CVE-2012-4447 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Tiff

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122 — Heap-based Buffer Overflow9 documents7 sources

Severity

6.8MEDIUMNVD

EPSS

1.2%

top 21.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Tiff Libtiff

Timeline

PublishedOct 28

Latest updateMay 17

Description

Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶NVDlibtiff/libtiff4.0.2+28

▶debiandebian/tiff< tiff 4.0.2-4 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-g87v-m6xq-4j4j: Heap-based buffer overflow in tif_pixarlog↗2022-05-17

▶

OSV

CVE-2012-4447: Heap-based buffer overflow in tif_pixarlog↗2012-10-28

▶

📋Vendor Advisories

Ubuntu

LibTIFF vulnerabilities↗2012-11-15

▶

Red Hat

libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression↗2012-09-22

▶

Debian

CVE-2012-4447: tiff - Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remo...↗2012

▶

💬Community

Bugzilla

CVE-2012-4447 CVE-2012-5581 mingw-libtiff various flaws [fedora-all]↗2012-12-21

▶

Bugzilla

CVE-2012-4447 CVE-2012-3401 CVE-2012-5581 CVE-2012-4564 libtiff various flaws [fedora-all]↗2012-11-28

▶

Bugzilla

CVE-2012-4447 libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression↗2012-09-25

▶