Lucene search

Veracode Vulnerability DatabaseVERACODE:24460

HistoryApr 10, 2020 - 12:55 a.m.

Arbitrary Code Execution

2020-04-1000:55:01

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.048 Low

EPSS

Percentile

92.7%

JSON

libtiff is vulnerable to arbitrary code execution. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF Internet Fax image files, compressed with the CCITT Group 4 compression algorithm. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code.

CPENameOperatorVersion
libtiffeq3.6.1__12.el4_8.4
libtiffeq3.6.1__12.el4_7.2
libtiffeq3.6.1__12.el4_8.5
libtiffeq3.6.1__12.el4_8.4
libtiffeq3.6.1__12.el4_7.2
libtiffeq3.6.1__12.el4_8.5

Name	Operator	Version
libtiff	eq	3.6.1__12.el4_8.4
libtiff	eq	3.6.1__12.el4_7.2
libtiff	eq	3.6.1__12.el4_8.5
libtiff	eq	3.6.1__12.el4_8.4
libtiff	eq	3.6.1__12.el4_7.2
libtiff	eq	3.6.1__12.el4_8.5

References

blackberry.com/btsc/KB27244

lists.apple.com/archives/security-announce/2011//Mar/msg00003.html

lists.apple.com/archives/security-announce/2011//Mar/msg00004.html

lists.apple.com/archives/security-announce/2011//Mar/msg00005.html

lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html

lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html

lists.apple.com/archives/security-announce/2011/Mar/msg00000.html

lists.apple.com/archives/security-announce/2011/Mar/msg00006.html

lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html

lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html

lists.fedoraproject.org/pipermail/package-announce/2011-March/055240.html

lists.fedoraproject.org/pipermail/package-announce/2011-March/055683.html

lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html

secunia.com/advisories/43585

secunia.com/advisories/43593

secunia.com/advisories/43664

secunia.com/advisories/43934

secunia.com/advisories/44117

secunia.com/advisories/44135

secunia.com/advisories/50726

security.gentoo.org/glsa/glsa-201209-02.xml

slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820

support.apple.com/kb/HT4554

support.apple.com/kb/HT4564

support.apple.com/kb/HT4565

support.apple.com/kb/HT4566

support.apple.com/kb/HT4581

support.apple.com/kb/HT4999

support.apple.com/kb/HT5001

www.debian.org/security/2011/dsa-2210

www.mandriva.com/security/advisories?name=MDVSA-2011:043

www.redhat.com/support/errata/RHSA-2011-0318.html

www.securityfocus.com/bid/46658

www.securitytracker.com/id?1025153

www.vupen.com/english/advisories/2011/0551

www.vupen.com/english/advisories/2011/0599

www.vupen.com/english/advisories/2011/0621

www.vupen.com/english/advisories/2011/0845

www.vupen.com/english/advisories/2011/0905

www.vupen.com/english/advisories/2011/0930

www.vupen.com/english/advisories/2011/0960

access.redhat.com/errata/RHSA-2011:0318

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=678635

0.048 Low

EPSS

Percentile

92.7%

JSON

Related for VERACODE:24460