CVE-2009-2347

Severity

93%

Complexity

86%

Confidentiality

165%

Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.

Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

First reported 15 years ago

2009-07-14 20:30:00

Last updated 6 years ago

2018-10-10 19:39:00

Affected Software

LibTIFF 3.8.0

3.8.0

LibTIFF 3.8.1

3.8.1

LibTIFF 3.8.2

3.8.2

LibTIFF 3.9

3.9

libTIFF 4.0

4.0

References

http://article.gmane.org/gmane.linux.debian.devel.changes.unstable/178563/

Patch

http://bugzilla.maptools.org/show_bug.cgi?id=2079

Patch

55821

55822

35811

35817

Vendor Advisory

35866

35883

35911

36194

50726

GLSA-200908-03

GLSA-201209-02

DSA-1835

MDVSA-2009:150

Patch

MDVSA-2011:043

http://www.ocert.org/advisories/ocert-2009-012.html

Patch

RHSA-2009:1159

20090713 [oCERT-2009-012] libtiff tools integer overflows

35652

Patch

1022539

USN-801-1

ADV-2009-1870

Patch, Vendor Advisory

ADV-2011-0621

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2347

Patch

libtiff-rgb2ycbcr-tiff2rgba-bo(51688)

oval:org.mitre.oval:def:10988

FEDORA-2009-7724

FEDORA-2009-7775

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.