CVE-2012-5581 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Tiff

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121 — Stack-based Buffer Overflow9 documents7 sources

Severity

6.8MEDIUMNVD

EPSS

1.6%

top 18.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Tiff Libtiff

Timeline

PublishedJan 4

Latest updateMay 17

Description

Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶NVDlibtiff/libtiff4.0.1+27

▶debiandebian/tiff< tiff 4.0.2-1 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-jvhr-577x-xxvq: Stack-based buffer overflow in tif_dir↗2022-05-17

▶

OSV

CVE-2012-5581: Stack-based buffer overflow in tif_dir↗2013-01-04

▶

📋Vendor Advisories

Ubuntu

LibTIFF vulnerability↗2012-12-05

▶

Red Hat

libtiff: Stack-based buffer overflow when reading a tiled tiff file↗2012-10-18

▶

Debian

CVE-2012-5581: tiff - Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote a...↗2012

▶

💬Community

Bugzilla

CVE-2012-4447 CVE-2012-5581 mingw-libtiff various flaws [fedora-all]↗2012-12-21

▶

Bugzilla

CVE-2012-4447 CVE-2012-3401 CVE-2012-5581 CVE-2012-4564 libtiff various flaws [fedora-all]↗2012-11-28

▶

Bugzilla

CVE-2012-5581 libtiff: Stack-based buffer overflow when reading a tiled tiff file↗2012-10-17

▶