CVE - CVE-2009-2347

CVE-ID
CVE-2009-2347	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:35652 URL:http://www.securityfocus.com/bid/35652 BUGTRAQ:20090713 [oCERT-2009-012] libtiff tools integer overflows URL:http://www.securityfocus.com/archive/1/504892/100/0/threaded CONFIRM:http://article.gmane.org/gmane.linux.debian.devel.changes.unstable/178563/ CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2079 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2347 DEBIAN:DSA-1835 URL:http://www.debian.org/security/2009/dsa-1835 FEDORA:FEDORA-2009-7724 URL:https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00663.html FEDORA:FEDORA-2009-7775 URL:https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00724.html GENTOO:GLSA-200908-03 URL:http://security.gentoo.org/glsa/glsa-200908-03.xml GENTOO:GLSA-201209-02 URL:http://security.gentoo.org/glsa/glsa-201209-02.xml MANDRIVA:MDVSA-2009:150 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2009:150~~ (Obsolete source) MANDRIVA:MDVSA-2011:043 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2011:043~~ (Obsolete source) MISC:http://www.ocert.org/advisories/ocert-2009-012.html OSVDB:55821 URL:~~http://osvdb.org/55821~~ (Obsolete source) OSVDB:55822 URL:~~http://osvdb.org/55822~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:10988 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10988 REDHAT:RHSA-2009:1159 URL:http://www.redhat.com/support/errata/RHSA-2009-1159.html SECTRACK:1022539 URL:http://www.securitytracker.com/id?1022539 SECUNIA:35811 URL:http://secunia.com/advisories/35811 SECUNIA:35817 URL:http://secunia.com/advisories/35817 SECUNIA:35866 URL:http://secunia.com/advisories/35866 SECUNIA:35883 URL:http://secunia.com/advisories/35883 SECUNIA:35911 URL:http://secunia.com/advisories/35911 SECUNIA:36194 URL:http://secunia.com/advisories/36194 SECUNIA:50726 URL:http://secunia.com/advisories/50726 UBUNTU:USN-801-1 URL:http://www.ubuntu.com/usn/USN-801-1 VUPEN:ADV-2009-1870 URL:~~http://www.vupen.com/english/advisories/2009/1870~~ (Obsolete source) VUPEN:ADV-2011-0621 URL:~~http://www.vupen.com/english/advisories/2011/0621~~ (Obsolete source) XF:libtiff-rgb2ycbcr-tiff2rgba-bo(51688) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/51688
Assigning CNA
MITRE Corporation
Date Record Created
20090707	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090707)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)