CVE-2009-2347 - Vulnerability Details

Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Libtiff	Libtiff
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:a:libtiff:libtiff:3.8.0:::::::*
	cpe:2.3:a:libtiff:libtiff:3.8.1:::::::*
	cpe:2.3:a:libtiff:libtiff:3.8.2:::::::*
	cpe:2.3:a:libtiff:libtiff:3.9:::::::*
	cpe:2.3:a:libtiff:libtiff:4.0:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 3
libtiff-0:3.5.7-33.el3	cpe:/o:redhat:enterprise_linux:3	RHSA-2009:1159	2009-07-16T00:00:00Z
Red Hat Enterprise Linux 4
libtiff-0:3.6.1-12.el4_8.4	cpe:/o:redhat:enterprise_linux:4	RHSA-2009:1159	2009-07-16T00:00:00Z
Red Hat Enterprise Linux 5
libtiff-0:3.8.2-7.el5_3.4	cpe:/o:redhat:enterprise_linux:5	RHSA-2009:1159	2009-07-16T00:00:00Z

References

Link	Providers
http://article.gmane.org/gmane.linux.debian.devel.changes.unstable/178563/
http://bugzilla.maptools.org/show_bug.cgi?id=2079
http://osvdb.org/55821
http://osvdb.org/55822
http://secunia.com/advisories/35811
http://secunia.com/advisories/35817
http://secunia.com/advisories/35866
http://secunia.com/advisories/35883
http://secunia.com/advisories/35911
http://secunia.com/advisories/36194
http://secunia.com/advisories/50726
http://security.gentoo.org/glsa/glsa-200908-03.xml
http://security.gentoo.org/glsa/glsa-201209-02.xml
http://www.debian.org/security/2009/dsa-1835
http://www.mandriva.com/security/advisories?name=MDVSA-2009:150
http://www.mandriva.com/security/advisories?name=MDVSA-2011:043
http://www.ocert.org/advisories/ocert-2009-012.html
http://www.redhat.com/support/errata/RHSA-2009-1159.html
http://www.securityfocus.com/archive/1/504892/100/0/threaded
http://www.securityfocus.com/bid/35652
http://www.securitytracker.com/id?1022539
http://www.ubuntu.com/usn/USN-801-1
http://www.vupen.com/english/advisories/2009/1870
http://www.vupen.com/english/advisories/2011/0621
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2347
https://exchange.xforce.ibmcloud.com/vulnerabilities/51688
https://nvd.nist.gov/vuln/detail/CVE-2009-2347
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10988
https://www.cve.org/CVERecord?id=CVE-2009-2347
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00663.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00724.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-07-14T20:16:00

Updated: 2024-08-07T05:44:55.963Z

Reserved: 2009-07-07T00:00:00

Link: CVE-2009-2347

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-07-14T20:30:00.377

Modified: 2024-11-21T01:04:39.630

Link: CVE-2009-2347

Redhat

Severity : Moderate

Publid Date: 2009-07-13T00:00:00Z

Links: CVE-2009-2347 - Bugzilla

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object