Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary | |
---|---|
Title | Sun Alert 265808 Multiple Integer Overflow Vulnerabilities in the libtiff(3) Image Conversion Tools 'tiff2rgba' and 'rgb2ycbcr' May Lead to Arbitrary Code Execution |
Informations | |||
---|---|---|---|
Name | SUN-265808 | First vendor Publication | 2009-08-14 |
Vendor | Sun | Last vendor Modification | 2009-08-20 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Product: Solaris 8 Operating System Solaris 9 Operating System Solaris 10 Operating System OpenSolaris Multiple integer overflow vulnerabilities in the libtiff(3) image conversion tools 'tiff2rgba' and 'rgb2ycbcr' may allow a local or remote unprivileged user to execute arbitrary code via a TIFF image with large width and height values. This issue is also described in the following document: CVE-2009-2347 at http://www.security-database.com/detail.php?cve=CVE-2009-2347 State: Workaround First released: 14-Aug-2009 |
Original Source
Url : http://blogs.sun.com/security/entry/sun_alert_265808_multiple_integer |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10988 | |||
Oval ID: | oval:org.mitre.oval:def:10988 | ||
Title: | Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr. | ||
Description: | Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2347 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12926 | |||
Oval ID: | oval:org.mitre.oval:def:12926 | ||
Title: | USN-801-1 -- tiff vulnerability | ||
Description: | Tielei Wang and Tom Lane discovered that the TIFF library did not correctly handle certain malformed TIFF images. If a user or automated system were tricked into processing a malicious image, an attacker could execute arbitrary code with the privileges of the user invoking the program. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-801-1 CVE-2009-2347 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 9.04 Ubuntu 6.06 Ubuntu 8.10 | Product(s): | tiff |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13644 | |||
Oval ID: | oval:org.mitre.oval:def:13644 | ||
Title: | DSA-1835-1 tiff -- several | ||
Description: | Several vulnerabilities have been discovered in the library for the Tag Image File Format. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2285 It was discovered that malformed TIFF images can lead to a crash in the decompression code, resulting in denial of service. CVE-2009-2347 Andrea Barisani discovered several integer overflows, which can lead to the execution of arbitrary code if malformed images are passed to the rgb2ycbcr or tiff2rgba tools. For the old stable distribution, these problems have been fixed in version 3.8.2-7+etch3. For the stable distribution, these problems have been fixed in version 3.8.2-11.2. For the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your tiff packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1835-1 CVE-2009-2285 CVE-2009-2347 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | tiff |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22533 | |||
Oval ID: | oval:org.mitre.oval:def:22533 | ||
Title: | ELSA-2009:1159: libtiff security update (Moderate) | ||
Description: | Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1159-01 CVE-2009-2285 CVE-2009-2347 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | libtiff |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28879 | |||
Oval ID: | oval:org.mitre.oval:def:28879 | ||
Title: | RHSA-2009:1159 -- libtiff security update (Moderate) | ||
Description: | Updated libtiff packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1159 CESA-2009:1159-CentOS 3 CESA-2009:1159-CentOS 5 CVE-2009-2285 CVE-2009-2347 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 3 CentOS Linux 5 | Product(s): | libtiff |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7522 | |||
Oval ID: | oval:org.mitre.oval:def:7522 | ||
Title: | DSA-1835 tiff -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in the library for the Tag Image File Format (TIFF). The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that malformed TIFF images can lead to a crash in the decompression code, resulting in denial of service. Andrea Barisani discovered several integer overflows, which can lead to the execution of arbitrary code if malformed images are passed to the rgb2ycbcr or tiff2rgba tools. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1835 CVE-2009-2285 CVE-2009-2347 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | tiff |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 5 |
OpenVAS Exploits
Date | Description |
---|---|
2012-09-26 | Name : Gentoo Security Advisory GLSA 201209-02 (tiff) File : nvt/glsa_201209_02.nasl |
