CVE-2012-2088: Buffer Overflow
First published: Mon Jun 18 2012(Updated: )
A type-conversion flaw leading to a heap-based buffer overflow was found in the way libtiff reads certain tiled tiff files. An attacker could create a specially-crafted TIFF image that, when opened, could cause an application using libtiff to crash or, possibly, execute arbitrary code with the privileges of the user running the application. This issue does affects only version 3.x, but is fixed in upstream 4.x This bug has been split from: <a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED ERRATA - CVE-2012-2113 libtiff: integer overflow in tiff2pdf leading to heap-buffer overflow when reading a tiled tiff file" href="show_bug.cgi?id=810551">bug 810551</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| tiff | <=3.9.4 | |
| tiff | =3.4 | |
| tiff | =3.4-beta18 | |
| tiff | =3.4-beta24 | |
| tiff | =3.4-beta28 | |
| tiff | =3.4-beta29 | |
| tiff | =3.4-beta31 | |
| tiff | =3.4-beta32 | |
| tiff | =3.4-beta34 | |
| tiff | =3.4-beta35 | |
| tiff | =3.4-beta36 | |
| tiff | =3.4-beta37 | |
| tiff | =3.5.1 | |
| tiff | =3.5.2 | |
| tiff | =3.5.3 | |
| tiff | =3.5.4 | |
| tiff | =3.5.5 | |
| tiff | =3.5.6 | |
| tiff | =3.5.6-beta | |
| tiff | =3.5.7 | |
| tiff | =3.5.7-alpha | |
| tiff | =3.5.7-alpha2 | |
| tiff | =3.5.7-alpha3 | |
| tiff | =3.5.7-alpha4 | |
| tiff | =3.5.7-beta | |
| tiff | =3.6.0 | |
| tiff | =3.6.0-beta | |
| tiff | =3.6.0-beta2 | |
| tiff | =3.6.1 | |
| tiff | =3.7.0 | |
| tiff | =3.7.0-alpha | |
| tiff | =3.7.0-beta | |
| tiff | =3.7.0-beta2 | |
| tiff | =3.7.1 | |
| tiff | =3.7.2 | |
| tiff | =3.7.3 | |
| tiff | =3.7.4 | |
| tiff | =3.8.0 | |
| tiff | =3.8.1 | |
| tiff | =3.8.2 | |
| tiff | =3.9 | |
| tiff | =3.9.0 | |
| tiff | =3.9.0-beta | |
| tiff | =3.9.1 | |
| tiff | =3.9.2 | |
| tiff | =3.9.2-5.2.1 | |
| tiff | =3.9.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=810551
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=832866
- https://rhn.redhat.com/errata/RHSA-2012-1054.html
- https://bugzilla.redhat.com/show_bug.cgi?id=832864
- http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00010.html
- http://rhn.redhat.com/errata/RHSA-2012-1054.html
- http://secunia.com/advisories/49686
- http://secunia.com/advisories/50726
- http://security.gentoo.org/glsa/glsa-201209-02.xml
- http://support.apple.com/kb/HT6162
- http://support.apple.com/kb/HT6163
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:101
- http://www.securityfocus.com/bid/54270
- https://hermes.opensuse.org/messages/15083566
Frequently Asked Questions
What is the severity of CVE-2012-2088?
CVE-2012-2088 has a severity rating of high due to the potential for remote code execution and application crashes.
How do I fix CVE-2012-2088?
To fix CVE-2012-2088, update libtiff to version 3.9.5 or later.
What are the risks associated with CVE-2012-2088?
The risks of CVE-2012-2088 include potential application crashes and arbitrary code execution from processing specially crafted TIFF images.
Which versions of libtiff are affected by CVE-2012-2088?
CVE-2012-2088 affects all versions of libtiff up to and including 3.9.4 and several 3.4 versions.
Is there a workaround for CVE-2012-2088?
A viable workaround for CVE-2012-2088 is to avoid opening untrusted TIFF files.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2012-2088
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/libtiff
- canonical/tiff
- version/tiff/3.9.4
- version/tiff/3.4
- version/tiff/3.4-beta18
- version/tiff/3.4-beta24
- version/tiff/3.4-beta28
- version/tiff/3.4-beta29
- version/tiff/3.4-beta31
- version/tiff/3.4-beta32
- version/tiff/3.4-beta34
- version/tiff/3.4-beta35
- version/tiff/3.4-beta36
- version/tiff/3.4-beta37
- version/tiff/3.5.1
- version/tiff/3.5.2
- version/tiff/3.5.3
- version/tiff/3.5.4
- version/tiff/3.5.5
- version/tiff/3.5.6
- version/tiff/3.5.6-beta
- version/tiff/3.5.7
- version/tiff/3.5.7-alpha
- version/tiff/3.5.7-alpha2
- version/tiff/3.5.7-alpha3
- version/tiff/3.5.7-alpha4
- version/tiff/3.5.7-beta
- version/tiff/3.6.0
- version/tiff/3.6.0-beta
- version/tiff/3.6.0-beta2
- version/tiff/3.6.1
- version/tiff/3.7.0
- version/tiff/3.7.0-alpha
- version/tiff/3.7.0-beta
- version/tiff/3.7.0-beta2
- version/tiff/3.7.1
- version/tiff/3.7.2
- version/tiff/3.7.3
- version/tiff/3.7.4
- version/tiff/3.8.0
- version/tiff/3.8.1
- version/tiff/3.8.2
- version/tiff/3.9
- version/tiff/3.9.0
- version/tiff/3.9.0-beta
- version/tiff/3.9.1
- version/tiff/3.9.2
- version/tiff/3.9.2-5.2.1
- version/tiff/3.9.3