CVE - CVE-2012-3401

CVE-ID
CVE-2012-3401	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MLIST:[oss-security] 20120719 Re: tiff2pdf: Heap-based buffer overflow due to improper initialization of T2P context struct pointer URL:http://www.openwall.com/lists/oss-security/2012/07/19/4 MLIST:[oss-security] 20120719 tiff2pdf: Heap-based buffer overflow due to improper initialization of T2P context struct pointer URL:http://www.openwall.com/lists/oss-security/2012/07/19/1 MISC:http://libjpeg-turbo.svn.sourceforge.net/viewvc/libjpeg-turbo?view=revision&revision=830 MISC:https://bugzilla.redhat.com/attachment.cgi?id=596457 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=837577 CONFIRM:http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf DEBIAN:DSA-2552 URL:http://www.debian.org/security/2012/dsa-2552 GENTOO:GLSA-201209-02 URL:http://security.gentoo.org/glsa/glsa-201209-02.xml MANDRIVA:MDVSA-2012:127 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2012:127 REDHAT:RHSA-2012:1590 URL:http://rhn.redhat.com/errata/RHSA-2012-1590.html SUSE:openSUSE-SU-2012:0955 URL:http://lists.opensuse.org/opensuse-updates/2012-08/msg00011.html UBUNTU:USN-1511-1 URL:http://www.ubuntu.com/usn/USN-1511-1 BID:54601 URL:http://www.securityfocus.com/bid/54601 OSVDB:84090 URL:http://osvdb.org/84090 SECUNIA:49938 URL:http://secunia.com/advisories/49938 SECUNIA:50007 URL:http://secunia.com/advisories/50007 SECUNIA:50726 URL:http://secunia.com/advisories/50726 XF:libtiff-t2preadtiffinit-bo(77088) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77088
Assigning CNA
N/A
Date Entry Created
20120614	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20120614)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org