Executive Summary

Informations
Name MDVSA-2012:127 First vendor Publication 2012-08-08
Vendor Mandriva Last vendor Modification 2012-08-08
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability was found and corrected in libtiff:

A heap-based buffer overflow flaw was found in the way tiff2pdf, a TIFF image to a PDF document conversion tool, of libtiff, a library of functions for manipulating TIFF (Tagged Image File Format) image format files, performed write of TIFF image content into particular PDF document file, when not properly initialized T2P context struct pointer has been provided by tiff2pdf (application requesting the conversion) as one of parameters for the routine performing the write. A remote attacker could provide a specially-crafted TIFF image format file, that when processed by tiff2pdf would lead to tiff2pdf executable crash or, potentially, arbitrary code execution with the privileges of the user running the tiff2pdf binary (CVE-2012-3401).

The updated packages have been patched to correct this issue.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2012:127

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:17955
 
Oval ID: oval:org.mitre.oval:def:17955
Title: USN-1511-1 -- tiff vulnerability
Description: tiff2pdf could be made to crash or run programs as your login if it opened a specially crafted file.
Family: unix Class: patch
Reference(s): USN-1511-1
CVE-2012-3401
 Version: 7
Platform(s): Ubuntu 12.04
Ubuntu 11.10
Ubuntu 11.04
Ubuntu 10.04
Ubuntu 8.04
 Product(s): tiff
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19987
 
Oval ID: oval:org.mitre.oval:def:19987
Title: DSA-2552-1 tiff - several
Description: Several vulnerabilities were discovered in TIFF, a library set and tools to support the Tag Image File Format (TIFF), allowing denial of service and potential privilege escalation.
Family: unix Class: patch
Reference(s): DSA-2552-1
CVE-2010-2482
CVE-2010-2595
CVE-2010-2597
CVE-2010-2630
CVE-2010-4665
CVE-2012-2088
CVE-2012-2113
CVE-2012-3401
 Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
 Product(s): tiff
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 61

OpenVAS Exploits

Date Description
2012-12-31 Name : Fedora Update for libtiff FEDORA-2012-20404
File : nvt/gb_fedora_2012_20404_libtiff_fc16.nasl
2012-12-31 Name : Fedora Update for libtiff FEDORA-2012-20446
File : nvt/gb_fedora_2012_20446_libtiff_fc17.nasl
2012-12-26 Name : CentOS Update for libtiff CESA-2012:1590 centos5
File : nvt/gb_CESA-2012_1590_libtiff_centos5.nasl
2012-12-26 Name : CentOS Update for libtiff CESA-2012:1590 centos6
File : nvt/gb_CESA-2012_1590_libtiff_centos6.nasl
2012-12-26 Name : RedHat Update for libtiff RHSA-2012:1590-01
File : nvt/gb_RHSA-2012_1590-01_libtiff.nasl
2012-10-03 Name : Debian Security Advisory DSA 2552-1 (tiff)
File : nvt/deb_2552_1.nasl
2012-09-26 Name : Gentoo Security Advisory GLSA 201209-02 (tiff)
File : nvt/glsa_201209_02.nasl
2012-08-30 Name : Fedora Update for libtiff FEDORA-2012-11000
File : nvt/gb_fedora_2012_11000_libtiff_fc17.nasl
2012-08-14 Name : Fedora Update for libtiff FEDORA-2012-10978
File : nvt/gb_fedora_2012_10978_libtiff_fc16.nasl
2012-08-09 Name : Mandriva Update for libtiff MDVSA-2012:127 (libtiff)
File : nvt/gb_mandriva_MDVSA_2012_127.nasl
2012-07-23 Name : Ubuntu Update for tiff USN-1511-1
File : nvt/gb_ubuntu_USN_1511_1.nasl

Nessus® Vulnerability Scanner

Date Description
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_libtiff_20141107.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-492.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-147.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1590.nasl - Type : ACT_GATHER_INFO
2013-04-20 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-046.nasl - Type : ACT_GATHER_INFO
2013-01-25 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libtiff-devel-120719.nasl - Type : ACT_GATHER_INFO
2013-01-14 Name : The remote Fedora host is missing a security update.
File : fedora_2012-20348.nasl - Type : ACT_GATHER_INFO
2012-12-31 Name : The remote Fedora host is missing a security update.
File : fedora_2012-20404.nasl - Type : ACT_GATHER_INFO
2012-12-31 Name : The remote Fedora host is missing a security update.
File : fedora_2012-20446.nasl - Type : ACT_GATHER_INFO
2012-12-20 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1590.nasl - Type : ACT_GATHER_INFO
2012-12-20 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20121218_libtiff_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-12-19 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1590.nasl - Type : ACT_GATHER_INFO
2012-09-27 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2552.nasl - Type : ACT_GATHER_INFO
2012-09-24 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201209-02.nasl - Type : ACT_GATHER_INFO
2012-09-06 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-127.nasl - Type : ACT_GATHER_INFO
2012-08-10 Name : The remote Fedora host is missing a security update.
File : fedora_2012-10978.nasl - Type : ACT_GATHER_INFO
2012-07-30 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libtiff-8230.nasl - Type : ACT_GATHER_INFO
2012-07-27 Name : The remote Fedora host is missing a security update.
File : fedora_2012-11000.nasl - Type : ACT_GATHER_INFO
2012-07-20 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1511-1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:43:04
  • Multiple Updates