CVE-2009-2347
libtiff: integer overflows in various inter-color spaces conversion tools (crash, ACE)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.
Múltiples desbordamientos de enteros en las herramientas de conversión de inter-color spaces de libtiff v3.8 hasta v3.8.2 y v4.0, permiten a atacantes dependientes del contexto ejecutar código de su elección a través de una imagen TIFF con valores grandes para el (1) ancho y (2) alto. Esto provoca un desbordamiento de búfer basado en memoria dinámica -heap- en (a) la función cvt_whole_image de tiff2rgba y (b) la función tiffcvt de rgb2ycbcr.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-07-07 CVE Reserved
- 2009-07-14 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-189: Numeric Errors
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (31)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/55821 | Vdb Entry | |
| http://osvdb.org/55822 | Vdb Entry | |
| http://secunia.com/advisories/35811 | Third Party Advisory | |
| http://secunia.com/advisories/35866 | Third Party Advisory | |
| http://secunia.com/advisories/35883 | Third Party Advisory | |
| http://secunia.com/advisories/35911 | Third Party Advisory | |
| http://secunia.com/advisories/36194 | Third Party Advisory | |
| http://secunia.com/advisories/50726 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/504892/100/0/threaded | Mailing List | |
| http://www.securitytracker.com/id?1022539 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2011/0621 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/51688 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10988 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://article.gmane.org/gmane.linux.debian.devel.changes.unstable/178563 | 2018-10-10 | |
| http://bugzilla.maptools.org/show_bug.cgi?id=2079 | 2018-10-10 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2009:150 | 2018-10-10 | |
| http://www.ocert.org/advisories/ocert-2009-012.html | 2018-10-10 | |
| http://www.securityfocus.com/bid/35652 | 2018-10-10 | |
| http://www.vupen.com/english/advisories/2009/1870 | 2018-10-10 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2347 | 2018-10-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Libtiff Search vendor "Libtiff" | Libtiff Search vendor "Libtiff" for product "Libtiff" | 3.8.0 Search vendor "Libtiff" for product "Libtiff" and version "3.8.0" | - |
Affected
| ||||||
| Libtiff Search vendor "Libtiff" | Libtiff Search vendor "Libtiff" for product "Libtiff" | 3.8.1 Search vendor "Libtiff" for product "Libtiff" and version "3.8.1" | - |
Affected
| ||||||
| Libtiff Search vendor "Libtiff" | Libtiff Search vendor "Libtiff" for product "Libtiff" | 3.8.2 Search vendor "Libtiff" for product "Libtiff" and version "3.8.2" | - |
Affected
| ||||||
| Libtiff Search vendor "Libtiff" | Libtiff Search vendor "Libtiff" for product "Libtiff" | 3.9 Search vendor "Libtiff" for product "Libtiff" and version "3.9" | - |
Affected
| ||||||
| Libtiff Search vendor "Libtiff" | Libtiff Search vendor "Libtiff" for product "Libtiff" | 4.0 Search vendor "Libtiff" for product "Libtiff" and version "4.0" | - |
Affected
| ||||||