CVE-2009-2285

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.

References

http://bugzilla.maptools.org/show_bug.cgi?id=2065

http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html

http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html

http://lists.apple.com/archives/security-announce/2010/Feb/msg00000.html

http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html

http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html

http://secunia.com/advisories/35695

http://secunia.com/advisories/35716

http://secunia.com/advisories/35866

http://secunia.com/advisories/35883

http://secunia.com/advisories/35912

http://secunia.com/advisories/36194

http://secunia.com/advisories/36831

http://secunia.com/advisories/38241

http://secunia.com/advisories/39135

http://security.gentoo.org/glsa/glsa-200908-03.xml

http://sunsolve.sun.com/search/document.do?assetkey=1-66-267808-1

http://support.apple.com/kb/HT3937

http://support.apple.com/kb/HT4004

http://support.apple.com/kb/HT4013

http://support.apple.com/kb/HT4070

http://support.apple.com/kb/HT4105

http://www.debian.org/security/2009/dsa-1835

http://www.lan.st/showthread.php?t=1856&page=3

http://www.openwall.com/lists/oss-security/2009/06/22/1

http://www.openwall.com/lists/oss-security/2009/06/23/1

http://www.openwall.com/lists/oss-security/2009/06/29/5

http://www.redhat.com/support/errata/RHSA-2009-1159.html

http://www.vupen.com/english/advisories/2009/1637

http://www.vupen.com/english/advisories/2009/2727

http://www.vupen.com/english/advisories/2009/3184

http://www.vupen.com/english/advisories/2010/0173

https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/380149

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10145

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7049

https://usn.ubuntu.com/797-1/

https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00142.html

https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00161.html

https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00230.html

https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00655.html

https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00714.html

Details

Source: MITRE

Published: 2009-07-01

Updated: 2018-10-03

Type: CWE-119

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:libtiff:libtiff:3.8.2:*:*:*:*:*:*:*

Tenable Plugins

View all (41 total)

IDNameProductFamilySeverity
107853Solaris 10 (x86) : 119901-17NessusSolaris Local Security Checks
high
107852Solaris 10 (x86) : 119901-16NessusSolaris Local Security Checks
high
107851Solaris 10 (x86) : 119901-15NessusSolaris Local Security Checks
high
107350Solaris 10 (sparc) : 119900-18NessusSolaris Local Security Checks
high
107349Solaris 10 (sparc) : 119900-17NessusSolaris Local Security Checks
high
107348Solaris 10 (sparc) : 119900-16NessusSolaris Local Security Checks
high
79467OracleVM 2.1 : libtiff (OVMSA-2009-0027)NessusOracleVM Local Security Checks
high
67892Oracle Linux 3 / 4 / 5 : libtiff (ELSA-2009-1159)NessusOracle Linux Local Security Checks
high
65926Google Picasa < 3.9 Build 3.9.14.34 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
medium
65925Google Picasa < 3.9 Build 136.17 Multiple VulnerabilitiesNessusWindows
medium
60623Scientific Linux Security Update : libtiff for SL3.0.x, SL 4.x, SL 5.x on i386/x86_64NessusScientific Linux Local Security Checks
high
5491iTunes < 9.1 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
45391Apple iTunes < 9.1 Multiple Vulnerabilities (uncredentialed check)NessusPeer-To-Peer File Sharing
high
45390Apple iTunes < 9.1 Multiple Vulnerabilities (credentialed check)NessusWindows
high
5361Safari < 4.0.5 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
45045Safari < 4.0.5 Multiple VulnerabilitiesNessusWindows
high
44700Debian DSA-1835-1 : tiff - several vulnerabilitiesNessusDebian Local Security Checks
high
5337Apple iOS < 3.1.3 Multiple VulnerabilitiesNessus Network MonitorMobile Devices
high
44095Mac OS X Multiple Vulnerabilities (Security Update 2010-001)NessusMacOS X Local Security Checks
critical
42991Mandriva Linux Security Advisory : libtiff (MDVSA-2009:169-1)NessusMandriva Local Security Checks
high
800795Mac OS X 10.6 < 10.6.2 Multiple VulnerabilitiesLog Correlation EngineOperating System Detection
high
5227Mac OS X 10.6 < 10.6.2 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
42434Mac OS X 10.6.x < 10.6.2 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
42019openSUSE 10 Security Update : libtiff3 (libtiff3-6340)NessusSuSE Local Security Checks
medium
41552SuSE 10 Security Update : libtiff (ZYPP Patch Number 6337)NessusSuSE Local Security Checks
medium
41431SuSE 11 Security Update : libtiff3 (SAT Patch Number 1069)NessusSuSE Local Security Checks
medium
41311SuSE9 Security Update : libtiff (YOU Patch Number 12448)NessusSuSE Local Security Checks
medium
40519GLSA-200908-03 : libTIFF: User-assisted execution of arbitrary codeNessusGentoo Local Security Checks
high
40500openSUSE Security Update : libtiff3 (libtiff3-1071)NessusSuSE Local Security Checks
medium
40499openSUSE Security Update : libtiff3 (libtiff3-1071)NessusSuSE Local Security Checks
medium
40344CentOS 3 / 5 : libtiff (CESA-2009:1159)NessusCentOS Local Security Checks
high
39863Fedora 10 : compat-wxGTK26-2.6.4-10.fc10 / Fedora 11 : mingw32-libtiff-3.8.2-17.fc11 (2009-7763)NessusFedora Local Security Checks
medium
39857Fedora 10 : mingw32-libtiff-3.8.2-17.fc10 (2009-7717)NessusFedora Local Security Checks
medium
39850RHEL 3 / 4 / 5 : libtiff (RHSA-2009:1159)NessusRed Hat Local Security Checks
high
39849Mandriva Linux Security Advisory : libtiff (MDVSA-2009:150)NessusMandriva Local Security Checks
high
39620Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : tiff vulnerability (USN-797-1)NessusUbuntu Local Security Checks
medium
39613Fedora 11 : libtiff-3.8.2-13.fc11 (2009-7417)NessusFedora Local Security Checks
medium
39607Fedora 10 : libtiff-3.8.2-13.fc10 (2009-7358)NessusFedora Local Security Checks
medium
39604Fedora 9 : libtiff-3.8.2-13.fc9 (2009-7335)NessusFedora Local Security Checks
medium
22992Solaris 10 (x86) : 119901-17 (deprecated)NessusSolaris Local Security Checks
high
22959Solaris 10 (sparc) : 119900-18 (deprecated)NessusSolaris Local Security Checks
high