CVE-2012-2088

HIGH

Description

Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow.

References

http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00010.html

http://rhn.redhat.com/errata/RHSA-2012-1054.html

http://secunia.com/advisories/49686

http://secunia.com/advisories/50726

http://security.gentoo.org/glsa/glsa-201209-02.xml

http://support.apple.com/kb/HT6162

http://support.apple.com/kb/HT6163

http://www.mandriva.com/security/advisories?name=MDVSA-2012:101

http://www.securityfocus.com/bid/54270

https://bugzilla.redhat.com/show_bug.cgi?id=832864

https://hermes.opensuse.org/messages/15083566

Details

Source: MITRE

Published: 2012-07-22

Updated: 2017-12-29

Type: CWE-189

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta18:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta24:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta28:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta29:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta31:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta32:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta34:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta35:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta36:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta37:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.6:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.6:beta:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.7:alpha:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.7:alpha2:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.7:alpha3:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.7:alpha4:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.7:beta:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.6.0:beta:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.6.0:beta2:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.0:alpha:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.0:beta:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.0:beta2:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.1:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.2:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.3:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.4:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.8.0:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.8.1:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.8.2:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.0:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.0:beta:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.1:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.2:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.2-5.2.1:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.3:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:* versions up to 3.9.4 (inclusive)

Tenable Plugins

View all (27 total)

IDNameProductFamilySeverity
83916Scientific Linux Security Update : libtiff on SL5.x, SL6.x i386/x86_64 (20120703)NessusScientific Linux Local Security Checks
high
80680Oracle Solaris Third-Party Patch Update : libtiff (cve_2012_2088_denial_of)NessusSolaris Local Security Checks
high
80447F5 Networks BIG-IP : Libtiff vulnerabilities (SOL15863)NessusF5 Networks Local Security Checks
high
74663openSUSE Security Update : tiff (openSUSE-SU-2012:0829-1)NessusSuSE Local Security Checks
high
8250Apple TV < 6.1 Multiple VulnerabilitiesNessus Network MonitorInternet Services
high
72962Apple TV < 6.1 Multiple VulnerabilitiesNessusMisc.
high
8155Apple iOS < 7.1 Multiple VulnerabilitiesNessus Network MonitorMobile Devices
high
72907Apple iOS < 7.1 Multiple VulnerabilitiesNessusMobile Devices
high
70499Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : libtiff (SSA:2013-290-01)NessusSlackware Local Security Checks
high
69596Amazon Linux AMI : libtiff (ALAS-2012-106)NessusAmazon Linux Local Security Checks
high
68572Oracle Linux 5 / 6 : libtiff (ELSA-2012-1054)NessusOracle Linux Local Security Checks
high
66060Mandriva Linux Security Advisory : libtiff (MDVSA-2013:046)NessusMandriva Local Security Checks
high
65643BlackBerry Enterprise Server TIFF Image Processing Vulnerabilities (KB33425)NessusWindows
high
801018Mac OS X 10.8 < 10.8.3 Multiple Vulnerabilities (Security Update 2013-001)Log Correlation EngineOperating System Detection
high
6717Mac OS X 10.8 < 10.8.3 Multiple Vulnerabilities (Security Update 2013-001)Nessus Network MonitorWeb Clients
high
65578Mac OS X Multiple Vulnerabilities (Security Update 2013-001)NessusMacOS X Local Security Checks
high
65577Mac OS X 10.8.x < 10.8.3 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high
64197SuSE 11.1 Security Update : libtiff (SAT Patch Number 6475)NessusSuSE Local Security Checks
high
62317Debian DSA-2552-1 : tiff - several vulnerabilitiesNessusDebian Local Security Checks
high
62235GLSA-201209-02 : libTIFF: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
60077SuSE 10 Security Update : libtiff (ZYPP Patch Number 8199)NessusSuSE Local Security Checks
high
59973Fedora 16 : libtiff-3.9.6-1.fc16 (2012-10089)NessusFedora Local Security Checks
high
59972Fedora 17 : libtiff-3.9.6-1.fc17 (2012-10081)NessusFedora Local Security Checks
high
59856Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : tiff vulnerabilities (USN-1498-1)NessusUbuntu Local Security Checks
high
59844RHEL 5 / 6 : libtiff (RHSA-2012:1054)NessusRed Hat Local Security Checks
high
59843Mandriva Linux Security Advisory : libtiff (MDVSA-2012:101)NessusMandriva Local Security Checks
high
59838CentOS 5 / 6 : libtiff (CESA-2012:1054)NessusCentOS Local Security Checks
high