2011-08-09 | Name : CentOS Update for libtiff CESA-2009:1159 centos3 i386 File : nvt/gb_CESA-2009_1159_libtiff_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for libtiff CESA-2009:1159 centos5 i386 File : nvt/gb_CESA-2009_1159_libtiff_centos5_i386.nasl |
2011-03-15 | Name : Mandriva Update for libtiff MDVSA-2011:043 (libtiff) File : nvt/gb_mandriva_MDVSA_2011_043.nasl |
2010-07-06 | Name : FreeBSD Ports: tiff File : nvt/freebsd_tiff5.nasl |
2010-06-25 | Name : Fedora Update for libtiff FEDORA-2010-10359 File : nvt/gb_fedora_2010_10359_libtiff_fc11.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:169-1 (libtiff) File : nvt/mdksa_2009_169_1.nasl |
2009-10-13 | Name : SLES10: Security update for libtiff File : nvt/sles10_libtiff1.nasl |
2009-10-13 | Name : Solaris Update for GNOME 2.6.0 119900-09 File : nvt/gb_solaris_119900_09.nasl |
2009-10-13 | Name : Solaris Update for Gnome libtiff - library for reading and writing TIFF 11990... File : nvt/gb_solaris_119901_08.nasl |
2009-10-11 | Name : SLES11: Security update for libtiff File : nvt/sles11_libtiff30.nasl |
2009-10-10 | Name : SLES9: Security update for libtiff File : nvt/sles9p5055840.nasl |
2009-09-09 | Name : SuSE Security Summary SUSE-SR:2009:014 File : nvt/suse_sr_2009_014.nasl |
2009-08-17 | Name : Gentoo Security Advisory GLSA 200908-03 (tiff) File : nvt/glsa_200908_03.nasl |
2009-08-17 | Name : Mandrake Security Advisory MDVSA-2009:169 (libtiff) File : nvt/mdksa_2009_169.nasl |
2009-07-29 | Name : Ubuntu USN-799-1 (dbus) File : nvt/ubuntu_799_1.nasl |
2009-07-29 | Name : Ubuntu USN-801-1 (tiff) File : nvt/ubuntu_801_1.nasl |
2009-07-29 | Name : RedHat Security Advisory RHSA-2009:1159 File : nvt/RHSA_2009_1159.nasl |
2009-07-29 | Name : Ubuntu USN-802-1 (apache2) File : nvt/ubuntu_802_1.nasl |
2009-07-29 | Name : CentOS Security Advisory CESA-2009:1159 (libtiff) File : nvt/ovcesa2009_1159.nasl |
2009-07-29 | Name : Mandrake Security Advisory MDVSA-2009:150 (libtiff) File : nvt/mdksa_2009_150.nasl |
2009-07-29 | Name : Fedora Core 11 FEDORA-2009-7775 (libtiff) File : nvt/fcore_2009_7775.nasl |
2009-07-29 | Name : Fedora Core 10 FEDORA-2009-7724 (libtiff) File : nvt/fcore_2009_7724.nasl |
2009-07-29 | Name : Debian Security Advisory DSA 1835-1 (tiff) File : nvt/deb_1835_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
55822 | LibTIFF tiff2rgba Utility cvt_whole_image() Function Crafted TIFF File Handli... |
55821 | LibTIFF rgb2ycbcr Utility tiffcvt() Function Crafted TIFF File Handling Overflow |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2009-0027.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1159.nasl - Type : ACT_GATHER_INFO |
2012-09-24 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201209-02.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090728_libtiff_for_SL3_0_x.nasl - Type : ACT_GATHER_INFO |
2011-03-09 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-043.nasl - Type : ACT_GATHER_INFO |
2010-06-17 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_8816bf3a792911dfbcce0018f3e2eb82.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1835.nasl - Type : ACT_GATHER_INFO |
2009-12-04 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-169.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_libtiff-devel-6406.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12470.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libtiff-devel-090807.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libtiff-6407.nasl - Type : ACT_GATHER_INFO |
2009-08-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libtiff-devel-090807.nasl - Type : ACT_GATHER_INFO |
2009-08-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libtiff-devel-090807.nasl - Type : ACT_GATHER_INFO |
2009-08-10 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200908-03.nasl - Type : ACT_GATHER_INFO |
2009-07-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1159.nasl - Type : ACT_GATHER_INFO |
2009-07-20 | Name : The remote Fedora host is missing a security update. File : fedora_2009-7775.nasl - Type : ACT_GATHER_INFO |
2009-07-20 | Name : The remote Fedora host is missing a security update. File : fedora_2009-7724.nasl - Type : ACT_GATHER_INFO |
2009-07-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1159.nasl - Type : ACT_GATHER_INFO |
2009-07-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-150.nasl - Type : ACT_GATHER_INFO |
2009-07-14 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-801-1.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 119900-18 File : solaris10_119900.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 119901-17 File : solaris10_x86_119901.nasl - Type : ACT_GATHER_INFO |