CVE-2012-1173

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow.

References

http://bugzilla.maptools.org/attachment.cgi?id=477&action=diff

http://bugzilla.maptools.org/show_bug.cgi?id=2369

http://home.gdal.org/private/zdi-can-1221/zdi-can-1221.txt

http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html

http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077463.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078403.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078835.html

http://rhn.redhat.com/errata/RHSA-2012-0468.html

http://secunia.com/advisories/48684

http://secunia.com/advisories/48722

http://secunia.com/advisories/48735

http://secunia.com/advisories/48757

http://secunia.com/advisories/48893

http://secunia.com/advisories/50726

http://security.gentoo.org/glsa/glsa-201209-02.xml

http://support.apple.com/kb/HT5501

http://support.apple.com/kb/HT5503

http://ubuntu.com/usn/usn-1416-1

http://www.debian.org/security/2012/dsa-2447

http://www.mandriva.com/security/advisories?name=MDVSA-2012:054

http://www.osvdb.org/81025

http://www.securityfocus.com/bid/52891

http://www.securitytracker.com/id?1026895

https://downloads.avaya.com/css/P8/documents/100161772

https://exchange.xforce.ibmcloud.com/vulnerabilities/74656

https://hermes.opensuse.org/messages/14302713

Details

Source: MITRE

Published: 2012-06-04

Updated: 2018-01-18

Type: CWE-189

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:libtiff:libtiff:3.9.4:*:*:*:*:*:*:*

Tenable Plugins

View all (24 total)

IDNameProductFamilySeverity
80679Oracle Solaris Third-Party Patch Update : libtiff (cve_2012_1173_numeric_errors)NessusSolaris Local Security Checks
medium
80447F5 Networks BIG-IP : Libtiff vulnerabilities (SOL15863)NessusF5 Networks Local Security Checks
high
74603openSUSE Security Update : tiff (openSUSE-SU-2012:0539-1)NessusSuSE Local Security Checks
medium
69672Amazon Linux AMI : libtiff (ALAS-2012-65)NessusAmazon Linux Local Security Checks
medium
68509Oracle Linux 5 / 6 : libtiff (ELSA-2012-0468)NessusOracle Linux Local Security Checks
medium
62357Apple TV < 5.1 Multiple VulnerabilitiesNessusGain a shell remotely
high
6589Apple iOS < 6.0 Multiple VulnerabilitiesNessus Network MonitorMobile Devices
high
62242Apple iOS < 6.0 Multiple VulnerabilitiesNessusMobile Devices
critical
62235GLSA-201209-02 : libTIFF: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
6583Mac OS X 10.7 < 10.7.5 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
62214Mac OS X 10.7.x < 10.7.5 Multiple Vulnerabilities (BEAST)NessusMacOS X Local Security Checks
critical
62213Mac OS X Multiple Vulnerabilities (Security Update 2012-004) (BEAST)NessusMacOS X Local Security Checks
critical
61296Scientific Linux Security Update : libtiff on SL5.x, SL6.x i386/x86_64 (20120410)NessusScientific Linux Local Security Checks
medium
59478Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 9.0 / 9.1 / current : libtiff (SSA:2012-098-01)NessusSlackware Local Security Checks
medium
58818Fedora 16 : libtiff-3.9.5-3.fc16 (2012-5410)NessusFedora Local Security Checks
medium
58785Fedora 15 : libtiff-3.9.5-3.fc15 (2012-5406)NessusFedora Local Security Checks
medium
58777SuSE 10 Security Update : tiff (ZYPP Patch Number 8055)NessusSuSE Local Security Checks
medium
58775SuSE 11.1 Security Update : libtiff (SAT Patch Number 6106)NessusSuSE Local Security Checks
medium
58713Fedora 17 : libtiff-3.9.5-3.fc17 (2012-5463)NessusFedora Local Security Checks
medium
58675RHEL 5 / 6 : libtiff (RHSA-2012:0468)NessusRed Hat Local Security Checks
medium
58666CentOS 5 / 6 : libtiff (CESA-2012:0468)NessusCentOS Local Security Checks
medium
58608Debian DSA-2447-1 : tiff - integer overflowNessusDebian Local Security Checks
medium
58600Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : tiff vulnerabilities (USN-1416-1)NessusUbuntu Local Security Checks
medium
58599Mandriva Linux Security Advisory : libtiff (MDVSA-2012:054)NessusMandriva Local Security Checks
medium