CVE-2012-4447: Buffer Overflow
First published: Tue Sep 25 2012(Updated: )
A heap-based buffer overflow was found in the way libtiff, library for manipulating TIFF (Tagged Image File Format) image format files, processed certain TIFF images using PixarLog Compression format. An attacker could create a specially-crafted TIFF image that, when opened, could cause an application using libtiff to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| tiff | <=4.0.2 | |
| tiff | =3.4 | |
| tiff | =3.4-beta18 | |
| tiff | =3.4-beta24 | |
| tiff | =3.4-beta28 | |
| tiff | =3.4-beta29 | |
| tiff | =3.4-beta31 | |
| tiff | =3.4-beta32 | |
| tiff | =3.4-beta34 | |
| tiff | =3.4-beta35 | |
| tiff | =3.4-beta36 | |
| tiff | =3.4-beta37 | |
| tiff | =3.5.1 | |
| tiff | =3.5.2 | |
| tiff | =3.5.3 | |
| tiff | =3.5.4 | |
| tiff | =3.5.5 | |
| tiff | =3.5.6 | |
| tiff | =3.5.6-beta | |
| tiff | =3.5.7 | |
| tiff | =3.5.7-alpha | |
| tiff | =3.5.7-alpha2 | |
| tiff | =3.5.7-alpha3 | |
| tiff | =3.5.7-alpha4 | |
| tiff | =3.5.7-beta | |
| tiff | =3.6.0 | |
| tiff | =3.6.0-beta | |
| tiff | =3.6.0-beta2 | |
| tiff | =3.6.1 | |
| tiff | =3.7.0 | |
| tiff | =3.7.0-alpha | |
| tiff | =3.7.0-beta | |
| tiff | =3.7.0-beta2 | |
| tiff | =3.7.1 | |
| tiff | =3.7.2 | |
| tiff | =3.7.3 | |
| tiff | =3.7.4 | |
| tiff | =3.8.0 | |
| tiff | =3.8.1 | |
| tiff | =3.8.2 | |
| tiff | =3.9 | |
| tiff | =3.9.0 | |
| tiff | =3.9.0-beta | |
| tiff | =3.9.1 | |
| tiff | =3.9.2 | |
| tiff | =3.9.2-5.2.1 | |
| tiff | =3.9.3 | |
| tiff | =3.9.4 | |
| tiff | =3.9.5 | |
| tiff | =4.0 | |
| tiff | =4.0-alpha | |
| tiff | =4.0-beta1 | |
| tiff | =4.0-beta2 | |
| tiff | =4.0-beta3 | |
| tiff | =4.0-beta4 | |
| tiff | =4.0-beta5 | |
| tiff | =4.0-beta6 | |
| tiff | =4.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.html
- http://rhn.redhat.com/errata/RHSA-2012-1590.html
- http://secunia.com/advisories/49938
- http://secunia.com/advisories/51049
- http://www.debian.org/security/2012/dsa-2561
- http://www.openwall.com/lists/oss-security/2012/09/25/14
- http://www.openwall.com/lists/oss-security/2012/09/25/9
- http://www.remotesensing.org/libtiff/v4.0.3.html
- http://www.securityfocus.com/bid/55673
- http://www.ubuntu.com/usn/USN-1631-1
- https://bugzilla.redhat.com/show_bug.cgi?id=860198
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=616925&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=616925&action=edit
- https://access.redhat.com/security/cve/CVE-2012-4447
- http://seclists.org/oss-sec/2012/q3/563
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=880907
- https://rhn.redhat.com/errata/RHSA-2012-1590.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=889443
Frequently Asked Questions
What is the severity of CVE-2012-4447?
CVE-2012-4447 is classified as a high severity vulnerability due to the potential for remote code execution.
How do I fix CVE-2012-4447?
To fix CVE-2012-4447, you should upgrade to a version of libtiff that is newer than 4.0.2 or 3.9.5.
What types of software are affected by CVE-2012-4447?
CVE-2012-4447 affects various versions of the libtiff library used for handling TIFF image files.
What kind of attacks can exploit CVE-2012-4447?
Attackers can exploit CVE-2012-4447 by crafting malicious TIFF images that may lead to application crashes or arbitrary code execution.
Is CVE-2012-4447 still relevant today?
Yes, CVE-2012-4447 remains relevant as outdated systems or applications using vulnerable libtiff versions can still be targeted.
- collector/redhat-bugzilla
- alias/CVE-2012-4447
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/tags
- agent/description
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- vendor/libtiff
- canonical/tiff
- version/tiff/4.0.2
- version/tiff/3.4
- version/tiff/3.4-beta18
- version/tiff/3.4-beta24
- version/tiff/3.4-beta28
- version/tiff/3.4-beta29
- version/tiff/3.4-beta31
- version/tiff/3.4-beta32
- version/tiff/3.4-beta34
- version/tiff/3.4-beta35
- version/tiff/3.4-beta36
- version/tiff/3.4-beta37
- version/tiff/3.5.1
- version/tiff/3.5.2
- version/tiff/3.5.3
- version/tiff/3.5.4
- version/tiff/3.5.5
- version/tiff/3.5.6
- version/tiff/3.5.6-beta
- version/tiff/3.5.7
- version/tiff/3.5.7-alpha
- version/tiff/3.5.7-alpha2
- version/tiff/3.5.7-alpha3
- version/tiff/3.5.7-alpha4
- version/tiff/3.5.7-beta
- version/tiff/3.6.0
- version/tiff/3.6.0-beta
- version/tiff/3.6.0-beta2
- version/tiff/3.6.1
- version/tiff/3.7.0
- version/tiff/3.7.0-alpha
- version/tiff/3.7.0-beta
- version/tiff/3.7.0-beta2
- version/tiff/3.7.1
- version/tiff/3.7.2
- version/tiff/3.7.3
- version/tiff/3.7.4
- version/tiff/3.8.0
- version/tiff/3.8.1
- version/tiff/3.8.2
- version/tiff/3.9
- version/tiff/3.9.0
- version/tiff/3.9.0-beta
- version/tiff/3.9.1
- version/tiff/3.9.2
- version/tiff/3.9.2-5.2.1
- version/tiff/3.9.3
- version/tiff/3.9.4
- version/tiff/3.9.5
- version/tiff/4.0
- version/tiff/4.0-alpha
- version/tiff/4.0-beta1
- version/tiff/4.0-beta2
- version/tiff/4.0-beta3
- version/tiff/4.0-beta4
- version/tiff/4.0-beta5
- version/tiff/4.0-beta6
- version/tiff/4.0.1