6.8

CVE-2012-4564

Exploit
ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LibtiffLibtiff Version <= 4.0.3
DebianDebian Linux Version6.0
DebianDebian Linux Version7.0
CanonicalUbuntu Linux Version8.04 SwEdition-
CanonicalUbuntu Linux Version10.04 SwEdition-
CanonicalUbuntu Linux Version11.10
CanonicalUbuntu Linux Version12.04 SwEditionesm
CanonicalUbuntu Linux Version12.10
RedhatEnterprise Linux Eus Version6.3
OpensuseOpensuse Version11.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 13.52% 0.96
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://rhn.redhat.com/errata/RHSA-2012-1590.html
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.html
Third Party Advisory
Mailing List
http://www.ubuntu.com/usn/USN-1631-1
Third Party Advisory
http://secunia.com/advisories/51133
Third Party Advisory
Vendor Advisory
http://www.debian.org/security/2012/dsa-2575
Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/11/02/3
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2012/11/02/7
Third Party Advisory
Mailing List
http://www.osvdb.org/86878
Broken Link
http://www.securityfocus.com/bid/56372
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=871700
Patch
Third Party Advisory
Exploit
Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/79750
Third Party Advisory
VDB Entry