedora 10 : mingw32-libtiff-3.8.2-17.fc10 (2009-7717) NASL family MacOS X Local Security Checks NASL id MACOSX_10_6_2.NASL description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.2. Mac OS X 10.6.2 contains security fixes for the following products : - Adaptive Firewall - Apache - Apache Portable Runtime - Certificate Assistant - CoreMedia - CUPS - Dovecot - fetchmail - file - FTP Server - Help Viewer - ImageIO - IOKit - IPSec - Kernel - Launch Services - libsecurity - libxml - Login Window - OpenLDAP - QuickDraw Manager - QuickTime - Screen Sharing - Subversion last seen 2020-06-01 modified 2020-06-02 plugin id 42434 published 2009-11-09 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42434 title Mac OS X 10.6.x < 10.6.2 Multiple Vulnerabilities NASL family Scientific Linux Local Security Checks NASL id SL_20090728_LIBTIFF_FOR_SL3_0_X.NASL description CVE-2009-2285 libtiff: LZWDecodeCompat underflow CVE-2009-2347 libtiff: integer overflows in various inter-color spaces conversion tools (crash, ACE) Several integer overflow flaws, leading to heap-based buffer overflows, were found in various libtiff color space conversion tools. An attacker could create a specially crafted TIFF file, which once opened by an unsuspecting user, would cause the conversion tool to crash or, potentially, execute arbitrary code with the privileges of the user running the tool. (CVE-2009-2347) A buffer underwrite flaw was found in libtiff last seen 2020-06-01 modified 2020-06-02 plugin id 60623 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60623 title Scientific Linux Security Update : libtiff for SL3.0.x, SL 4.x, SL 5.x on i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_LIBTIFF3-6340.NASL description This update of libtiff fixes a buffer underflow in LZWDecodeCompat (CVE-2009-2285). last seen 2020-06-01 modified 2020-06-02 plugin id 42019 published 2009-10-06 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42019 title openSUSE 10 Security Update : libtiff3 (libtiff3-6340) NASL family Fedora Local Security Checks NASL id FEDORA_2009-7763.NASL description The remote Fedora host is missing one or more security updates : compat-wxGTK26-2.6.4-10.fc10 : Added rediffed fix for CVE-2009-2369 as found in wxGTK 2.8.10 mingw32-libtiff-3.8.2-17.fc11 : - update upstream URL - Fix some more LZW decoding vulnerabilities (CVE-2009-2285) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 39863 published 2009-07-20 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39863 title Fedora 10 : compat-wxGTK26-2.6.4-10.fc10 / Fedora 11 : mingw32-libtiff-3.8.2-17.fc11 (2009-7763) NASL family Solaris Local Security Checks NASL id SOLARIS10_119900-18.NASL description GNOME 2.6.0: GNOME libtiff - library for reading and writing TIFF. Date this patch was last updated by Sun : Sep/15/16 last seen 2020-06-01 modified 2020-06-02 plugin id 107350 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107350 title Solaris 10 (sparc) : 119900-18 NASL family MacOS X Local Security Checks NASL id MACOSX_PICASA_3_9_14_34.NASL description The installed version of Google Picasa is earlier than 3.9 Build 3.9.14.34. As such, it is affected by the following vulnerabilities: - A buffer underflow vulnerability exists in the last seen 2020-06-01 modified 2020-06-02 plugin id 65926 published 2013-04-11 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65926 title Google Picasa < 3.9 Build 3.9.14.34 Multiple Vulnerabilities (Mac OS X) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-169.NASL description Multiple vulnerabilities has been found and corrected in libtiff : Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327 (CVE-2009-2285). Fix several places in tiff2rgba and rgb2ycbcr that were being careless about possible integer overflow in calculation of buffer sizes (CVE-2009-2347). This update provides fixes for these vulnerabilities. Update : Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers last seen 2020-06-01 modified 2020-06-02 plugin id 42991 published 2009-12-04 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42991 title Mandriva Linux Security Advisory : libtiff (MDVSA-2009:169-1) NASL family Windows NASL id ITUNES_9_1.NASL description The version of Apple iTunes installed on the remote Windows host is older than 9.1. Such versions may be affected by multiple vulnerabilities : - A buffer underflow in ImageIO last seen 2020-06-01 modified 2020-06-02 plugin id 45390 published 2010-03-31 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45390 title Apple iTunes < 9.1 Multiple Vulnerabilities (credentialed check) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-1159.NASL description From Red Hat Security Advisory 2009:1159 : Updated libtiff packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Several integer overflow flaws, leading to heap-based buffer overflows, were found in various libtiff color space