CVE-2012-4564: Buffer Overflow
First published: Wed Oct 31 2012(Updated: )
A flaw was found in the way ppm2tiff, a tool to create a TIFF file from PPM, PGM and PBM image files, did not check the return value of TIFFScanlineSize() function. When TIFFScanlineSize encountered an integer-overflow and returned zero, this value was not checked. A remote attacker could provide a specially-crafted PPM image format file, that when processed by ppm2tiff would lead to ppm2tiff executable crash or, potentially, arbitrary code execution with the privileges of the user running the ppm2tiff binary.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Libtiff Libtiff | <=4.0.3 | |
| Debian Debian Linux | =6.0 | |
| Debian Debian Linux | =7.0 | |
| Canonical Ubuntu Linux | =8.04 | |
| Canonical Ubuntu Linux | =10.04 | |
| Canonical Ubuntu Linux | =11.10 | |
| Canonical Ubuntu Linux | =12.04 | |
| Canonical Ubuntu Linux | =12.10 | |
| Redhat Enterprise Linux Desktop | =5.0 | |
| Redhat Enterprise Linux Desktop | =6.0 | |
| Redhat Enterprise Linux Eus | =6.3 | |
| Redhat Enterprise Linux Server | =5.0 | |
| Redhat Enterprise Linux Server | =6.0 | |
| Redhat Enterprise Linux Workstation | =5.0 | |
| Redhat Enterprise Linux Workstation | =6.0 | |
| openSUSE openSUSE | =11.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=635949&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=635949&action=edit
- https://access.redhat.com/security/cve/CVE-2012-4564
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=880907
- https://rhn.redhat.com/errata/RHSA-2012-1590.html
- https://bugzilla.redhat.com/show_bug.cgi?id=871700
- http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.html
- http://rhn.redhat.com/errata/RHSA-2012-1590.html
- http://secunia.com/advisories/51133
- http://www.debian.org/security/2012/dsa-2575
- http://www.openwall.com/lists/oss-security/2012/11/02/3
- http://www.openwall.com/lists/oss-security/2012/11/02/7
- http://www.osvdb.org/86878
- http://www.securityfocus.com/bid/56372
- http://www.ubuntu.com/usn/USN-1631-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79750
- agent/weakness
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/references
- agent/severity
- agent/remedy
- agent/author
- agent/description
- agent/event
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2012-4564
- vendor/libtiff
- canonical/libtiff libtiff
- version/libtiff libtiff/4.0.3
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/6.0
- version/debian debian linux/7.0
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/8.04
- version/canonical ubuntu linux/10.04
- version/canonical ubuntu linux/11.10
- version/canonical ubuntu linux/12.04
- version/canonical ubuntu linux/12.10
- vendor/redhat
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/5.0
- version/redhat enterprise linux desktop/6.0
- canonical/redhat enterprise linux eus
- version/redhat enterprise linux eus/6.3
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/5.0
- version/redhat enterprise linux server/6.0
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/5.0
- version/redhat enterprise linux workstation/6.0
- vendor/opensuse
- canonical/opensuse opensuse
- version/opensuse opensuse/11.4