Vulnerabilities > CVE-2009-2347 - Numeric Errors vulnerability in Libtiff
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1835.NASL description Several vulnerabilities have been discovered in the library for the Tag Image File Format (TIFF). The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2285 It was discovered that malformed TIFF images can lead to a crash in the decompression code, resulting in denial of service. - CVE-2009-2347 Andrea Barisani discovered several integer overflows, which can lead to the execution of arbitrary code if malformed images are passed to the rgb2ycbcr or tiff2rgba tools. last seen 2020-06-01 modified 2020-06-02 plugin id 44700 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44700 title Debian DSA-1835-1 : tiff - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1835. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(44700); script_version("1.11"); script_cvs_date("Date: 2019/08/02 13:32:22"); script_cve_id("CVE-2009-2285", "CVE-2009-2347"); script_bugtraq_id(35451, 35652); script_xref(name:"DSA", value:"1835"); script_name(english:"Debian DSA-1835-1 : tiff - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in the library for the Tag Image File Format (TIFF). The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2285 It was discovered that malformed TIFF images can lead to a crash in the decompression code, resulting in denial of service. - CVE-2009-2347 Andrea Barisani discovered several integer overflows, which can lead to the execution of arbitrary code if malformed images are passed to the rgb2ycbcr or tiff2rgba tools." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534137" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-2285" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-2347" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2009/dsa-1835" ); script_set_attribute( attribute:"solution", value: "Upgrade the tiff packages. For the old stable distribution (etch), these problems have been fixed in version 3.8.2-7+etch3. For the stable distribution (lenny), these problems have been fixed in version 3.8.2-11.2." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:tiff"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0"); script_set_attribute(attribute:"patch_publication_date", value:"2009/07/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"4.0", prefix:"libtiff-opengl", reference:"3.8.2-7+etch3")) flag++; if (deb_check(release:"4.0", prefix:"libtiff-tools", reference:"3.8.2-7+etch3")) flag++; if (deb_check(release:"4.0", prefix:"libtiff4", reference:"3.8.2-7+etch3")) flag++; if (deb_check(release:"4.0", prefix:"libtiff4-dev", reference:"3.8.2-7+etch3")) flag++; if (deb_check(release:"4.0", prefix:"libtiffxx0c2", reference:"3.8.2-7+etch3")) flag++; if (deb_check(release:"5.0", prefix:"libtiff-doc", reference:"3.8.2-11.2")) flag++; if (deb_check(release:"5.0", prefix:"libtiff-opengl", reference:"3.8.2-11.2")) flag++; if (deb_check(release:"5.0", prefix:"libtiff-tools", reference:"3.8.2-11.2")) flag++; if (deb_check(release:"5.0", prefix:"libtiff4", reference:"3.8.2-11.2")) flag++; if (deb_check(release:"5.0", prefix:"libtiff4-dev", reference:"3.8.2-11.2")) flag++; if (deb_check(release:"5.0", prefix:"libtiffxx0c2", reference:"3.8.2-11.2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Solaris Local Security Checks NASL id SOLARIS10_119900.NASL description GNOME 2.6.0: GNOME libtiff - library for reading and writing TIFF. Date this patch was last updated by Sun : Sep/15/16 This plugin has been deprecated and either replaced with individual 119900 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 22959 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=22959 title Solaris 10 (sparc) : 119900-18 (deprecated) code # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2018/03/12. Deprecated and either replaced by # individual patch-revision plugins, or has been deemed a # non-security advisory. # include("compat.inc"); if (description) { script_id(22959); script_version("1.33"); script_cvs_date("Date: 2018/07/30 15:31:32"); script_cve_id("CVE-2009-2285", "CVE-2009-2347", "CVE-2012-5581"); script_bugtraq_id(56715); script_name(english:"Solaris 10 (sparc) : 119900-18 (deprecated)"); script_summary(english:"Check for patch 119900-18"); script_set_attribute( attribute:"synopsis", value:"This plugin has been deprecated." ); script_set_attribute( attribute:"description", value: "GNOME 2.6.0: GNOME libtiff - library for reading and writing TIFF. Date this patch was last updated by Sun : Sep/15/16 This plugin has been deprecated and either replaced with individual 119900 patch-revision plugins, or deemed non-security related." