CVE-2011-1167
published 2011-03-28CVE-2011-1167: Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary…
PriorityP341medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
6.23%
92.7th percentile
Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.
Affected
26 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tiff | < tiff 3.9.4-9 (bookworm) | tiff 3.9.4-9 (bookworm) |
| libtiff | libtiff | <= 3.9.4 | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p8f5-w48m-rr6p: Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder
ghsa_unreviewed·2022-05-14
CVE-2011-1167 [MEDIUM] CWE-119 GHSA-p8f5-w48m-rr6p: Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder
Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.
OSV
CVE-2011-1167: Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder
osv·2011-03-28·CVSS 6.8
CVE-2011-1167 [MEDIUM] CVE-2011-1167: Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder
Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.
Ubuntu
tiff vulnerability
vendor_ubuntu·2011-04-04
CVE-2011-1167 tiff vulnerability
Title: tiff vulnerability
Summary: Certain applications could be made to run programs as your login if they
opened a specially crafted TIFF file.
Martin Barbella discovered that the thunder (aka ThunderScan) decoder in
the TIFF library incorrectly handled an unexpected BitsPerSample value. If
a user or automated system were tricked into opening a specially crafted
TIFF image, a remote attacker could execute arbitrary code with user
privileges, or crash the application, leading to a denial of service.
Instructions: After a standard system update you need to restart your session to make
all the necessary changes.
Red Hat
libtiff: heap-based buffer overflow in thunder decoder (ZDI-11-107)
vendor_redhat·2011-03-21·CVSS 6.8
CVE-2011-1167 [MEDIUM] CWE-122 libtiff: heap-based buffer overflow in thunder decoder (ZDI-11-107)
libtiff: heap-based buffer overflow in thunder decoder (ZDI-11-107)
Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.
Debian
CVE-2011-1167: tiff - Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thund...
vendor_debian·2011·CVSS 6.8
CVE-2011-1167 [MEDIUM] CVE-2011-1167: tiff - Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thund...
Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.
Scope: local
bookworm: resolved (fixed in 3.9.4-9)
bullseye: resolved (fixed in 3.9.4-9)
forky: resolved (fixed in 3.9.4-9)
sid: resolved (fixed in 3.9.4-9)
trixie: resolved (fixed in 3.9.4-9)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-2983 Mozilla: Private data leakage using RegExp.input
bugzilla·2011-08-14·CVSS 4.3
CVE-2011-2983 [MEDIUM] CVE-2011-2983 Mozilla: Private data leakage using RegExp.input
CVE-2011-2983 Mozilla: Private data leakage using RegExp.input
Security researcher shutdown reported that data from other domains could be read when RegExp.input was set.
Discussion:
This is now public:
http://www.mozilla.org/security/announce/2011/mfsa2011-30.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Via RHSA-2011:1165 https://rhn.redhat.com/errata/RHSA-2011-1165.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Via RHSA-2011:1167 https://rhn.redhat.com/errata/RHSA-2011-1167.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHSA-2011:1164 https://rhn.redhat.com/errat
Bugzilla
CVE-2011-1167 libtiff: heap-based buffer overflow in thunder decoder (ZDI-CAN-1004) [fedora-all]
bugzilla·2011-03-21·CVSS 6.8
CVE-2011-1167 [MEDIUM] CVE-2011-1167 libtiff: heap-based buffer overflow in thunder decoder (ZDI-CAN-1004) [fedora-all]
CVE-2011-1167 libtiff: heap-based buffer overflow in thunder decoder (ZDI-CAN-1004) [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=684939
Please note: this
Bugzilla
CVE-2011-1167 libtiff: heap-based buffer overflow in thunder decoder (ZDI-CAN-1004) [fedora-all]
bugzilla·2011-03-21·CVSS 6.8
CVE-2011-1167 [MEDIUM] CVE-2011-1167 libtiff: heap-based buffer overflow in thunder decoder (ZDI-CAN-1004) [fedora-all]
CVE-2011-1167 libtiff: heap-based buffer overflow in thunder decoder (ZDI-CAN-1004) [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=684939
Please note: this
Bugzilla
CVE-2011-1167 libtiff: heap-based buffer overflow in thunder decoder (ZDI-11-107)
bugzilla·2011-03-14·CVSS 6.8
CVE-2011-1167 [MEDIUM] CVE-2011-1167 libtiff: heap-based buffer overflow in thunder decoder (ZDI-11-107)
CVE-2011-1167 libtiff: heap-based buffer overflow in thunder decoder (ZDI-11-107)
A flaw was reported in libtiff's thunder decoder. The thunder decoder assumes 4bits per pixel, but if a file has bitpersample set to a smaller value, or defaulted (1) then the allocated strip buffer will be too small, and a heap-based buffer overlow may occur. This could be used to crash an application linked to libtiff, or execute arbitrary code with the privileges of the application opening a malicious TIFF file.