conversion tools. An attacker could create a specially crafted TIFF file, which once opened by an unsuspecting user, would cause the conversion tool to crash or, potentially, execute arbitrary code with the privileges of the user running the tool. (CVE-2009-2347) A buffer underwrite flaw was found in libtiff last seen 2020-06-01 modified 2020-06-02 plugin id 67892 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67892 title Oracle Linux 3 / 4 / 5 : libtiff (ELSA-2009-1159) NASL family SuSE Local Security Checks NASL id SUSE_LIBTIFF-6337.NASL description This update of libtiff fixes a buffer underflow in LZWDecodeCompat. (CVE-2009-2285) last seen 2020-06-01 modified 2020-06-02 plugin id 41552 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41552 title SuSE 10 Security Update : libtiff (ZYPP Patch Number 6337) NASL family Fedora Local Security Checks NASL id FEDORA_2009-7358.NASL description Fixes latest libtiff LZW decoding crash problem Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 39607 published 2009-07-06 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39607 title Fedora 10 : libtiff-3.8.2-13.fc10 (2009-7358) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119901-15.NASL description GNOME 2.6.0_x86: GNOME libtiff - library for reading and writing T. Date this patch was last updated by Sun : Nov/10/12 last seen 2020-06-01 modified 2020-06-02 plugin id 107851 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107851 title Solaris 10 (x86) : 119901-15 NASL family SuSE Local Security Checks NASL id SUSE_11_1_LIBTIFF3-090703.NASL description This update of libtiff fixes a buffer underflow in LZWDecodeCompat (CVE-2009-2285). last seen 2020-06-01 modified 2020-06-02 plugin id 40500 published 2009-08-06 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40500 title openSUSE Security Update : libtiff3 (libtiff3-1071) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-150.NASL description Multiple vulnerabilities has been found and corrected in libtiff : Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327 (CVE-2009-2285). Fix several places in tiff2rgba and rgb2ycbcr that were being careless about possible integer overflow in calculation of buffer sizes (CVE-2009-2347). This update provides fixes for these vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 39849 published 2009-07-14 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39849 title Mandriva Linux Security Advisory : libtiff (MDVSA-2009:150) NASL family Solaris Local Security Checks NASL id SOLARIS10_119900-16.NASL description GNOME 2.6.0: GNOME libtiff - library for reading and writing TIFF. Date this patch was last updated by Sun : Nov/10/12 last seen 2020-06-01 modified 2020-06-02 plugin id 107348 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107348 title Solaris 10 (sparc) : 119900-16 NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-797-1.NASL description It was discovered that the TIFF library did not correctly handle certain malformed TIFF images. If a user or automated system were tricked into processing a malicious image, a remote attacker could cause an application linked against libtiff to crash, leading to a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 39620 published 2009-07-07 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/39620 title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : tiff vulnerability (USN-797-1) NASL family Solaris Local Security Checks NASL id SOLARIS10_119900-17.NASL description GNOME 2.6.0: GNOME libtiff - library for reading and writing TIFF. Date this patch was last updated by Sun : Jun/14/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107349 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107349 title Solaris 10 (sparc) : 119900-17 NASL family SuSE Local Security Checks NASL id SUSE9_12448.NASL description This update of libtiff fixes a buffer underflow in LZWDecodeCompat. (CVE-2009-2285) last seen 2020-06-01 modified 2020-06-02 plugin id 41311 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41311 title SuSE9 Security Update : libtiff (YOU Patch Number 12448) NASL family Peer-To-Peer File Sharing NASL id ITUNES_9_1_BANNER.NASL description The version of Apple iTunes on the remote host is prior to version 9.1. It is, therefore, affected by multiple vulnerabilities : - A buffer underflow in ImageIO last seen 2020-06-01 modified 2020-06-02 plugin id 45391 published 2010-03-31 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45391 title Apple iTunes < 9.1 Multiple Vulnerabilities (uncredentialed check) NASL family Windows NASL id GOOGLE_PICASA_3_9_136_17.NASL description The version of Google Picasa running on the remote host is earlier than 3.9 Build 136.17. As such, it is affected by the following vulnerabilities: - A buffer underflow vulnerability exists in the last seen 2020-06-01 modified 2020-06-02 plugin id 65925 published 