CVE-2009-2285
published 2009-07-01CVE-2009-2285: Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF…
PriorityP425medium4.3CVSS 2.0
AVNACMAuNCPINAN
EXPLOIT
EPSS
8.00%
94.0th percentile
Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tiff | < tiff 3.8.2-12 (bookworm) | tiff 3.8.2-12 (bookworm) |
| libtiff | libtiff | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv6.8MEDIUM
vendor_debian6.8LOW
vendor_redhat6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
tiff vulnerability
vendor_ubuntu·2009-07-06
CVE-2009-2285 tiff vulnerability
Title: tiff vulnerability
Summary: tiff vulnerability
It was discovered that the TIFF library did not correctly handle certain
malformed TIFF images. If a user or automated system were tricked into
processing a malicious image, a remote attacker could cause an application
linked against libtiff to crash, leading to a denial of service.
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
libtiff: LZWDecodeCompat underflow
vendor_redhat·2009-01-03·CVSS 6.8
CVE-2009-2285 [MEDIUM] libtiff: LZWDecodeCompat underflow
libtiff: LZWDecodeCompat underflow
Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.
Debian
CVE-2009-2285: tiff - Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context...
vendor_debian·2009·CVSS 6.8
CVE-2009-2285 [MEDIUM] CVE-2009-2285: tiff - Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context...
Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.
Scope: local
bookworm: resolved (fixed in 3.8.2-12)
bullseye: resolved (fixed in 3.8.2-12)
forky: resolved (fixed in 3.8.2-12)
sid: resolved (fixed in 3.8.2-12)
trixie: resolved (fixed in 3.8.2-12)
GHSA
GHSA-ggpg-hpjr-gqrh: Buffer underflow in the LZWDecodeCompat function in libtiff 3
ghsa_unreviewed·2022-05-02·CVSS 6.8
CVE-2009-2285 [MEDIUM] CWE-119 GHSA-ggpg-hpjr-gqrh: Buffer underflow in the LZWDecodeCompat function in libtiff 3
Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.
OSV
CVE-2009-2285: Buffer underflow in the LZWDecodeCompat function in libtiff 3
osv·2009-07-01·CVSS 6.8
CVE-2009-2285 [MEDIUM] CVE-2009-2285: Buffer underflow in the LZWDecodeCompat function in libtiff 3
Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.
No detection rules found.
Exploit-DB
LibTIFF - 'LZWDecodeCompat()' Remote Buffer Underflow
exploitdb·2009-11-12
CVE-2009-2285 LibTIFF - 'LZWDecodeCompat()' Remote Buffer Underflow
LibTIFF - 'LZWDecodeCompat()' Remote Buffer Underflow
---
Bugtraq ID: 35451
Class: Boundary Condition Error
Published: Jun 21 2009 12:00AM
Updated: Nov 12 2009 06:46PM
Credit: wololo
Vulnerable: Ubuntu Ubuntu Linux 9.04 sparc
Ubuntu Ubuntu Linux 9.04 powerpc
Ubuntu Ubuntu Linux 9.04 lpia
Ubuntu Ubuntu Linux 9.04 i386
Ubuntu Ubuntu Linux 9.04 amd64
Ubuntu Ubuntu Linux 8.10 sparc
Ubuntu Ubuntu Linux 8.10 powerpc
Ubuntu Ubuntu Linux 8.10 lpia
Ubuntu Ubuntu Linux 8.10 i386
Ubuntu Ubuntu Linux 8.10 amd64
Ubuntu Ubuntu Linux 8.04 LTS sparc
Ubuntu Ubuntu Linux 8.04 LTS powerpc
Ubuntu Ubuntu Linux 8.04 LTS lpia
Ubuntu Ubuntu Linux 8.04 LTS i386
Ubuntu Ubuntu Linux 8.04 LTS amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubun
Exploit-DB
LibTIFF 3.8.2 - 'LZWDecodeCompat()' Remote Buffer Underflow
exploitdb·2009-05-21
CVE-2009-2285 LibTIFF 3.8.2 - 'LZWDecodeCompat()' Remote Buffer Underflow
LibTIFF 3.8.2 - 'LZWDecodeCompat()' Remote Buffer Underflow
---
source: https://www.securityfocus.com/bid/35451/info
LibTIFF is prone to a remote buffer-underflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary malicious code in the context of a user running an application that uses the affected library. Failed exploit attempts will likely crash the application.
LibTIFF 3.8.2 is vulnerable; other versions may be affected as well.
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/33049.zip
arXiv
ShadowBound: Efficient Heap Memory Protection Through Advanced Metadata Management and Customized Compiler Optimization
arxiv_fulltext·2024-09-23
ShadowBound: Efficient Heap Memory Protection Through Advanced Metadata Management and Customized Compiler Optimization
ShadowBound
[1]blue#1
: Efficient Heap Memory Protection Through Advanced Metadata Management and Customized Compiler Optimization -10pt
Zheng Yu
Northwestern University
Ganxiang Yang
Northwestern University
Xinyu Xing
Northwestern University
### Abstract
In software development, the prevalence of unsafe languages such as C and C++ introduces potential vulnerabilities, especially within the heap, a pivotal component for dynamic memory allocation. Despite its significance, heap management complexities have made heap corruption pervasive, posing severe threats to system security. While prior solutions aiming for temporal and spatial memory safety exhibit overheads deemed impractical, we present , a unique heap memory protection design. At its core, is an efficient out-of-bounds defe
Bugzilla
CVE-2009-2285 libtiff: LZWDecodeCompat underflow
bugzilla·2009-07-13·CVSS 4.3
CVE-2009-2285 [MEDIUM] CVE-2009-2285 libtiff: LZWDecodeCompat underflow
CVE-2009-2285 libtiff: LZWDecodeCompat underflow
This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in all affected branches.
