What is the severity of CVE-2012-4564?

CVE-2012-4564 is considered a moderate severity vulnerability due to potential exploitation risks.

How do I fix CVE-2012-4564?

To mitigate CVE-2012-4564, update the libtiff package to a version that is above 4.0.3.

What are the affected software versions for CVE-2012-4564?

CVE-2012-4564 affects libtiff versions up to 4.0.3 and several versions of Debian and Ubuntu Linux.

Can CVE-2012-4564 be exploited remotely?

Yes, CVE-2012-4564 can potentially be exploited by remote attackers through specially crafted image files.

What function is responsible for the vulnerability in CVE-2012-4564?

The vulnerability in CVE-2012-4564 is due to improper handling of the return value from the TIFFScanlineSize() function.

Vulnerability/
CVE-2012-4564

medium

6.8

CWE

119 190

31/10/2012

11/11/2012

6/8/2024

CVE-2012-4564: Buffer Overflow

First published: Wed Oct 31 2012(Updated: )

A flaw was found in the way ppm2tiff, a tool to create a TIFF file from PPM, PGM and PBM image files, did not check the return value of TIFFScanlineSize() function. When TIFFScanlineSize encountered an integer-overflow and returned zero, this value was not checked. A remote attacker could provide a specially-crafted PPM image format file, that when processed by ppm2tiff would lead to ppm2tiff executable crash or, potentially, arbitrary code execution with the privileges of the user running the ppm2tiff binary.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
TIFF	<=4.0.3
Debian Linux	=6.0
Debian Linux	=7.0
Ubuntu	=8.04
Ubuntu	=10.04
Ubuntu	=11.10
Ubuntu	=12.04
Ubuntu	=12.10
Red Hat Enterprise Linux Desktop	=5.0
Red Hat Enterprise Linux Desktop	=6.0
Red Hat Enterprise Linux Server EUS	=6.3
Red Hat Enterprise Linux Server	=5.0
Red Hat Enterprise Linux Server	=6.0
Red Hat Enterprise Linux Workstation	=5.0
Red Hat Enterprise Linux Workstation	=6.0
openSUSE	=11.4

Remedy

https://bugzilla.redhat.com/show_bug.cgi?id=871700

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-4564?
CVE-2012-4564 is considered a moderate severity vulnerability due to potential exploitation risks.
How do I fix CVE-2012-4564?
To mitigate CVE-2012-4564, update the libtiff package to a version that is above 4.0.3.
What are the affected software versions for CVE-2012-4564?
CVE-2012-4564 affects libtiff versions up to 4.0.3 and several versions of Debian and Ubuntu Linux.
Can CVE-2012-4564 be exploited remotely?
Yes, CVE-2012-4564 can potentially be exploited by remote attackers through specially crafted image files.
What function is responsible for the vulnerability in CVE-2012-4564?
The vulnerability in CVE-2012-4564 is due to improper handling of the return value from the TIFFScanlineSize() function.

agent/weakness
agent/type
agent/first-publish-date
agent/references
agent/severity
agent/remedy
agent/author
agent/description
collector/mitre-cve
source/MITRE
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2012-4564
agent/last-modified-date
agent/event
agent/trending
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/libtiff
canonical/tiff
version/tiff/4.0.3
vendor/debian
canonical/debian linux
version/debian linux/6.0
version/debian linux/7.0
vendor/canonical
canonical/ubuntu
version/ubuntu/8.04
version/ubuntu/10.04
version/ubuntu/11.10
version/ubuntu/12.04
version/ubuntu/12.10
vendor/redhat
canonical/red hat enterprise linux desktop
version/red hat enterprise linux desktop/5.0
version/red hat enterprise linux desktop/6.0
canonical/red hat enterprise linux server eus
version/red hat enterprise linux server eus/6.3
canonical/red hat enterprise linux server
version/red hat enterprise linux server/5.0
version/red hat enterprise linux server/6.0
canonical/red hat enterprise linux workstation
version/red hat enterprise linux workstation/5.0
version/red hat enterprise linux workstation/6.0
vendor/opensuse
canonical/opensuse
version/opensuse/11.4