PT-2012-6335 · Libtiff+3 · Libtiff+3

Karel Volný

Published

1970-01-01

Updated

2024-06-15

CVE-2012-2113

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions libtiff versions prior to 4.0.2

Description The issue involves multiple vulnerabilities in the libtiff package, which can lead to a disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely, potentially causing a denial of service or allowing the execution of arbitrary code via a crafted TIFF image, triggering a heap-based buffer overflow.

Recommendations For libtiff versions prior to 4.0.2, update to version 4.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to TIFF images from untrusted sources to minimize the risk of exploitation. Avoid using the tiff2pdf function in libtiff until the issue is resolved.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

BDU:2015-04494

BDU:2015-04495

BDU:2015-04496

BDU:2015-04497

BDU:2015-04498

BDU:2015-04499

BDU:2015-04500

BDU:2015-04501

BDU:2015-04502

BDU:2015-04503

BDU:2015-04504

BDU:2015-09646

CESA-2012_1054

CVE-2012-2113

DSA-2552-1

OPENSUSE-SU-2024:10554-1

RHSA-2012:1054

RHSA-2012_1054

Affected Products

Centos

Red Hat

Suse

Libtiff

PT-2012-6335 · Libtiff+3 · Libtiff+3

CVE-2012-2113

Weakness Enumeration

Related Identifiers

Affected Products

References · 90