6.8
CVE-2011-1167
- EPSS 6.23%
- Veröffentlicht 28.03.2011 16:55:04
- Zuletzt bearbeitet 16.06.2026 23:28:51
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.23% | 0.926 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://secunia.com/advisories/50726
http://security.gentoo.org/glsa/glsa-201209-02.xml
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://support.apple.com/kb/HT5130
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://blackberry.com/btsc/KB27244
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://support.apple.com/kb/HT5281
http://secunia.com/advisories/43934
http://www.debian.org/security/2011/dsa-2210
http://www.mandriva.com/security/advisories?name=MDVSA-2011:064
http://www.vupen.com/english/advisories/2011/0845
http://www.vupen.com/english/advisories/2011/0859
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html
http://secunia.com/advisories/44117
http://secunia.com/advisories/44135
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820
http://www.vupen.com/english/advisories/2011/0905
http://www.vupen.com/english/advisories/2011/0930
http://www.vupen.com/english/advisories/2011/0960
http://bugzilla.maptools.org/show_bug.cgi?id=2300
http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
http://secunia.com/advisories/43900
http://secunia.com/advisories/43974
http://securityreason.com/securityalert/8165
http://support.apple.com/kb/HT5503
http://ubuntu.com/usn/usn-1102-1
http://www.osvdb.org/71256
http://www.redhat.com/support/errata/RHSA-2011-0392.html
http://www.securityfocus.com/archive/1/517101/100/0/threaded
http://www.securityfocus.com/bid/46951
http://www.securitytracker.com/id?1025257
http://www.vupen.com/english/advisories/2011/0795
http://www.vupen.com/english/advisories/2011/0860
http://www.zerodayinitiative.com/advisories/ZDI-11-107
https://bugzilla.redhat.com/show_bug.cgi?id=684939
https://exchange.xforce.ibmcloud.com/vulnerabilities/66247