CVE-2012-2113

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.

References

http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00010.html

http://rhn.redhat.com/errata/RHSA-2012-1054.html

http://secunia.com/advisories/49493

http://secunia.com/advisories/49686

http://secunia.com/advisories/50726

http://security.gentoo.org/glsa/glsa-201209-02.xml

http://www.debian.org/security/2012/dsa-2552

http://www.mandriva.com/security/advisories?name=MDVSA-2012:101

http://www.remotesensing.org/libtiff/v4.0.2.html

http://www.securityfocus.com/bid/54076

https://bugzilla.redhat.com/show_bug.cgi?id=810551

https://hermes.opensuse.org/messages/15083566

Details

Source: MITRE

Published: 2012-07-22

Updated: 2017-12-29

Type: CWE-189

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta18:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta24:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta28:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta29:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta31:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta32:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta34:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta35:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta36:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta37:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.6:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.6:beta:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.7:alpha:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.7:alpha2:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.7:alpha3:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.7:alpha4:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.7:beta:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.6.0:beta:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.6.0:beta2:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.0:alpha:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.0:beta:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.0:beta2:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.1:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.2:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.3:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.4:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.8.0:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.8.1:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.8.2:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.0:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.0:beta:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.1:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.2:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.2-5.2.1:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.3:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.4:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.5:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:4.0:alpha:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:4.0:beta1:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:4.0:beta2:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:4.0:beta3:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:4.0:beta4:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:4.0:beta5:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:4.0:beta6:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:* versions up to 4.0.1 (inclusive)

Tenable Plugins

View all (17 total)

IDNameProductFamilySeverity
83916Scientific Linux Security Update : libtiff on SL5.x, SL6.x i386/x86_64 (20120703)NessusScientific Linux Local Security Checks
high
80680Oracle Solaris Third-Party Patch Update : libtiff (cve_2012_2088_denial_of)NessusSolaris Local Security Checks
high
74663openSUSE Security Update : tiff (openSUSE-SU-2012:0829-1)NessusSuSE Local Security Checks
high
70499Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : libtiff (SSA:2013-290-01)NessusSlackware Local Security Checks
high
69596Amazon Linux AMI : libtiff (ALAS-2012-106)NessusAmazon Linux Local Security Checks
high
68572Oracle Linux 5 / 6 : libtiff (ELSA-2012-1054)NessusOracle Linux Local Security Checks
high
66060Mandriva Linux Security Advisory : libtiff (MDVSA-2013:046)NessusMandriva Local Security Checks
high
64197SuSE 11.1 Security Update : libtiff (SAT Patch Number 6475)NessusSuSE Local Security Checks
high
62317Debian DSA-2552-1 : tiff - several vulnerabilitiesNessusDebian Local Security Checks
high
62235GLSA-201209-02 : libTIFF: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
60077SuSE 10 Security Update : libtiff (ZYPP Patch Number 8199)NessusSuSE Local Security Checks
high
59973Fedora 16 : libtiff-3.9.6-1.fc16 (2012-10089)NessusFedora Local Security Checks
high
59972Fedora 17 : libtiff-3.9.6-1.fc17 (2012-10081)NessusFedora Local Security Checks
high
59856Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : tiff vulnerabilities (USN-1498-1)NessusUbuntu Local Security Checks
high
59844RHEL 5 / 6 : libtiff (RHSA-2012:1054)NessusRed Hat Local Security Checks
high
59843Mandriva Linux Security Advisory : libtiff (MDVSA-2012:101)NessusMandriva Local Security Checks
high
59838CentOS 5 / 6 : libtiff (CESA-2012:1054)NessusCentOS Local Security Checks
high