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/119900-18" ); script_set_attribute( attribute:"solution", value:"n/a" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2016/09/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/11/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 119900 instead.");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1159.NASL description Updated libtiff packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Several integer overflow flaws, leading to heap-based buffer overflows, were found in various libtiff color space conversion tools. An attacker could create a specially crafted TIFF file, which once opened by an unsuspecting user, would cause the conversion tool to crash or, potentially, execute arbitrary code with the privileges of the user running the tool. (CVE-2009-2347) A buffer underwrite flaw was found in libtiff last seen 2020-06-01 modified 2020-06-02 plugin id 39850 published 2009-07-17 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/39850 title RHEL 3 / 4 / 5 : libtiff (RHSA-2009:1159) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2009:1159. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(39850); script_version ("1.29"); script_cvs_date("Date: 2019/10/25 13:36:14"); script_cve_id("CVE-2009-2285", "CVE-2009-2347"); script_bugtraq_id(35451, 35652); script_xref(name:"RHSA", value:"2009:1159"); script_name(english:"RHEL 3 / 4 / 5 : libtiff (RHSA-2009:1159)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated libtiff packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Several integer overflow flaws, leading to heap-based buffer overflows, were found in various libtiff color space conversion tools. An attacker could create a specially crafted TIFF file, which once opened by an unsuspecting user, would cause the conversion tool to crash or, potentially, execute arbitrary code with the privileges of the user running the tool. (CVE-2009-2347) A buffer underwrite flaw was found in libtiff's Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a specially crafted LZW-encoded TIFF file, which once opened by an unsuspecting user, would cause an application linked with libtiff to access an out-of-bounds memory location, leading to a denial of service (application crash). (CVE-2009-2285) The CVE-2009-2347 flaws were discovered by Tielei Wang from ICST-ERCIS, Peking University. All libtiff users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, all applications linked with the libtiff library (such as Konqueror) must be restarted for the update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2009-2285" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2009-2347" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2009:1159" ); script_set_attribute( attribute:"solution", value:"Update the affected libtiff and / or libtiff-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libtiff"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libtiff-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.8"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.3"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/07/01"); script_set_attribute(attribute:"patch_publication_date", value:"2009/07/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/17"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x / 4.x / 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2009:1159"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL3", reference:"libtiff-3.5.7-33.el3")) flag++; if (rpm_check(release:"RHEL3", reference:"libtiff-devel-3.5.7-33.el3")) flag++; if (rpm_check(release:"RHEL4", reference:"libtiff-3.6.1-12.el4_8.4")) flag++; if (rpm_check(release:"RHEL4", reference:"libtiff-devel-3.6.1-12.el4_8.4")) flag++; if (rpm_check(release:"RHEL5", reference:"libtiff-3.8.2-7.el5_3.4")) flag++; if (rpm_check(release:"RHEL5", reference:"libtiff-devel-3.8.2-7.el5_3.4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtiff / libtiff-devel"); } }NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119901-16.NASL description GNOME 2.6.0_x86: GNOME libtiff - library for reading and writing T. Date this patch was last updated by Sun : Jun/14/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107852 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107852 title Solaris 10 (x86) : 119901-16 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119901-17.NASL description GNOME 2.6.0_x86: GNOME libtiff - library for reading and writing T. Date this patch was last updated by Sun : Sep/15/16 last seen 2020-06-01 modified 2020-06-02 plugin id 107853 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107853 title Solaris 10 (x86) : 119901-17 NASL family SuSE Local Security Checks NASL id SUSE_11_LIBTIFF-DEVEL-090807.NASL description This update of the tiff package fixes various integer overflows in the tools. (CVE-2009-2347) last seen 2020-06-01 modified 2020-06-02 plugin id 41430 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41430 title SuSE 11 Security Update : libtiff (SAT Patch Number 1172) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2009-0027.