2013-04-11 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65925 title Google Picasa < 3.9 Build 136.17 Multiple Vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200908-03.NASL description The remote host is affected by the vulnerability described in GLSA-200908-03 (libTIFF: User-assisted execution of arbitrary code) Two vulnerabilities have been reported in libTIFF: wololo reported a buffer underflow in the LZWDecodeCompat() function (CVE-2009-2285). Tielei Wang of ICST-ERCIS, Peking University reported two integer overflows leading to heap-based buffer overflows in the tiff2rgba and rgb2ycbcr tools (CVE-2009-2347). Impact : A remote attacker could entice a user to open a specially crafted TIFF file with an application making use of libTIFF or the tiff2rgba and rgb2ycbcr tools, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 40519 published 2009-08-10 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40519 title GLSA-200908-03 : libTIFF: User-assisted execution of arbitrary code
Oval
accepted 2013-04-29T04:02:13.355-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651 comment The operating system installed on the system is Red Hat Enterprise Linux 4 oval oval:org.mitre.oval:def:11831 comment CentOS Linux 4.x oval oval:org.mitre.oval:def:16636 comment Oracle Linux 4.x oval oval:org.mitre.oval:def:15990 comment The operating system installed on the system is Red Hat Enterprise Linux 5 oval oval:org.mitre.oval:def:11414 comment The operating system installed on the system is CentOS Linux 5.x oval oval:org.mitre.oval:def:15802 comment Oracle Linux 5.x oval oval:org.mitre.oval:def:15459
description Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327. family unix id oval:org.mitre.oval:def:10145 status accepted submitted 2010-07-09T03:56:16-04:00 title Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327. version 27 accepted 2015-06-22T04:00:47.854-04:00 class vulnerability contributors name J. Daniel Brown organization DTCC name Scott Quint organization Quintechssential name Shane Shaffer organization G2, Inc. name Pooja Shetty organization SecPod Technologies name Maria Kedovskaya organization ALTX-SOFT name Shane Shaffer organization G2, Inc. name Maria Kedovskaya organization ALTX-SOFT name Bernd Eggenmueller organization baramundi software
definition_extensions comment Apple iTunes is installed oval oval:org.mitre.oval:def:12353 comment Apple Safari is installed oval oval:org.mitre.oval:def:6325
description Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327. family windows id oval:org.mitre.oval:def:7049 status accepted submitted 2010-04-09T10:30:00.000-05:00 title LibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability version 20
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://bugzilla.maptools.org/show_bug.cgi?id=2065
- http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
- http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html
- http://lists.apple.com/archives/security-announce/2010/Feb/msg00000.html
- http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
- http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html
- http://secunia.com/advisories/35695
- http://secunia.com/advisories/35716
- http://secunia.com/advisories/35866
- http://secunia.com/advisories/35883
- http://secunia.com/advisories/35912
- http://secunia.com/advisories/36194
- http://secunia.com/advisories/36831
- http://secunia.com/advisories/38241
- http://secunia.com/advisories/39135
- http://security.gentoo.org/glsa/glsa-200908-03.xml
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-267808-1
- http://support.apple.com/kb/HT3937
- http://support.apple.com/kb/HT4004
- http://support.apple.com/kb/HT4013
- http://support.apple.com/kb/HT4070
- http://support.apple.com/kb/HT4105
- http://www.debian.org/security/2009/dsa-1835
- http://www.lan.st/showthread.php?t=1856&page=3
- http://www.openwall.com/lists/oss-security/2009/06/22/1
- http://www.openwall.com/lists/oss-security/2009/06/23/1
- http://www.openwall.com/lists/oss-security/2009/06/29/5
- http://www.redhat.com/support/errata/RHSA-2009-1159.html
- http://www.vupen.com/english/advisories/2009/1637
- http://www.vupen.com/english/advisories/2009/2727
- http://www.vupen.com/english/advisories/2009/3184
- http://www.vupen.com/english/advisories/2010/0173
- https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/380149
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10145
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7049
- https://usn.ubuntu.com/797-1/
- https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00142.html
- https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00161.html
- https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00230.html
- https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00655.html
- https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00714.html