Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiAlexander GavrunZDI-12-043
HistoryMar 13, 2012 - 12:00 a.m.

LibTIFF TileSize Parsing Remote Code Execution Vulnerability

2012-03-1300:00:00
Alexander Gavrun
www.zerodayinitiative.com
21

0.092 Low

EPSS

Percentile

94.7%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LibTIFF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the LibTIFF Library and occurs when the application attempts to allocate space for a tile. When calculating the size for a buffer, the library will perform a multiply which can cause an integer overflow. After allocation, the library will initialize the buffer with tile data. This can cause code execution under the context of the application that utilizes the LibTIFF library.

Related

nessus 24
openvas 35
oraclelinux 1
debian 1
slackware 1
nvd 1
redhat 1
fedora 6
debiancve 1
altlinux 1
veracode 1
prion 1
centos 1
cvelist 1
ubuntucve 2
cve 1
amazon 1
securityvulns 8
f5 2
ubuntu 1
gentoo 1
nessus
nessus
SuSE 11.1 Security Update : libtiff (SAT Patch Number 6106)
2012-04-18 00:00:00
Fedora 17 : libtiff-3.9.5-3.fc17 (2012-5463)
2012-04-12 00:00:00
Debian DSA-2447-1 : tiff - integer overflow
2012-04-06 00:00:00
openvas
openvas
Mandriva Update for libtiff MDVSA-2012:054 (libtiff)
2012-08-03 00:00:00
RedHat Update for libtiff RHSA-2012:0468-01
2012-04-11 00:00:00
CentOS Update for libtiff CESA-2012:0468 centos5
2012-07-30 00:00:00
oraclelinux
oraclelinux
libtiff security update
2012-04-10 00:00:00
debian
debian
[SECURITY] [DSA 2447-1] tiff security update
2012-04-04 20:00:29
slackware
slackware
[slackware-security] libtiff
2012-04-04 17:44:30
nvd
nvd
CVE-2012-1173
2012-06-04 20:55:03
redhat
redhat
(RHSA-2012:0468) Important: libtiff security update
2012-04-10 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: libtiff-3.9.5-3.fc16
2012-04-22 03:27:04
[SECURITY] Fedora 17 Update: libtiff-3.9.5-3.fc17
2012-04-12 02:24:24
[SECURITY] Fedora 15 Update: libtiff-3.9.5-3.fc15
2012-04-18 19:27:41
debiancve
debiancve
CVE-2012-1173
2012-06-04 20:55:03
altlinux
altlinux
Security fix for the ALT Linux 10 package libtiff version 3.9.6-alt1
2012-04-08 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2018-10-04 04:47:21
prion
prion
Integer overflow
2012-06-04 20:55:00
centos
centos
libtiff security update
2012-04-10 21:10:32
cvelist
cvelist
CVE-2012-1173
2012-06-04 20:00:00
ubuntucve
ubuntucve
CVE-2012-1173
2012-04-04 00:00:00
CVE-2012-2113
2012-06-22 00:00:00
cve
cve
CVE-2012-1173
2012-06-04 20:55:03
amazon
amazon
Important: libtiff
2012-04-30 14:43:00
securityvulns
securityvulns
[ MDVSA-2012:054 ] libtiff
2012-04-09 00:00:00
libtiff library integer overflow
2012-07-09 00:00:00
Apple Mac OS X multiple security vulnerabilities
2012-10-01 00:00:00
f5
f5
K15863 : Libtiff vulnerabilities CVE-2012-1173 and CVE-2012-2088
2015-01-30 00:00:00
SOL15863 - Libtiff vulnerabilities CVE-2012-1173 and CVE-2012-2088
2014-11-25 00:00:00
ubuntu
ubuntu
tiff vulnerabilities
2012-04-04 00:00:00
gentoo
gentoo
libTIFF: Multiple vulnerabilities
2012-09-23 00:00:00

0.092 Low

EPSS

Percentile

94.7%

JSON
Related for ZDI-12-043
nessus24openvas35oraclelinux1debian1slackware1nvd1redhat1fedora6debiancve1altlinux1veracode1prion1centos1cvelist1ubuntucve2cve1amazon1securityvulns8f52ubuntu1gentoo1