For comments that are specific to the vulnerability please use bugs filed against "Security Response" product referenced in "Blocks" field.
bug #507465: CVE-2009-2285 libtiff: LZWDecodeCompat underflow
When creating a Bodhi update request, please include the bug IDs of the respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available and only close this bug once all affected Fedora versions are fixed.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=507465
Discussion:
http://c
Bugzilla
CVE-2009-2285 libtiff: LZWDecodeCompat underflow
bugzilla·2009-06-22·CVSS 6.8
CVE-2009-2285 [MEDIUM] CVE-2009-2285 libtiff: LZWDecodeCompat underflow
CVE-2009-2285 libtiff: LZWDecodeCompat underflow
A crafted TIFF can crash libtiff in LZWDecodeCompat via underflow (different
from CVE-2008-2327).
Discussions and an analysis are at:
http://www.lan.st/showthread.php?t=1856&page=3
https://bugs.launchpad.net/bugs/380149
It is reported upstream with patch at
http://bugzilla.maptools.org/show_bug.cgi?id=2065
Discussion:
Note that there are two related bugs with two individual patches, the first reported Jan 2009 that indicates it resolves the root cause of the underflow rather than the infinite loop when it comes up. The older bug report is here:
http://bugzilla.maptools.org/show_bug.cgi?id=1985
with the patch for bug #1985 being: http://bugzilla.maptools.org/attachment.cgi?id=279
vs the patch for bug #2065 being: http://bugzilla.mapt
http://bugzilla.maptools.org/show_bug.cgi?id=2065http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2010//Mar/msg00003.htmlhttp://lists.apple.com/archives/security-announce/2010/Feb/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2010/Jan/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2010/Mar/msg00000.htmlhttp://secunia.com/advisories/35695http://secunia.com/advisories/35716http://secunia.com/advisories/35866http://secunia.com/advisories/35883http://secunia.com/advisories/35912http://secunia.com/advisories/36194http://secunia.com/advisories/36831http://secunia.com/advisories/38241http://secunia.com/advisories/39135http://security.gentoo.org/glsa/glsa-200908-03.xmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-66-267808-1http://support.apple.com/kb/HT3937http://support.apple.com/kb/HT4004http://support.apple.com/kb/HT4013http://support.apple.com/kb/HT4070http://support.apple.com/kb/HT4105http://www.debian.org/security/2009/dsa-1835http://www.lan.st/showthread.php?t=1856&page=3http://www.openwall.com/lists/oss-security/2009/06/22/1http://www.openwall.com/lists/oss-security/2009/06/23/1http://www.openwall.com/lists/oss-security/2009/06/29/5http://www.redhat.com/support/errata/RHSA-2009-1159.htmlhttp://www.vupen.com/english/advisories/2009/1637http://www.vupen.com/english/advisories/2009/2727http://www.vupen.com/english/advisories/2009/3184http://www.vupen.com/english/advisories/2010/0173https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/380149https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10145https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7049https://usn.ubuntu.com/797-1/https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00142.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-July/msg00161.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-July/msg00230.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-July/msg00655.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-July/msg00714.htmlhttp://bugzilla.maptools.org/show_bug.cgi?id=2065http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2010//Mar/msg00003.htmlhttp://lists.apple.com/archives/security-announce/2010/Feb/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2010/Jan/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2010/Mar/msg00000.htmlhttp://secunia.com/advisories/35695http://secunia.com/advisories/35716http://secunia.com/advisories/35866http://secunia.com/advisories/35883http://secunia.com/advisories/35912http://secunia.com/advisories/36194http://secunia.com/advisories/36831http://secunia.com/advisories/38241http://secunia.com/advisories/39135http://security.gentoo.org/glsa/glsa-200908-03.xmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-66-267808-1http://support.apple.com/kb/HT3937http://support.apple.com/kb/HT4004http://support.apple.com/kb/HT4013http://support.apple.com/kb/HT4070http://support.apple.com/kb/HT4105http://www.debian.org/security/2009/dsa-1835http://www.lan.st/showthread.php?t=1856&page=3http://www.openwall.com/lists/oss-security/2009/06/22/1http://www.openwall.com/lists/oss-security/2009/06/23/1http://www.openwall.com/lists/oss-security/2009/06/29/5http://www.redhat.com/support/errata/RHSA-2009-1159.htmlhttp://www.vupen.com/english/advisories/2009/1637http://www.vupen.com/english/advisories/2009/2727http://www.vupen.com/english/advisories/2009/3184http://www.vupen.com/english/advisories/2010/0173https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/380149https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10145https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7049https://usn.ubuntu.com/797-1/https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00142.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-July/msg00161.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-July/msg00230.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-July/msg00655.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-July/msg00714.html
2009-07-01
Published