CVE-2012-4564 — MEDIUM (6.8)

Q: How severe is CVE-2012-4564?

CVE-2012-4564 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2012-4564?

Check the references section above for vendor advisories and patch information. Affected products include: Libtiff Libtiff, Debian Debian Linux, Canonical Ubuntu Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus.

Vulnerability Description

ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow.

CVSS Score

6.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Libtiff	Libtiff	<= 4.0.3
Debian	Debian Linux	6.0
Canonical	Ubuntu Linux	8.04
Redhat	Enterprise Linux Desktop	5.0
Redhat	Enterprise Linux Eus	6.3
Redhat	Enterprise Linux Server	5.0
Redhat	Enterprise Linux Workstation	5.0
Opensuse	Opensuse	11.4

References

http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.htmlMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1590.htmlThird Party Advisory
http://secunia.com/advisories/51133Third Party AdvisoryVendor Advisory
http://www.debian.org/security/2012/dsa-2575Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/11/02/3Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2012/11/02/7Mailing ListThird Party Advisory
http://www.osvdb.org/86878Broken Link
http://www.securityfocus.com/bid/56372Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-1631-1Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=871700ExploitIssue TrackingPatch
https://exchange.xforce.ibmcloud.com/vulnerabilities/79750Third Party AdvisoryVDB Entry
http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.htmlMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1590.htmlThird Party Advisory
http://secunia.com/advisories/51133Third Party AdvisoryVendor Advisory
http://www.debian.org/security/2012/dsa-2575Third Party Advisory

FAQ

What is CVE-2012-4564?

CVE-2012-4564 is a vulnerability with a CVSS score of 6.8 (MEDIUM). ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM imag...

How severe is CVE-2012-4564?

CVE-2012-4564 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-4564?

Check the references section above for vendor advisories and patch information. Affected products include: Libtiff Libtiff, Debian Debian Linux, Canonical Ubuntu Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus.