Vulnerabilities > CVE-2009-2347 - Numeric Errors vulnerability in Libtiff

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

libtiff

CWE-189

nessus

NVD

Published: 2009-07-14

Updated: 2024-11-21

Summary

Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.

Vulnerable Configurations

Part	Description	Count
Application	Libtiff Libtiff Libtiff 3.8.0 Libtiff Libtiff 3.8.1 Libtiff Libtiff 3.8.2 Libtiff Libtiff 4.0 Libtiff Libtiff 3.9	5

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

Nessus

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1835.NASL
description	Several vulnerabilities have been discovered in the library for the Tag Image File Format (TIFF). The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2285 It was discovered that malformed TIFF images can lead to a crash in the decompression code, resulting in denial of service. - CVE-2009-2347 Andrea Barisani discovered several integer overflows, which can lead to the execution of arbitrary code if malformed images are passed to the rgb2ycbcr or tiff2rgba tools.
last seen	2020-06-01
modified	2020-06-02
plugin id	44700
published	2010-02-24
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/44700
title	Debian DSA-1835-1 : tiff - several vulnerabilities
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1835. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(44700); script_version("1.11"); script_cvs_date("Date: 2019/08/02 13:32:22"); script_cve_id("CVE-2009-2285", "CVE-2009-2347"); script_bugtraq_id(35451, 35652); script_xref(name:"DSA", value:"1835"); script_name(english:"Debian DSA-1835-1 : tiff - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in the library for the Tag Image File Format (TIFF). The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2285 It was discovered that malformed TIFF images can lead to a crash in the decompression code, resulting in denial of service. - CVE-2009-2347 Andrea Barisani discovered several integer overflows, which can lead to the execution of arbitrary code if malformed images are passed to the rgb2ycbcr or tiff2rgba tools." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534137" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-2285" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-2347" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2009/dsa-1835" ); script_set_attribute( attribute:"solution", value: "Upgrade the tiff packages. For the old stable distribution (etch), these problems have been fixed in version 3.8.2-7+etch3. For the stable distribution (lenny), these problems have been fixed in version 3.8.2-11.2." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:tiff"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0"); script_set_attribute(attribute:"patch_publication_date", value:"2009/07/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"4.0", prefix:"libtiff-opengl", reference:"3.8.2-7+etch3")) flag++; if (deb_check(release:"4.0", prefix:"libtiff-tools", reference:"3.8.2-7+etch3")) flag++; if (deb_check(release:"4.0", prefix:"libtiff4", reference:"3.8.2-7+etch3")) flag++; if (deb_check(release:"4.0", prefix:"libtiff4-dev", reference:"3.8.2-7+etch3")) flag++; if (deb_check(release:"4.0", prefix:"libtiffxx0c2", reference:"3.8.2-7+etch3")) flag++; if (deb_check(release:"5.0", prefix:"libtiff-doc", reference:"3.8.2-11.2")) flag++; if (deb_check(release:"5.0", prefix:"libtiff-opengl", reference:"3.8.2-11.2")) flag++; if (deb_check(release:"5.0", prefix:"libtiff-tools", reference:"3.8.2-11.2")) flag++; if (deb_check(release:"5.0", prefix:"libtiff4", reference:"3.8.2-11.2")) flag++; if (deb_check(release:"5.0", prefix:"libtiff4-dev", reference:"3.8.2-11.2")) flag++; if (deb_check(release:"5.0", prefix:"libtiffxx0c2", reference:"3.8.2-11.2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_119900.NASL
description	GNOME 2.6.0: GNOME libtiff - library for reading and writing TIFF. Date this patch was last updated by Sun : Sep/15/16 This plugin has been deprecated and either replaced with individual 119900 patch-revision plugins, or deemed non-security related.
last seen	2019-02-21
modified	2018-07-30
plugin id	22959
published	2006-11-06
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=22959
title	Solaris 10 (sparc) : 119900-18 (deprecated)
code	# # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2018/03/12. Deprecated and either replaced by # individual patch-revision plugins, or has been deemed a # non-security advisory. # include("compat.inc"); if (description) { script_id(22959); script_version("1.33"); script_cvs_date("Date: 2018/07/30 15:31:32"); script_cve_id("CVE-2009-2285", "CVE-2009-2347", "CVE-2012-5581"); script_bugtraq_id(56715); script_name(english:"Solaris 10 (sparc) : 119900-18 (deprecated)"); script_summary(english:"Check for patch 119900-18"); script_set_attribute( attribute:"synopsis", value:"This plugin has been deprecated." ); script_set_attribute( attribute:"description", value: "GNOME 2.6.0: GNOME libtiff - library for reading and writing TIFF. Date this patch was last updated by Sun : Sep/15/16 This plugin has been deprecated and either replaced with individual 119900 patch-revision plugins, or deemed non-security related." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/119900-18" ); script_set_attribute( attribute:"solution", value:"n/a" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2016/09/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/11/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 119900 instead.");

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2009-1159.NASL
description	Updated libtiff packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Several integer overflow flaws, leading to heap-based buffer overflows, were found in various libtiff color space conversion tools. An attacker could create a specially crafted TIFF file, which once opened by an unsuspecting user, would cause the conversion tool to crash or, potentially, execute arbitrary code with the privileges of the user running the tool. (CVE-2009-2347) A buffer underwrite flaw was found in libtiff
last seen	2020-06-01
modified	2020-06-02
plugin id	39850
published	2009-07-17
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/39850
title	RHEL 3 / 4 / 5 : libtiff (RHSA-2009:1159)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2009:1159. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(39850); script_version ("1.29"); script_cvs_date("Date: 2019/10/25 13:36:14"); script_cve_id("CVE-2009-2285", "CVE-2009-2347"); script_bugtraq_id(35451, 35652); script_xref(name:"RHSA", value:"2009:1159"); script_name(english:"RHEL 3 / 4 / 5 : libtiff (RHSA-2009:1159)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated libtiff packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Several integer overflow flaws, leading to heap-based buffer overflows, were found in various libtiff color space conversion tools. An attacker could create a specially crafted TIFF file, which once opened by an unsuspecting user, would cause the conversion tool to crash or, potentially, execute arbitrary code with the privileges of the user running the tool. (CVE-2009-2347) A buffer underwrite flaw was found in libtiff's Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a specially crafted LZW-encoded TIFF file, which once opened by an unsuspecting user, would cause an application linked with libtiff to access an out-of-bounds memory location, leading to a denial of service (application crash). (CVE-2009-2285) The CVE-2009-2347 flaws were discovered by Tielei Wang from ICST-ERCIS, Peking University. All libtiff users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, all applications linked with the libtiff library (such as Konqueror) must be restarted for the update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2009-2285" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2009-2347" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2009:1159" ); script_set_attribute( attribute:"solution", value:"Update the affected libtiff and / or libtiff-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libtiff"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libtiff-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.8"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.3"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/07/01"); script_set_attribute(attribute:"patch_publication_date", value:"2009/07/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/17"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(3\|4\|5)([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x / 4.x / 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2009:1159"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL3", reference:"libtiff-3.5.7-33.el3")) flag++; if (rpm_check(release:"RHEL3", reference:"libtiff-devel-3.5.7-33.el3")) flag++; if (rpm_check(release:"RHEL4", reference:"libtiff-3.6.1-12.el4_8.4")) flag++; if (rpm_check(release:"RHEL4", reference:"libtiff-devel-3.6.1-12.el4_8.4")) flag++; if (rpm_check(release:"RHEL5", reference:"libtiff-3.8.2-7.el5_3.4")) flag++; if (rpm_check(release:"RHEL5", reference:"libtiff-devel-3.8.2-7.el5_3.4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtiff / libtiff-devel"); } }

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_X86_119901-16.NASL
description	GNOME 2.6.0_x86: GNOME libtiff - library for reading and writing T. Date this patch was last updated by Sun : Jun/14/14
last seen	2020-06-01
modified	2020-06-02
plugin id	107852
published	2018-03-12
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107852
title	Solaris 10 (x86) : 119901-16

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_X86_119901-17.NASL
description	GNOME 2.6.0_x86: GNOME libtiff - library for reading and writing T. Date this patch was last updated by Sun : Sep/15/16
last seen	2020-06-01
modified	2020-06-02
plugin id	107853
published	2018-03-12
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107853
title	Solaris 10 (x86) : 119901-17

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_LIBTIFF-DEVEL-090807.NASL
description	This update of the tiff package fixes various integer overflows in the tools. (CVE-2009-2347)
last seen	2020-06-01
modified	2020-06-02
plugin id	41430
published	2009-09-24
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/41430
title	SuSE 11 Security Update : libtiff (SAT Patch Number 1172)

NASL family	OracleVM Local Security Checks
NASL id	ORACLEVM_OVMSA-2009-0027.NASL
description	The remote OracleVM system is missing necessary patches to address critical security updates : - Fix buffer overrun risks caused by unchecked integer overflow (CVE-2009-2347) Resolves: #507725 - Fix some more LZW decoding vulnerabilities (CVE-2009-2285) Resolves: #507725 - Update upstream URL - Use -fno-strict-aliasing per rpmdiff recommendation - Fix LZW decoding vulnerabilities (CVE-2008-2327) Resolves: #458812 - Remove sgi2tiff.1 and tiffsv.1, since they are for programs we don
last seen	2020-06-01
modified	2020-06-02
plugin id	79467
published	2014-11-26
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/79467
title	OracleVM 2.1 : libtiff (OVMSA-2009-0027)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2009-1159.NASL
description	Updated libtiff packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Several integer overflow flaws, leading to heap-based buffer overflows, were found in various libtiff color space conversion tools. An attacker could create a specially crafted TIFF file, which once opened by an unsuspecting user, would cause the conversion tool to crash or, potentially, execute arbitrary code with the privileges of the user running the tool. (CVE-2009-2347) A buffer underwrite flaw was found in libtiff
last seen	2020-06-01
modified	2020-06-02
plugin id	40344
published	2009-07-23
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/40344
title	CentOS 3 / 5 : libtiff (CESA-2009:1159)

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_X86_119901.NASL
description	GNOME 2.6.0_x86: GNOME libtiff - library for reading and writing T. Date this patch was last updated by Sun : Sep/15/16 This plugin has been deprecated and either replaced with individual 119901 patch-revision plugins, or deemed non-security related.
last seen	2019-02-21
modified	2018-07-30
plugin id	22992
published	2006-11-06
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=22992
title	Solaris 10 (x86) : 119901-17 (deprecated)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-801-1.NASL
description	Tielei Wang and Tom Lane discovered that the TIFF library did not correctly handle certain malformed TIFF images. If a user or automated system were tricked into processing a malicious image, an attacker could execute arbitrary code with the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	39788
published	2009-07-14
reporter	Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/39788
title	Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : tiff vulnerability (USN-801-1)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20090728_LIBTIFF_FOR_SL3_0_X.NASL
description	CVE-2009-2285 libtiff: LZWDecodeCompat underflow CVE-2009-2347 libtiff: integer overflows in various inter-color spaces conversion tools (crash, ACE) Several integer overflow flaws, leading to heap-based buffer overflows, were found in various libtiff color space conversion tools. An attacker could create a specially crafted TIFF file, which once opened by an unsuspecting user, would cause the conversion tool to crash or, potentially, execute arbitrary code with the privileges of the user running the tool. (CVE-2009-2347) A buffer underwrite flaw was found in libtiff
last seen	2020-06-01
modified	2020-06-02
plugin id	60623
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60623
title	Scientific Linux Security Update : libtiff for SL3.0.x, SL 4.x, SL 5.x on i386/x86_64

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_8816BF3A792911DFBCCE0018F3E2EB82.NASL
description	Tielei Wang : Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.
last seen	2020-06-01
modified	2020-06-02
plugin id	47033
published	2010-06-17
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/47033
title	FreeBSD : tiff -- Multiple integer overflows (8816bf3a-7929-11df-bcce-0018f3e2eb82)

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_119900-18.NASL
description	GNOME 2.6.0: GNOME libtiff - library for reading and writing TIFF. Date this patch was last updated by Sun : Sep/15/16
last seen	2020-06-01
modified	2020-06-02
plugin id	107350
published	2018-03-12
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107350
title	Solaris 10 (sparc) : 119900-18

NASL family	SuSE Local Security Checks
NASL id	SUSE_LIBTIFF-DEVEL-6406.NASL
description	This update of the tiff package fixes various integer overflows in the tools. (CVE-2009-2347)
last seen	2020-06-01
modified	2020-06-02
plugin id	42018
published	2009-10-06
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/42018
title	openSUSE 10 Security Update : libtiff-devel (libtiff-devel-6406)

