PT-2012-6335 · Libtiff+3 · Libtiff+3

Karel Volný

Publicado

1970-01-01

Atualizado

2024-06-15

CVE-2012-2113

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions libtiff versions prior to 4.0.2

Description The issue involves multiple vulnerabilities in the libtiff package, which can lead to a disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely, potentially causing a denial of service or allowing the execution of arbitrary code via a crafted TIFF image, triggering a heap-based buffer overflow.

Recommendations For libtiff versions prior to 4.0.2, update to version 4.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to TIFF images from untrusted sources to minimize the risk of exploitation. Avoid using the tiff2pdf function in libtiff until the issue is resolved.

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-189

Identificadores relacionados

BDU:2015-04494

BDU:2015-04495

BDU:2015-04496

BDU:2015-04497

BDU:2015-04498

BDU:2015-04499

BDU:2015-04500

BDU:2015-04501

BDU:2015-04502

BDU:2015-04503

BDU:2015-04504

BDU:2015-09646

CESA-2012_1054

CVE-2012-2113

DSA-2552-1

OPENSUSE-SU-2024:10554-1

RHSA-2012:1054

RHSA-2012_1054

Produtos afetados

Centos

Red Hat

Suse

Libtiff

PT-2012-6335 · Libtiff+3 · Libtiff+3

CVE-2012-2113

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 90