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix buffer overrun risks caused by unchecked integer overflow (CVE-2009-2347) Resolves: #507725 - Fix some more LZW decoding vulnerabilities (CVE-2009-2285) Resolves: #507725 - Update upstream URL - Use -fno-strict-aliasing per rpmdiff recommendation - Fix LZW decoding vulnerabilities (CVE-2008-2327) Resolves: #458812 - Remove sgi2tiff.1 and tiffsv.1, since they are for programs we don last seen 2020-06-01 modified 2020-06-02 plugin id 79467 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79467 title OracleVM 2.1 : libtiff (OVMSA-2009-0027) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-1159.NASL description Updated libtiff packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Several integer overflow flaws, leading to heap-based buffer overflows, were found in various libtiff color space conversion tools. An attacker could create a specially crafted TIFF file, which once opened by an unsuspecting user, would cause the conversion tool to crash or, potentially, execute arbitrary code with the privileges of the user running the tool. (CVE-2009-2347) A buffer underwrite flaw was found in libtiff last seen 2020-06-01 modified 2020-06-02 plugin id 40344 published 2009-07-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40344 title CentOS 3 / 5 : libtiff (CESA-2009:1159) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119901.NASL description GNOME 2.6.0_x86: GNOME libtiff - library for reading and writing T. Date this patch was last updated by Sun : Sep/15/16 This plugin has been deprecated and either replaced with individual 119901 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 22992 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=22992 title Solaris 10 (x86) : 119901-17 (deprecated) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-801-1.NASL description Tielei Wang and Tom Lane discovered that the TIFF library did not correctly handle certain malformed TIFF images. If a user or automated system were tricked into processing a malicious image, an attacker could execute arbitrary code with the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 39788 published 2009-07-14 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/39788 title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : tiff vulnerability (USN-801-1) NASL family Scientific Linux Local Security Checks NASL id SL_20090728_LIBTIFF_FOR_SL3_0_X.NASL description CVE-2009-2285 libtiff: LZWDecodeCompat underflow CVE-2009-2347 libtiff: integer overflows in various inter-color spaces conversion tools (crash, ACE) Several integer overflow flaws, leading to heap-based buffer overflows, were found in various libtiff color space conversion tools. An attacker could create a specially crafted TIFF file, which once opened by an unsuspecting user, would cause the conversion tool to crash or, potentially, execute arbitrary code with the privileges of the user running the tool. (CVE-2009-2347) A buffer underwrite flaw was found in libtiff last seen 2020-06-01 modified 2020-06-02 plugin id 60623 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60623 title Scientific Linux Security Update : libtiff for SL3.0.x, SL 4.x, SL 5.x on i386/x86_64 NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_8816BF3A792911DFBCCE0018F3E2EB82.NASL description Tielei Wang : Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr. last seen 2020-06-01 modified 2020-06-02 plugin id 47033 published 2010-06-17 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47033 title FreeBSD : tiff -- Multiple integer overflows (8816bf3a-7929-11df-bcce-0018f3e2eb82) NASL family Solaris Local Security Checks NASL id SOLARIS10_119900-18.NASL description GNOME 2.6.0: GNOME libtiff - library for reading and writing TIFF. Date this patch was last updated by Sun : Sep/15/16 last seen 2020-06-01 modified 2020-06-02 plugin id 107350 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107350 title Solaris 10 (sparc) : 119900-18 NASL family SuSE Local Security Checks NASL id SUSE_LIBTIFF-DEVEL-6406.NASL description This update of the tiff package fixes various integer overflows in the tools. (CVE-2009-2347) last seen 2020-06-01 modified 2020-06-02 plugin id 42018 published 2009-10-06 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42018 title openSUSE 10 Security Update : libtiff-devel (libtiff-devel-6406) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-169.NASL description Multiple vulnerabilities has been found and corrected in libtiff : Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327 (CVE-2009-2285). Fix several places in tiff2rgba and rgb2ycbcr that were being careless about possible integer overflow in calculation of buffer sizes (CVE-2009-2347). This update provides fixes for these vulnerabilities. Update : Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers last seen 2020-06-01 modified 2020-06-02 plugin id 42991 published 2009-12-04 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42991 title Mandriva Linux Security Advisory : libtiff (MDVSA-2009:169-1) NASL family SuSE Local Security Checks NASL id SUSE_11_1_LIBTIFF-DEVEL-090807.NASL description This update of the tiff package fixes various integer overflows in the tools. (CVE-2009-2347) last seen 2020-06-01 modified 2020-06-02 plugin id 40653 published 2009-08-20 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40653 title openSUSE Security Update : libtiff-devel (libtiff-devel-1176) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-1159.NASL description From Red Hat Security Advisory 2009:1159 : Updated libtiff packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Several integer overflow flaws, leading to heap-based buffer overflows, were found in various libtiff color space conversion tools. An attacker could create a specially crafted TIFF file, which once opened by an unsuspecting user, would cause the conversion tool to crash or, potentially, execute arbitrary code with the privileges of the user running the tool. (CVE-2009-2347) A buffer underwrite flaw was found in libtiff last seen 2020-06-01 modified 2020-06-02 plugin id 67892 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67892 title Oracle Linux 3 / 4 / 5 : libtiff (ELSA-2009-1159) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119901-15.NASL description GNOME 2.6.0_x86: GNOME libtiff - library for reading and writing T. Date this patch was last updated by Sun : Nov/10/12 last seen 2020-06-01 modified 2020-06-02 plugin id 107851 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107851 title Solaris 10 (x86) : 119901-15 NASL family SuSE Local Security Checks NASL id SUSE9_12470.NASL description This update of the tiff package fixes various integer overflows in the tools. (CVE-2009-2347) last seen 2020-06-01 modified 2020-06-02 plugin id 41320 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41320 title SuSE9 Security Update : libtiff (YOU Patch Number 12470) NASL family Fedora Local Security Checks NASL id FEDORA_2009-7775.NASL description CVE-2009-2347 libtiff: integer overflows in various inter-color spaces conversion tools (crash, ACE) Not the same as last week last seen 2020-06-01 modified 2020-06-02 plugin id 39864 published 2009-07-20 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39864 title Fedora 11 : libtiff-3.8.2-14.fc11 (2009-7775) NASL family SuSE Local Security Checks NASL id SUSE_11_0_LIBTIFF-DEVEL-090807.NASL description This update of the tiff package fixes various integer overflows in the tools. (CVE-2009-2347) last seen 2020-06-01 modified 2020-06-02 plugin id 40646 published 2009-08-20 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40646 title openSUSE Security Update : libtiff-devel (libtiff-devel-1176) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-150.NASL description Multiple vulnerabilities has been found and corrected in libtiff : Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327 (CVE-2009-2285). Fix several places in tiff2rgba and rgb2ycbcr that were being careless about possible integer overflow in calculation of buffer sizes (CVE-2009-2347). This update provides fixes for these vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 39849 published 2009-07-14 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39849 title Mandriva Linux Security Advisory : libtiff (MDVSA-2009:150) NASL family Solaris Local Security Checks NASL id SOLARIS10_119900-16.NASL description GNOME 2.6.0: GNOME libtiff - library for reading and writing TIFF. Date this patch was last updated by Sun : Nov/10/12 last seen 2020-06-01 modified 2020-06-02 plugin id 107348 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107348 title Solaris 10 (sparc) : 119900-16 NASL family Solaris Local Security Checks NASL id SOLARIS10_119900-17.NASL description GNOME 2.6.0: GNOME libtiff - library for reading and writing TIFF. Date this patch was last updated by Sun : Jun/14/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107349 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107349 title Solaris 10 (sparc) : 119900-17 NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201209-02.NASL description The remote host is affected by the vulnerability described in GLSA-201209-02 (libTIFF: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libTIFF. