Vulnerability Description
Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libtiff | Libtiff | 3.8.0 |
Related Weaknesses (CWE)
References
- http://article.gmane.org/gmane.linux.debian.devel.changes.unstable/178563/Patch
- http://bugzilla.maptools.org/show_bug.cgi?id=2079Patch
- http://osvdb.org/55821
- http://osvdb.org/55822
- http://secunia.com/advisories/35811
- http://secunia.com/advisories/35817Vendor Advisory
- http://secunia.com/advisories/35866
- http://secunia.com/advisories/35883
- http://secunia.com/advisories/35911
- http://secunia.com/advisories/36194
- http://secunia.com/advisories/50726
- http://security.gentoo.org/glsa/glsa-200908-03.xml
- http://security.gentoo.org/glsa/glsa-201209-02.xml
- http://www.debian.org/security/2009/dsa-1835
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:150Patch
FAQ
What is CVE-2009-2347?
CVE-2009-2347 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1)...
How severe is CVE-2009-2347?
CVE-2009-2347 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2347?
Check the references section above for vendor advisories and patch information. Affected products include: Libtiff Libtiff.