Discussion:
This is CVE-2011-1167. Disclosure is set for March 21st.
---
This is now public:
http://bugzilla.maptools.org/show_bug.cgi?id=2300
http://www.zerodayinitiative.com/advisories/ZDI-11-107/
---
Created libtiff tracking bugs for this issue
Affects: fedora-all [bug 689574]
---
Cre
http://blackberry.com/btsc/KB27244http://bugzilla.maptools.org/show_bug.cgi?id=2300http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2012/May/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2012/Sep/msg00003.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.htmlhttp://secunia.com/advisories/43900http://secunia.com/advisories/43934http://secunia.com/advisories/43974http://secunia.com/advisories/44117http://secunia.com/advisories/44135http://secunia.com/advisories/50726http://security.gentoo.org/glsa/glsa-201209-02.xmlhttp://securityreason.com/securityalert/8165http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820http://support.apple.com/kb/HT5130http://support.apple.com/kb/HT5281http://support.apple.com/kb/HT5503http://ubuntu.com/usn/usn-1102-1http://www.debian.org/security/2011/dsa-2210http://www.mandriva.com/security/advisories?name=MDVSA-2011:064http://www.osvdb.org/71256http://www.redhat.com/support/errata/RHSA-2011-0392.htmlhttp://www.securityfocus.com/archive/1/517101/100/0/threadedhttp://www.securityfocus.com/bid/46951http://www.securitytracker.com/id?1025257http://www.vupen.com/english/advisories/2011/0795http://www.vupen.com/english/advisories/2011/0845http://www.vupen.com/english/advisories/2011/0859http://www.vupen.com/english/advisories/2011/0860http://www.vupen.com/english/advisories/2011/0905http://www.vupen.com/english/advisories/2011/0930http://www.vupen.com/english/advisories/2011/0960http://www.zerodayinitiative.com/advisories/ZDI-11-107https://bugzilla.redhat.com/show_bug.cgi?id=684939https://exchange.xforce.ibmcloud.com/vulnerabilities/66247http://blackberry.com/btsc/KB27244http://bugzilla.maptools.org/show_bug.cgi?id=2300http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2012/May/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2012/Sep/msg00003.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.htmlhttp://secunia.com/advisories/43900http://secunia.com/advisories/43934http://secunia.com/advisories/43974http://secunia.com/advisories/44117http://secunia.com/advisories/44135http://secunia.com/advisories/50726http://security.gentoo.org/glsa/glsa-201209-02.xmlhttp://securityreason.com/securityalert/8165http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820http://support.apple.com/kb/HT5130http://support.apple.com/kb/HT5281http://support.apple.com/kb/HT5503http://ubuntu.com/usn/usn-1102-1http://www.debian.org/security/2011/dsa-2210http://www.mandriva.com/security/advisories?name=MDVSA-2011:064http://www.osvdb.org/71256http://www.redhat.com/support/errata/RHSA-2011-0392.htmlhttp://www.securityfocus.com/archive/1/517101/100/0/threadedhttp://www.securityfocus.com/bid/46951http://www.securitytracker.com/id?1025257http://www.vupen.com/english/advisories/2011/0795http://www.vupen.com/english/advisories/2011/0845http://www.vupen.com/english/advisories/2011/0859http://www.vupen.com/english/advisories/2011/0860http://www.vupen.com/english/advisories/2011/0905http://www.vupen.com/english/advisories/2011/0930http://www.vupen.com/english/advisories/2011/0960http://www.zerodayinitiative.com/advisories/ZDI-11-107https://bugzilla.redhat.com/show_bug.cgi?id=684939https://exchange.xforce.ibmcloud.com/vulnerabilities/66247
2011-03-28
Published