Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2012:174 | First vendor Publication | 2012-11-22 |
Vendor | Mandriva | Last vendor Modification | 2012-11-22 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple vulnerabilities was found and corrected in libtiff: Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format (CVE-2012-4447). ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow (CVE-2012-4564). The updated packages have been patched to correct these issues. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2012:174 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:18023 | |||
Oval ID: | oval:org.mitre.oval:def:18023 | ||
Title: | DSA-2561-1 tiff - buffer overflow | ||
Description: | It was discovered that a buffer overflow in libtiff's parsing of files using PixarLog compression could lead to the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2561-1 CVE-2012-4447 | Version: | 7 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | tiff |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18025 | |||
Oval ID: | oval:org.mitre.oval:def:18025 | ||
Title: | USN-1631-1 -- tiff vulnerabilities | ||
Description: | LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1631-1 CVE-2012-4447 CVE-2012-4564 | Version: | 7 |
Platform(s): | Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04 Ubuntu 8.04 | Product(s): | tiff |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18317 | |||
Oval ID: | oval:org.mitre.oval:def:18317 | ||
Title: | DSA-2575-1 tiff - heap overflow | ||
Description: | It was discovered that ppm2tiff of the TIFF tools, a set of utilities for TIFF manipulation and conversion, is not properly checking the return value of an internal function used in order to detect integer overflows. As a consequence, ppm2tiff suffers of a heap-based buffer overflow. This allows attacker to potentially execute arbitrary code via a crafted PPM image, especially in scenarios in which images are automatically processed. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2575-1 CVE-2012-4564 | Version: | 7 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | tiff |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-12-31 | Name : Fedora Update for libtiff FEDORA-2012-20404 File : nvt/gb_fedora_2012_20404_libtiff_fc16.nasl |
2012-12-31 | Name : Fedora Update for libtiff FEDORA-2012-20446 File : nvt/gb_fedora_2012_20446_libtiff_fc17.nasl |
2012-12-26 | Name : CentOS Update for libtiff CESA-2012:1590 centos5 File : nvt/gb_CESA-2012_1590_libtiff_centos5.nasl |
2012-12-26 | Name : CentOS Update for libtiff CESA-2012:1590 centos6 File : nvt/gb_CESA-2012_1590_libtiff_centos6.nasl |
2012-12-26 | Name : RedHat Update for libtiff RHSA-2012:1590-01 File : nvt/gb_RHSA-2012_1590-01_libtiff.nasl |
2012-11-26 | Name : Debian Security Advisory DSA 2575-1 (tiff) File : nvt/deb_2575_1.nasl |
2012-11-23 | Name : Mandriva Update for libtiff MDVSA-2012:174 (libtiff) File : nvt/gb_mandriva_MDVSA_2012_174.nasl |
2012-11-19 | Name : Ubuntu Update for tiff USN-1631-1 File : nvt/gb_ubuntu_USN_1631_1.nasl |
2012-10-29 | Name : Debian Security Advisory DSA 2561-1 (tiff) File : nvt/deb_2561_1.nasl |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2013-02-21 | IAVM : 2013-A-0048 - Multiple Remote Code Execution Vulnerabilities in BlackBerry Enterprise Server Severity : Category I - VMSKEY : V0036903 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_libtiff_20131217.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_gimp_20130521.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-29.nasl - Type : ACT_GATHER_INFO |
2014-02-23 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201402-21.nasl - Type : ACT_GATHER_INFO |
2013-10-20 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2013-290-01.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-147.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1590.nasl - Type : ACT_GATHER_INFO |
2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-046.nasl - Type : ACT_GATHER_INFO |
2013-03-21 | Name : The remote Windows host has an application that is affected by multiple vulne... File : blackberry_es_tiff_kb33425.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libtiff-devel-130109.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libtiff-8419.nasl - Type : ACT_GATHER_INFO |
2013-01-14 | Name : The remote Fedora host is missing a security update. File : fedora_2012-20348.nasl - Type : ACT_GATHER_INFO |
2012-12-31 | Name : The remote Fedora host is missing a security update. File : fedora_2012-20404.nasl - Type : ACT_GATHER_INFO |
2012-12-31 | Name : The remote Fedora host is missing a security update. File : fedora_2012-20446.nasl - Type : ACT_GATHER_INFO |
2012-12-20 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20121218_libtiff_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-12-20 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1590.nasl - Type : ACT_GATHER_INFO |
2012-12-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1590.nasl - Type : ACT_GATHER_INFO |
2012-11-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-174.nasl - Type : ACT_GATHER_INFO |
2012-11-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2575.nasl - Type : ACT_GATHER_INFO |
2012-11-16 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1631-1.nasl - Type : ACT_GATHER_INFO |
2012-10-22 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2561.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:43:14 |
|
2012-11-22 17:23:18 |
|