CVE-2011-1167

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.

References

http://blackberry.com/btsc/KB27244

http://bugzilla.maptools.org/show_bug.cgi?id=2300

http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html

http://lists.apple.com/archives/security-announce/2012/May/msg00001.html

http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html

http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html

http://secunia.com/advisories/43900

http://secunia.com/advisories/43934

http://secunia.com/advisories/43974

http://secunia.com/advisories/44117

http://secunia.com/advisories/44135

http://secunia.com/advisories/50726

http://security.gentoo.org/glsa/glsa-201209-02.xml

http://securityreason.com/securityalert/8165

http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820

http://support.apple.com/kb/HT5130

http://support.apple.com/kb/HT5281

http://support.apple.com/kb/HT5503

http://ubuntu.com/usn/usn-1102-1

http://www.debian.org/security/2011/dsa-2210

http://www.mandriva.com/security/advisories?name=MDVSA-2011:064

http://www.osvdb.org/71256

http://www.redhat.com/support/errata/RHSA-2011-0392.html

http://www.securityfocus.com/archive/1/517101/100/0/threaded

http://www.securityfocus.com/bid/46951

http://www.securitytracker.com/id?1025257

http://www.vupen.com/english/advisories/2011/0795

http://www.vupen.com/english/advisories/2011/0845

http://www.vupen.com/english/advisories/2011/0859

http://www.vupen.com/english/advisories/2011/0860

http://www.vupen.com/english/advisories/2011/0905

http://www.vupen.com/english/advisories/2011/0930

http://www.vupen.com/english/advisories/2011/0960

http://www.zerodayinitiative.com/advisories/ZDI-11-107

https://bugzilla.redhat.com/show_bug.cgi?id=684939

https://exchange.xforce.ibmcloud.com/vulnerabilities/66247

Details

Source: MITRE

Published: 2011-03-28

Updated: 2018-10-09

Type: CWE-119

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta18:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta24:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta28:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta29:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta31:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta32:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta34:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta35:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta36:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta37:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.6:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.6:beta:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.7:alpha:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.7:alpha2:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.7:alpha3:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.7:alpha4:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.7:beta:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.6.0:beta:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.6.0:beta2:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.0:alpha:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.0:beta:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.0:beta2:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.1:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.2:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.3:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.4:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.8.0:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.8.1:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.8.2:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.0:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.0:beta:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.1:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.2:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.2-5.2.1:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.3:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:* versions up to 3.9.4 (inclusive)

Tenable Plugins

View all (30 total)

IDNameProductFamilySeverity
75926openSUSE Security Update : libtiff-devel (openSUSE-SU-2011:0405-1)NessusSuSE Local Security Checks
medium
75621openSUSE Security Update : libtiff-devel (openSUSE-SU-2011:0405-1)NessusSuSE Local Security Checks
medium
68239Oracle Linux 4 / 5 / 6 : libtiff (ELSA-2011-0392)NessusOracle Linux Local Security Checks
medium
62357Apple TV < 5.1 Multiple VulnerabilitiesNessusGain a shell remotely
high
6589Apple iOS < 6.0 Multiple VulnerabilitiesNessus Network MonitorMobile Devices
high
62242Apple iOS < 6.0 Multiple VulnerabilitiesNessusMobile Devices
critical
62235GLSA-201209-02 : libTIFF: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
61000Scientific Linux Security Update : libtiff on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
medium
60999Scientific Linux Security Update : libtiff on SL4.x i386/x86_64NessusScientific Linux Local Security Checks
medium
59067Mac OS X Multiple Vulnerabilities (Security Update 2012-002) (BEAST)NessusMacOS X Local Security Checks
critical
6303Mac OS X 10.7 < 10.7.3 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
57797Mac OS X 10.7.x < 10.7.3 Multiple Vulnerabilities (BEAST)NessusMacOS X Local Security Checks
critical
57221SuSE 10 Security Update : libtiff (ZYPP Patch Number 7474)NessusSuSE Local Security Checks
high
55819BlackBerry Enterprise Server PNG and TIFF Image Processing Vulnerabilities (KB27244)NessusWindows
critical
53761openSUSE Security Update : libtiff-devel (openSUSE-SU-2011:0409-1)NessusSuSE Local Security Checks
medium
53635Fedora 14 : mingw32-libtiff-3.9.5-1.fc14 (2011-5962)NessusFedora Local Security Checks
medium
53634Fedora 13 : mingw32-libtiff-3.9.5-1.fc13 (2011-5955)NessusFedora Local Security Checks
medium
53612Fedora 15 : mingw32-libtiff-3.9.5-1.fc15 (2011-5991)NessusFedora Local Security Checks
medium
53591SuSE 10 Security Update : libtiff (ZYPP Patch Number 7473)NessusSuSE Local Security Checks
medium
53588SuSE 11.1 Security Update : libtiff (SAT Patch Number 4397)NessusSuSE Local Security Checks
medium
53585SuSE9 Security Update : libtiff (YOU Patch Number 12702)NessusSuSE Local Security Checks
medium
53560Fedora 15 : libtiff-3.9.5-1.fc15 (2011-5336)NessusFedora Local Security Checks
high
53364Fedora 13 : libtiff-3.9.4-4.fc13 (2011-3827)NessusFedora Local Security Checks
high
53362Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 9.0 / 9.1 / current : libtiff (SSA:2011-098-01)NessusSlackware Local Security Checks
high
53345Fedora 14 : libtiff-3.9.4-4.fc14 (2011-3836)NessusFedora Local Security Checks
high
53294Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : tiff vulnerability (USN-1102-1)NessusUbuntu Local Security Checks
medium
53290Mandriva Linux Security Advisory : libtiff (MDVSA-2011:064)NessusMandriva Local Security Checks
high
53260Debian DSA-2210-1 : tiff - several vulnerabilitiesNessusDebian Local Security Checks
high
53239CentOS 4 / 5 : libtiff (CESA-2011:0392)NessusCentOS Local Security Checks
medium
53206RHEL 4 / 5 / 6 : libtiff (RHSA-2011:0392)NessusRed Hat Local Security Checks
medium