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2009-169.NASL
description	Multiple vulnerabilities has been found and corrected in libtiff : Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327 (CVE-2009-2285). Fix several places in tiff2rgba and rgb2ycbcr that were being careless about possible integer overflow in calculation of buffer sizes (CVE-2009-2347). This update provides fixes for these vulnerabilities. Update : Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
last seen	2020-06-01
modified	2020-06-02
plugin id	42991
published	2009-12-04
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/42991
title	Mandriva Linux Security Advisory : libtiff (MDVSA-2009:169-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_1_LIBTIFF-DEVEL-090807.NASL
description	This update of the tiff package fixes various integer overflows in the tools. (CVE-2009-2347)
last seen	2020-06-01
modified	2020-06-02
plugin id	40653
published	2009-08-20
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/40653
title	openSUSE Security Update : libtiff-devel (libtiff-devel-1176)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2009-1159.NASL
description	From Red Hat Security Advisory 2009:1159 : Updated libtiff packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Several integer overflow flaws, leading to heap-based buffer overflows, were found in various libtiff color space conversion tools. An attacker could create a specially crafted TIFF file, which once opened by an unsuspecting user, would cause the conversion tool to crash or, potentially, execute arbitrary code with the privileges of the user running the tool. (CVE-2009-2347) A buffer underwrite flaw was found in libtiff
last seen	2020-06-01
modified	2020-06-02
plugin id	67892
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67892
title	Oracle Linux 3 / 4 / 5 : libtiff (ELSA-2009-1159)

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_X86_119901-15.NASL
description	GNOME 2.6.0_x86: GNOME libtiff - library for reading and writing T. Date this patch was last updated by Sun : Nov/10/12
last seen	2020-06-01
modified	2020-06-02
plugin id	107851
published	2018-03-12
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107851
title	Solaris 10 (x86) : 119901-15

NASL family	SuSE Local Security Checks
NASL id	SUSE9_12470.NASL
description	This update of the tiff package fixes various integer overflows in the tools. (CVE-2009-2347)
last seen	2020-06-01
modified	2020-06-02
plugin id	41320
published	2009-09-24
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/41320
title	SuSE9 Security Update : libtiff (YOU Patch Number 12470)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2009-7775.NASL
description	CVE-2009-2347 libtiff: integer overflows in various inter-color spaces conversion tools (crash, ACE) Not the same as last week
last seen	2020-06-01
modified	2020-06-02
plugin id	39864
published	2009-07-20
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/39864
title	Fedora 11 : libtiff-3.8.2-14.fc11 (2009-7775)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_0_LIBTIFF-DEVEL-090807.NASL
description	This update of the tiff package fixes various integer overflows in the tools. (CVE-2009-2347)
last seen	2020-06-01
modified	2020-06-02
plugin id	40646
published	2009-08-20
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/40646
title	openSUSE Security Update : libtiff-devel (libtiff-devel-1176)

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2009-150.NASL
description	Multiple vulnerabilities has been found and corrected in libtiff : Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327 (CVE-2009-2285). Fix several places in tiff2rgba and rgb2ycbcr that were being careless about possible integer overflow in calculation of buffer sizes (CVE-2009-2347). This update provides fixes for these vulnerabilities.
last seen	2020-06-01
modified	2020-06-02
plugin id	39849
published	2009-07-14
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/39849
title	Mandriva Linux Security Advisory : libtiff (MDVSA-2009:150)

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_119900-16.NASL
description	GNOME 2.6.0: GNOME libtiff - library for reading and writing TIFF. Date this patch was last updated by Sun : Nov/10/12
last seen	2020-06-01
modified	2020-06-02
plugin id	107348
published	2018-03-12
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107348
title	Solaris 10 (sparc) : 119900-16

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_119900-17.NASL
description	GNOME 2.6.0: GNOME libtiff - library for reading and writing TIFF. Date this patch was last updated by Sun : Jun/14/14
last seen	2020-06-01
modified	2020-06-02
plugin id	107349
published	2018-03-12
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107349
title	Solaris 10 (sparc) : 119900-17

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201209-02.NASL
description	The remote host is affected by the vulnerability described in GLSA-201209-02 (libTIFF: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libTIFF. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted TIFF file with an application making use of libTIFF, possibly resulting in execution of arbitrary code with the privileges of the user running the application or a Denial of Service condition. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	62235
published	2012-09-24
reporter	This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/62235
title	GLSA-201209-02 : libTIFF: Multiple vulnerabilities