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted TIFF file with an application making use of libTIFF, possibly resulting in execution of arbitrary code with the privileges of the user running the application or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 62235 published 2012-09-24 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62235 title GLSA-201209-02 : libTIFF: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_LIBTIFF-6407.NASL description This update of the tiff package fixes various integer overflows in the tools. (CVE-2009-2347) last seen 2020-06-01 modified 2020-06-02 plugin id 41553 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41553 title SuSE 10 Security Update : libtiff (ZYPP Patch Number 6407) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200908-03.NASL description The remote host is affected by the vulnerability described in GLSA-200908-03 (libTIFF: User-assisted execution of arbitrary code) Two vulnerabilities have been reported in libTIFF: wololo reported a buffer underflow in the LZWDecodeCompat() function (CVE-2009-2285). Tielei Wang of ICST-ERCIS, Peking University reported two integer overflows leading to heap-based buffer overflows in the tiff2rgba and rgb2ycbcr tools (CVE-2009-2347). Impact : A remote attacker could entice a user to open a specially crafted TIFF file with an application making use of libTIFF or the tiff2rgba and rgb2ycbcr tools, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 40519 published 2009-08-10 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40519 title GLSA-200908-03 : libTIFF: User-assisted execution of arbitrary code NASL family Fedora Local Security Checks NASL id FEDORA_2009-7724.NASL description CVE-2009-2347 libtiff: integer overflows in various inter-color spaces conversion tools (crash, ACE) Not the same as last week last seen 2020-06-01 modified 2020-06-02 plugin id 39858 published 2009-07-20 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39858 title Fedora 10 : libtiff-3.8.2-14.fc10 (2009-7724) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-043.NASL description A buffer overflow was discovered in libtiff which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with CCITT Group 4 encoding (CVE-2011-0192). Additionally it was discovered that the fixes for CVE-2009-2347 and CVE-2010-2065 were incomplete for Mandriva Linux 2010.0 and 2010.2 and being resolved as well. Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149 products_id=490 The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 52592 published 2011-03-09 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/52592 title Mandriva Linux Security Advisory : libtiff (MDVSA-2011:043)
Oval
| accepted | 2013-04-29T04:10:29.553-04:00 | ||||||||||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||||||||||
| description | Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr. | ||||||||||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:10988 | ||||||||||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||||||||||
| title | Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr. | ||||||||||||||||||||||||||||||||
| version | 27 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 35652 CVE(CAN) ID: CVE-2009-2347 LibTiff是负责对TIFF图象格式进行编码/解码的应用库。 libtiff软件把中捆绑了一些用于操控TIFF图形的工具集,其中tiff2rgba工具所使用的cvt_whole_image函数和 rgb2ycbcr工具所使用的tiffcvt函数没有正确地验证图形的宽度和高度,在使用宽度和高度值计算raster缓冲区大小时可能出现最终可导致堆溢出的整数溢出漏洞。如果用户受骗打开了畸形的TIFF图形就可以触发这个溢出,导致转换工具崩溃或执行任意代码。 LibTIFF LibTIFF 4.0 LibTIFF LibTIFF 3.9 LibTIFF LibTIFF 3.8.2 厂商补丁: LibTIFF ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://article.gmane.org/gmane.linux.debian.devel.changes.unstable/178563/ |
| id | SSV:11812 |
| last seen | 2017-11-19 |
| modified | 2009-07-14 |
| published | 2009-07-14 |
| reporter | Root |
| title | LibTIFF库tiff2rgba和rgb2ycbcr转换工具整数溢出漏洞 |
References
- http://article.gmane.org/gmane.linux.debian.devel.changes.unstable/178563/
- http://bugzilla.maptools.org/show_bug.cgi?id=2079
- http://osvdb.org/55821
- http://osvdb.org/55822
- http://secunia.com/advisories/35811
- http://secunia.com/advisories/35817
- http://secunia.com/advisories/35866
- http://secunia.com/advisories/35883
- http://secunia.com/advisories/35911
- http://secunia.com/advisories/36194
- http://secunia.com/advisories/50726
- http://security.gentoo.org/glsa/glsa-200908-03.xml
- http://security.gentoo.org/glsa/glsa-201209-02.xml
- http://www.debian.org/security/2009/dsa-1835
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:150
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:043
- http://www.ocert.org/advisories/ocert-2009-012.html
- http://www.redhat.com/support/errata/RHSA-2009-1159.html
- http://www.securityfocus.com/archive/1/504892/100/0/threaded
- http://www.securityfocus.com/bid/35652
- http://www.securitytracker.com/id?1022539
- http://www.ubuntu.com/usn/USN-801-1
- http://www.vupen.com/english/advisories/2009/1870
- http://www.vupen.com/english/advisories/2011/0621
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2347
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51688
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10988
- https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00663.html
- https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00724.html