CVE-2012-4564Heap-based Buffer Overflow in Tiff

CWE-122Heap-based Buffer Overflow8 documents7 sources
Severity
6.8MEDIUMNVD
EPSS
27.2%
top 3.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Debian TiffLibtiffCanonical Ubuntu Linux+6 more
Timeline
PublishedNov 11
Latest updateMay 13

Description

ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages6 packages

debiandebian/tiff< tiff 4.0.2-5 (bookworm)
NVDlibtiff/libtiff4.0.3

Also affects: Debian Linux 6.0, 7.0, Ubuntu Linux 10.04, 11.10, 12.04, 12.10, 8.04, Enterprise Linux 6.3

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-x7qp-frp5-95fm: ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and poss2022-05-13
OSV
CVE-2012-4564: ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and poss2012-11-11

📋Vendor Advisories

3
Ubuntu
LibTIFF vulnerabilities2012-11-15
Red Hat
libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file2012-11-02
Debian
CVE-2012-4564: tiff - ppm2tiff does not check the return value of the TIFFScanlineSize function, which...2012

💬Community

2
Bugzilla
CVE-2012-4447 CVE-2012-3401 CVE-2012-5581 CVE-2012-4564 libtiff various flaws [fedora-all]2012-11-28
Bugzilla
CVE-2012-4564 libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file2012-10-31
CVE-2012-4564 — Heap-based Buffer Overflow in Tiff | cvebase