NASL family	SuSE Local Security Checks
NASL id	SUSE_LIBTIFF-6407.NASL
description	This update of the tiff package fixes various integer overflows in the tools. (CVE-2009-2347)
last seen	2020-06-01
modified	2020-06-02
plugin id	41553
published	2009-09-24
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/41553
title	SuSE 10 Security Update : libtiff (ZYPP Patch Number 6407)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200908-03.NASL
description	The remote host is affected by the vulnerability described in GLSA-200908-03 (libTIFF: User-assisted execution of arbitrary code) Two vulnerabilities have been reported in libTIFF: wololo reported a buffer underflow in the LZWDecodeCompat() function (CVE-2009-2285). Tielei Wang of ICST-ERCIS, Peking University reported two integer overflows leading to heap-based buffer overflows in the tiff2rgba and rgb2ycbcr tools (CVE-2009-2347). Impact : A remote attacker could entice a user to open a specially crafted TIFF file with an application making use of libTIFF or the tiff2rgba and rgb2ycbcr tools, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	40519
published	2009-08-10
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/40519
title	GLSA-200908-03 : libTIFF: User-assisted execution of arbitrary code

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2009-7724.NASL
description	CVE-2009-2347 libtiff: integer overflows in various inter-color spaces conversion tools (crash, ACE) Not the same as last week
last seen	2020-06-01
modified	2020-06-02
plugin id	39858
published	2009-07-20
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/39858
title	Fedora 10 : libtiff-3.8.2-14.fc10 (2009-7724)

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2011-043.NASL
description	A buffer overflow was discovered in libtiff which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with CCITT Group 4 encoding (CVE-2011-0192). Additionally it was discovered that the fixes for CVE-2009-2347 and CVE-2010-2065 were incomplete for Mandriva Linux 2010.0 and 2010.2 and being resolved as well. Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149 products_id=490 The updated packages have been patched to correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	52592
published	2011-03-09
reporter	This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/52592
title	Mandriva Linux Security Advisory : libtiff (MDVSA-2011:043)

Oval

accepted

2013-04-29T04:10:29.553-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990
comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

family

unix

oval:org.mitre.oval:def:10988

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

Redhat

advisories

bugzilla

id	510041
title	CVE-2009-2347 libtiff: integer overflows in various inter-color spaces conversion tools (crash, ACE)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 4 is installed
oval oval:com.redhat.rhba:tst:20070304025

AND
comment libtiff is earlier than 0:3.6.1-12.el4_8.4
oval oval:com.redhat.rhsa:tst:20091159001
comment libtiff is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060425002
AND
comment libtiff-devel is earlier than 0:3.6.1-12.el4_8.4
oval oval:com.redhat.rhsa:tst:20091159003
comment libtiff-devel is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060425004

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

AND
comment libtiff-devel is earlier than 0:3.8.2-7.el5_3.4
oval oval:com.redhat.rhsa:tst:20091159006
comment libtiff-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20080847004
AND
comment libtiff is earlier than 0:3.8.2-7.el5_3.4
oval oval:com.redhat.rhsa:tst:20091159008
comment libtiff is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20080847002

rhsa

id	RHSA-2009:1159
released	2009-07-16
severity	Moderate
title	RHSA-2009:1159: libtiff security update (Moderate)

rpms

libtiff-0:3.5.7-33.el3
libtiff-0:3.6.1-12.el4_8.4
libtiff-0:3.8.2-7.el5_3.4
libtiff-debuginfo-0:3.5.7-33.el3
libtiff-debuginfo-0:3.6.1-12.el4_8.4
libtiff-debuginfo-0:3.8.2-7.el5_3.4
libtiff-devel-0:3.5.7-33.el3
libtiff-devel-0:3.6.1-12.el4_8.4
libtiff-devel-0:3.8.2-7.el5_3.4

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 35652 CVE(CAN) ID: CVE-2009-2347 LibTiff是负责对TIFF图象格式进行编码/解码的应用库。 libtiff软件把中捆绑了一些用于操控TIFF图形的工具集，其中tiff2rgba工具所使用的cvt_whole_image函数和 rgb2ycbcr工具所使用的tiffcvt函数没有正确地验证图形的宽度和高度，在使用宽度和高度值计算raster缓冲区大小时可能出现最终可导致堆溢出的整数溢出漏洞。如果用户受骗打开了畸形的TIFF图形就可以触发这个溢出，导致转换工具崩溃或执行任意代码。 LibTIFF LibTIFF 4.0 LibTIFF LibTIFF 3.9 LibTIFF LibTIFF 3.8.2 厂商补丁： LibTIFF ------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://article.gmane.org/gmane.linux.debian.devel.changes.unstable/178563/
id	SSV:11812
last seen	2017-11-19
modified	2009-07-14
published	2009-07-14
reporter	Root
title	LibTIFF库tiff2rgba和rgb2ycbcr转换工具整数溢出漏洞

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Oval

Redhat

Seebug

References