CVE-2012-3401

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow.

References

http://libjpeg-turbo.svn.sourceforge.net/viewvc/libjpeg-turbo?view=revision&revision=830

http://lists.opensuse.org/opensuse-updates/2012-08/msg00011.html

http://osvdb.org/84090

http://rhn.redhat.com/errata/RHSA-2012-1590.html

http://secunia.com/advisories/49938

http://secunia.com/advisories/50007

http://secunia.com/advisories/50726

http://security.gentoo.org/glsa/glsa-201209-02.xml

http://www.debian.org/security/2012/dsa-2552

http://www.mandriva.com/security/advisories?name=MDVSA-2012:127

http://www.openwall.com/lists/oss-security/2012/07/19/1

http://www.openwall.com/lists/oss-security/2012/07/19/4

http://www.securityfocus.com/bid/54601

http://www.ubuntu.com/usn/USN-1511-1

http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf

https://bugzilla.redhat.com/attachment.cgi?id=596457

https://bugzilla.redhat.com/show_bug.cgi?id=837577

https://exchange.xforce.ibmcloud.com/vulnerabilities/77088

Details

Source: MITRE

Published: 2012-08-13

Updated: 2017-08-29

Type: CWE-119

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta18:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta24:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta28:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta29:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta31:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta32:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta34:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta35:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta36:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta37:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.6:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.6:beta:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.7:alpha:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.7:alpha2:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.7:alpha3:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.7:alpha4:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.7:beta:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.6.0:beta:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.6.0:beta2:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.0:alpha:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.0:beta:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.0:beta2:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.1:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.2:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.3:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.4:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.8.0:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.8.1:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.8.2:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.0:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.0:beta:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.1:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.2:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.2-5.2.1:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.3:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.4:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:4.0:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:4.0:alpha:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:4.0:beta1:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:4.0:beta2:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:4.0:beta3:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:4.0:beta4:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:4.0:beta5:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:4.0:beta6:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:* versions up to 4.0.2 (inclusive)

Tenable Plugins

View all (19 total)

IDNameProductFamilySeverity
80685Oracle Solaris Third-Party Patch Update : libtiff (cve_2012_3401_denial_of)NessusSolaris Local Security Checks
medium
74701openSUSE Security Update : tiff (openSUSE-SU-2012:0955-1)NessusSuSE Local Security Checks
medium
69637Amazon Linux AMI : libtiff (ALAS-2012-147)NessusAmazon Linux Local Security Checks
medium
68667Oracle Linux 5 / 6 : libtiff (ELSA-2012-1590)NessusOracle Linux Local Security Checks
medium
66060Mandriva Linux Security Advisory : libtiff (MDVSA-2013:046)NessusMandriva Local Security Checks
high
64198SuSE 11.1 Security Update : libtiff (SAT Patch Number 6579)NessusSuSE Local Security Checks
medium
63493Fedora 18 : libtiff-4.0.3-2.fc18 (2012-20348)NessusFedora Local Security Checks
medium
63363Fedora 17 : libtiff-3.9.7-1.fc17 (2012-20446)NessusFedora Local Security Checks
medium
63362Fedora 16 : libtiff-3.9.7-1.fc16 (2012-20404)NessusFedora Local Security Checks
medium
63314Scientific Linux Security Update : libtiff on SL5.x, SL6.x i386/x86_64 (20121218)NessusScientific Linux Local Security Checks
medium
63306CentOS 5 / 6 : libtiff (CESA-2012:1590)NessusCentOS Local Security Checks
medium
63293RHEL 5 / 6 : libtiff (RHSA-2012:1590)NessusRed Hat Local Security Checks
medium
62317Debian DSA-2552-1 : tiff - several vulnerabilitiesNessusDebian Local Security Checks
high
62235GLSA-201209-02 : libTIFF: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
61976Mandriva Linux Security Advisory : libtiff (MDVSA-2012:127)NessusMandriva Local Security Checks
medium
61466Fedora 16 : libtiff-3.9.6-2.fc16 (2012-10978)NessusFedora Local Security Checks
medium
60152SuSE 10 Security Update : libtiff (ZYPP Patch Number 8230)NessusSuSE Local Security Checks
medium
60133Fedora 17 : libtiff-3.9.6-2.fc17 (2012-11000)NessusFedora Local Security Checks
medium
60078Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : tiff vulnerability (USN-1511-1)NessusUbuntu Local Security Checks
medium