Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2012:127 | First vendor Publication | 2012-08-08 |
Vendor | Mandriva | Last vendor Modification | 2012-08-08 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability was found and corrected in libtiff: A heap-based buffer overflow flaw was found in the way tiff2pdf, a TIFF image to a PDF document conversion tool, of libtiff, a library of functions for manipulating TIFF (Tagged Image File Format) image format files, performed write of TIFF image content into particular PDF document file, when not properly initialized T2P context struct pointer has been provided by tiff2pdf (application requesting the conversion) as one of parameters for the routine performing the write. A remote attacker could provide a specially-crafted TIFF image format file, that when processed by tiff2pdf would lead to tiff2pdf executable crash or, potentially, arbitrary code execution with the privileges of the user running the tiff2pdf binary (CVE-2012-3401). The updated packages have been patched to correct this issue. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2012:127 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:17955 | |||
Oval ID: | oval:org.mitre.oval:def:17955 | ||
Title: | USN-1511-1 -- tiff vulnerability | ||
Description: | tiff2pdf could be made to crash or run programs as your login if it opened a specially crafted file. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1511-1 CVE-2012-3401 | Version: | 7 |
Platform(s): | Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 Ubuntu 8.04 | Product(s): | tiff |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19987 | |||
Oval ID: | oval:org.mitre.oval:def:19987 | ||
Title: | DSA-2552-1 tiff - several | ||
Description: | Several vulnerabilities were discovered in TIFF, a library set and tools to support the Tag Image File Format (TIFF), allowing denial of service and potential privilege escalation. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2552-1 CVE-2010-2482 CVE-2010-2595 CVE-2010-2597 CVE-2010-2630 CVE-2010-4665 CVE-2012-2088 CVE-2012-2113 CVE-2012-3401 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | tiff |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-12-31 | Name : Fedora Update for libtiff FEDORA-2012-20404 File : nvt/gb_fedora_2012_20404_libtiff_fc16.nasl |
2012-12-31 | Name : Fedora Update for libtiff FEDORA-2012-20446 File : nvt/gb_fedora_2012_20446_libtiff_fc17.nasl |
2012-12-26 | Name : CentOS Update for libtiff CESA-2012:1590 centos5 File : nvt/gb_CESA-2012_1590_libtiff_centos5.nasl |
2012-12-26 | Name : CentOS Update for libtiff CESA-2012:1590 centos6 File : nvt/gb_CESA-2012_1590_libtiff_centos6.nasl |
2012-12-26 | Name : RedHat Update for libtiff RHSA-2012:1590-01 File : nvt/gb_RHSA-2012_1590-01_libtiff.nasl |
2012-10-03 | Name : Debian Security Advisory DSA 2552-1 (tiff) File : nvt/deb_2552_1.nasl |
2012-09-26 | Name : Gentoo Security Advisory GLSA 201209-02 (tiff) File : nvt/glsa_201209_02.nasl |
2012-08-30 | Name : Fedora Update for libtiff FEDORA-2012-11000 File : nvt/gb_fedora_2012_11000_libtiff_fc17.nasl |
2012-08-14 | Name : Fedora Update for libtiff FEDORA-2012-10978 File : nvt/gb_fedora_2012_10978_libtiff_fc16.nasl |
2012-08-09 | Name : Mandriva Update for libtiff MDVSA-2012:127 (libtiff) File : nvt/gb_mandriva_MDVSA_2012_127.nasl |
2012-07-23 | Name : Ubuntu Update for tiff USN-1511-1 File : nvt/gb_ubuntu_USN_1511_1.nasl |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_libtiff_20141107.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-492.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-147.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1590.nasl - Type : ACT_GATHER_INFO |
2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-046.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libtiff-devel-120719.nasl - Type : ACT_GATHER_INFO |
2013-01-14 | Name : The remote Fedora host is missing a security update. File : fedora_2012-20348.nasl - Type : ACT_GATHER_INFO |
2012-12-31 | Name : The remote Fedora host is missing a security update. File : fedora_2012-20404.nasl - Type : ACT_GATHER_INFO |
2012-12-31 | Name : The remote Fedora host is missing a security update. File : fedora_2012-20446.nasl - Type : ACT_GATHER_INFO |
2012-12-20 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1590.nasl - Type : ACT_GATHER_INFO |
2012-12-20 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20121218_libtiff_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-12-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1590.nasl - Type : ACT_GATHER_INFO |
2012-09-27 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2552.nasl - Type : ACT_GATHER_INFO |
2012-09-24 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201209-02.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-127.nasl - Type : ACT_GATHER_INFO |
2012-08-10 | Name : The remote Fedora host is missing a security update. File : fedora_2012-10978.nasl - Type : ACT_GATHER_INFO |
2012-07-30 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libtiff-8230.nasl - Type : ACT_GATHER_INFO |
2012-07-27 | Name : The remote Fedora host is missing a security update. File : fedora_2012-11000.nasl - Type : ACT_GATHER_INFO |
2012-07-20 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1511-1.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:43:04 |
|