CVE-2012-4564
published 2012-11-11CVE-2012-4564: ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly…
PriorityP341medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
13.52%
96.0th percentile
ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | tiff | < tiff 4.0.2-5 (bookworm) | tiff 4.0.2-5 (bookworm) |
| libtiff | libtiff | <= 4.0.3 | — |
| opensuse | opensuse | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
| redhat | enterprise_linux_workstation | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
vendor_ubuntu6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
LibTIFF vulnerabilities
vendor_ubuntu·2012-11-15·CVSS 6.8
CVE-2012-4447 [MEDIUM] LibTIFF vulnerabilities
Title: LibTIFF vulnerabilities
Summary: LibTIFF could be made to crash or run programs as your login if it opened a
specially crafted file.
It was discovered that LibTIFF incorrectly handled certain malformed images
using the PixarLog compression format. If a user or automated system were
tricked into opening a specially crafted TIFF image, a remote attacker
could crash the application, leading to a denial of service, or possibly
execute arbitrary code with user privileges. (CVE-2012-4447)
Huzaifa S. Sidhpurwala discovered that the ppm2tiff tool incorrectly
handled certain malformed PPM images. If a user or automated system were
tricked into opening a specially crafted PPM image, a remote attacker could
crash the application, leading to a denial of service, or possibly execute
arbitrary
Red Hat
libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file
vendor_redhat·2012-11-02·CVSS 6.8
CVE-2012-4564 [MEDIUM] CWE-122 libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file
libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file
ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow.
Debian
CVE-2012-4564: tiff - ppm2tiff does not check the return value of the TIFFScanlineSize function, which...
vendor_debian·2012·CVSS 6.8
CVE-2012-4564 [MEDIUM] CVE-2012-4564: tiff - ppm2tiff does not check the return value of the TIFFScanlineSize function, which...
ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow.
Scope: local
bookworm: resolved (fixed in 4.0.2-5)
bullseye: resolved (fixed in 4.0.2-5)
forky: resolved (fixed in 4.0.2-5)
sid: resolved (fixed in 4.0.2-5)
trixie: resolved (fixed in 4.0.2-5)
GHSA
GHSA-x7qp-frp5-95fm: ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and poss
ghsa_unreviewed·2022-05-13
CVE-2012-4564 [MEDIUM] GHSA-x7qp-frp5-95fm: ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and poss
ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow.
OSV
CVE-2012-4564: ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and poss
osv·2012-11-11·CVSS 6.8
CVE-2012-4564 [MEDIUM] CVE-2012-4564: ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and poss
ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2012-4447 CVE-2012-3401 CVE-2012-5581 CVE-2012-4564 libtiff various flaws [fedora-all]
bugzilla·2012-11-28·CVSS 6.8
CVE-2012-4447 [MEDIUM] CVE-2012-4447 CVE-2012-3401 CVE-2012-5581 CVE-2012-4564 libtiff various flaws [fedora-all]
CVE-2012-4447 CVE-2012-3401 CVE-2012-5581 CVE-2012-4564 libtiff various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: t
Bugzilla
CVE-2012-4564 libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file
bugzilla·2012-10-31·CVSS 6.8
CVE-2012-4564 [MEDIUM] CVE-2012-4564 libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file
CVE-2012-4564 libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file
A flaw was found in the way ppm2tiff, a tool to create a TIFF file from PPM, PGM and PBM image files, did not check the return value of TIFFScanlineSize() function. When TIFFScanlineSize encountered an integer-overflow and returned zero, this value was not checked. A remote attacker could provide a specially-crafted PPM image format file, that when processed by ppm2tiff would lead to ppm2tiff executable crash or, potentially, arbitrary code execution with the privileges of the user running the ppm2tiff binary.
Discussion:
Analysis (I am using libtiff-4.0.3 as the base for the line numbers):
In ppm2tiff.c:241 the following code is used:
buf = (unsigned char *)_TIFFmall
http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1590.htmlhttp://secunia.com/advisories/51133http://www.debian.org/security/2012/dsa-2575http://www.openwall.com/lists/oss-security/2012/11/02/3http://www.openwall.com/lists/oss-security/2012/11/02/7http://www.osvdb.org/86878http://www.securityfocus.com/bid/56372http://www.ubuntu.com/usn/USN-1631-1https://bugzilla.redhat.com/show_bug.cgi?id=871700https://exchange.xforce.ibmcloud.com/vulnerabilities/79750http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1590.htmlhttp://secunia.com/advisories/51133http://www.debian.org/security/2012/dsa-2575http://www.openwall.com/lists/oss-security/2012/11/02/3http://www.openwall.com/lists/oss-security/2012/11/02/7http://www.osvdb.org/86878http://www.securityfocus.com/bid/56372http://www.ubuntu.com/usn/USN-1631-1https://bugzilla.redhat.com/show_bug.cgi?id=871700https://exchange.xforce.ibmcloud.com/vulnerabilities/79750
2012-11-11
Published