CVE-2012-2113 — Integer Overflow or Wraparound in Tiff

CWE-189 CWE-190 — Integer Overflow or Wraparound CWE-122 — Heap-based Buffer Overflow8 documents7 sources

Severity

6.8MEDIUMNVD

EPSS

1.2%

top 21.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Tiff Libtiff

Timeline

PublishedJul 22

Latest updateMay 14

Description

Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶NVDlibtiff/libtiff4.0.1+27

▶debiandebian/tiff< tiff 4.0.2-1 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-2mff-8r7p-g487: Multiple integer overflows in tiff2pdf in libtiff before 4↗2022-05-14

▶

OSV

CVE-2012-2113: Multiple integer overflows in tiff2pdf in libtiff before 4↗2012-07-22

▶

📋Vendor Advisories

Ubuntu

tiff vulnerabilities↗2012-07-05

▶

Red Hat

libtiff: integer overflow in tiff2pdf leading to heap-buffer overflow when reading a tiled tiff file↗2012-06-15

▶

Debian

CVE-2012-2113: tiff - Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote atta...↗2012

▶

💬Community

Bugzilla

CVE-2012-2113 CVE-2012-2088 libtiff various flaws [fedora-all]↗2012-06-18

▶

Bugzilla

CVE-2012-2113 libtiff: integer overflow in tiff2pdf leading to heap-buffer overflow when reading a tiled tiff file↗2012-04-06

▶