Lucene search

[email protected]CVE-2009-2285

HistoryJul 01, 2009 - 1:00 p.m.

CVE-2009-2285

2009-07-0113:00:01

CWE-119

[email protected]

web.nvd.nist.gov

cve-2009-2285

buffer underflow

lzwdecodecompat

libtiff 3.8.2

denial of service

tiff image

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.9%

JSON

Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.

Affected configurations

NVD

Node

libtifflibtiffMatch3.8.2

CPENameOperatorVersion
libtiff:libtifflibtiffeq3.8.2

CPE	Name	Operator	Version
libtiff:libtiff	libtiff	eq	3.8.2

References

bugzilla.maptools.org/show_bug.cgi?id=2065

lists.apple.com/archives/security-announce/2009/Nov/msg00000.html

lists.apple.com/archives/security-announce/2010//Mar/msg00003.html

lists.apple.com/archives/security-announce/2010/Feb/msg00000.html

lists.apple.com/archives/security-announce/2010/Jan/msg00000.html

lists.apple.com/archives/security-announce/2010/Mar/msg00000.html

secunia.com/advisories/35695

secunia.com/advisories/35716

secunia.com/advisories/35866

secunia.com/advisories/35883

secunia.com/advisories/35912

secunia.com/advisories/36194

secunia.com/advisories/36831

secunia.com/advisories/38241

secunia.com/advisories/39135

security.gentoo.org/glsa/glsa-200908-03.xml

sunsolve.sun.com/search/document.do?assetkey=1-66-267808-1

support.apple.com/kb/HT3937

support.apple.com/kb/HT4004

support.apple.com/kb/HT4013

support.apple.com/kb/HT4070

support.apple.com/kb/HT4105

www.debian.org/security/2009/dsa-1835

www.lan.st/showthread.php?t=1856&page=3

www.openwall.com/lists/oss-security/2009/06/22/1

www.openwall.com/lists/oss-security/2009/06/23/1

www.openwall.com/lists/oss-security/2009/06/29/5

www.redhat.com/support/errata/RHSA-2009-1159.html

www.vupen.com/english/advisories/2009/1637

www.vupen.com/english/advisories/2009/2727

www.vupen.com/english/advisories/2009/3184

www.vupen.com/english/advisories/2010/0173

bugs.launchpad.net/ubuntu/+source/tiff/+bug/380149

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10145

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7049

usn.ubuntu.com/797-1/

www.redhat.com/archives/fedora-package-announce/2009-July/msg00142.html

www.redhat.com/archives/fedora-package-announce/2009-July/msg00161.html

www.redhat.com/archives/fedora-package-announce/2009-July/msg00230.html

www.redhat.com/archives/fedora-package-announce/2009-July/msg00655.html

www.redhat.com/archives/fedora-package-announce/2009-July/msg00714.html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.9%

JSON

Related for CVE-2009-2285

nvd2 openvas83 fedora10 prion2 cvelist2 ubuntucve2 debiancve2 nessus61 ubuntu2 veracode2 gentoo2 osv1 oraclelinux4 redhat4 centos5 securityvulns5 debian2 threatpost2 seebug1 altlinux2 cve1 vmware2