9.3

CVE-2009-2347

Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LibtiffLibtiff Version3.8.0
LibtiffLibtiff Version3.8.1
LibtiffLibtiff Version3.8.2
LibtiffLibtiff Version3.9
LibtiffLibtiff Version4.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.15% 0.895
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/35866
http://secunia.com/advisories/35883
http://secunia.com/advisories/36194
http://security.gentoo.org/glsa/glsa-200908-03.xml
http://www.debian.org/security/2009/dsa-1835
http://www.redhat.com/support/errata/RHSA-2009-1159.html
http://article.gmane.org/gmane.linux.debian.devel.changes.unstable/178563/
Patch
http://bugzilla.maptools.org/show_bug.cgi?id=2079
Patch
http://osvdb.org/55821
http://osvdb.org/55822
http://secunia.com/advisories/35811
http://secunia.com/advisories/35817
Vendor Advisory
http://secunia.com/advisories/35911
http://secunia.com/advisories/50726
http://security.gentoo.org/glsa/glsa-201209-02.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:150
Patch
http://www.mandriva.com/security/advisories?name=MDVSA-2011:043
http://www.ocert.org/advisories/ocert-2009-012.html
Patch
http://www.securityfocus.com/archive/1/504892/100/0/threaded
http://www.securityfocus.com/bid/35652
Patch
http://www.securitytracker.com/id?1022539
http://www.ubuntu.com/usn/USN-801-1
http://www.vupen.com/english/advisories/2009/1870
Patch
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0621
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2347
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/51688
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10988
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00663.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00724.html