CVE-2012-5581
published 2013-01-04CVE-2012-5581: Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary…
PriorityP335medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
4.25%
89.8th percentile
Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image.
Affected
29 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tiff | < tiff 4.0.2-1 (bookworm) | tiff 4.0.2-1 (bookworm) |
| libtiff | libtiff | <= 4.0.1 | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jvhr-577x-xxvq: Stack-based buffer overflow in tif_dir
ghsa_unreviewed·2022-05-17
CVE-2012-5581 [MEDIUM] CWE-119 GHSA-jvhr-577x-xxvq: Stack-based buffer overflow in tif_dir
Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image.
OSV
CVE-2012-5581: Stack-based buffer overflow in tif_dir
osv·2013-01-04·CVSS 6.8
CVE-2012-5581 [MEDIUM] CVE-2012-5581: Stack-based buffer overflow in tif_dir
Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image.
Ubuntu
LibTIFF vulnerability
vendor_ubuntu·2012-12-05
CVE-2012-5581 LibTIFF vulnerability
Title: LibTIFF vulnerability
Summary: Programs that use LibTIFF could be made to crash or run programs if they
opened a specially crafted file.
It was discovered that LibTIFF incorrectly handled certain malformed
images using the DOTRANGE tag. If a user or automated system were
tricked into opening a specially crafted TIFF image, a remote attacker
could crash the application, leading to a denial of service, or possibly
execute arbitrary code with user privileges.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
libtiff: Stack-based buffer overflow when reading a tiled tiff file
vendor_redhat·2012-10-18·CVSS 6.8
CVE-2012-5581 [MEDIUM] CWE-121 libtiff: Stack-based buffer overflow when reading a tiled tiff file
libtiff: Stack-based buffer overflow when reading a tiled tiff file
Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image.
Debian
CVE-2012-5581: tiff - Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote a...
vendor_debian·2012·CVSS 6.8
CVE-2012-5581 [MEDIUM] CVE-2012-5581: tiff - Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote a...
Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image.
Scope: local
bookworm: resolved (fixed in 4.0.2-1)
bullseye: resolved (fixed in 4.0.2-1)
forky: resolved (fixed in 4.0.2-1)
sid: resolved (fixed in 4.0.2-1)
trixie: resolved (fixed in 4.0.2-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2012-4447 CVE-2012-5581 mingw-libtiff various flaws [fedora-all]
bugzilla·2012-12-21·CVSS 6.8
CVE-2012-4447 [MEDIUM] CVE-2012-4447 CVE-2012-5581 mingw-libtiff various flaws [fedora-all]
CVE-2012-4447 CVE-2012-5581 mingw-libtiff various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affects mult
Bugzilla
CVE-2012-4447 CVE-2012-3401 CVE-2012-5581 CVE-2012-4564 libtiff various flaws [fedora-all]
bugzilla·2012-11-28·CVSS 6.8
CVE-2012-4447 [MEDIUM] CVE-2012-4447 CVE-2012-3401 CVE-2012-5581 CVE-2012-4564 libtiff various flaws [fedora-all]
CVE-2012-4447 CVE-2012-3401 CVE-2012-5581 CVE-2012-4564 libtiff various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: t
Bugzilla
CVE-2012-5581 libtiff: Stack-based buffer overflow when reading a tiled tiff file
bugzilla·2012-10-17·CVSS 6.8
CVE-2012-5581 [MEDIUM] CVE-2012-5581 libtiff: Stack-based buffer overflow when reading a tiled tiff file
CVE-2012-5581 libtiff: Stack-based buffer overflow when reading a tiled tiff file
A stack-based buffer overflow was found in the way libtiff handled DOTRANGE tags. An attacker could use this flaw to create a specially-crafted TIFF file
that, when opened, would cause an application linked against libtiff to crash
or, possibly, execute arbitrary code.
This issue is fixed in libtiff-4.0.2
Discussion:
(In reply to comment #5)
> Yeah. I see that libtiff 4.0.x has completely rewritten the special cases
> for DOTRANGE, but it's not clear whether that dodges this problem or not --
Turns out that indeed 4.0.3 does not crash. It looks like these upstream commits were specifically intended to repair this type of problem:
2012-06-06 00:56:01 fwarmerdam
* ChangeLog, libtiff/tif_dir.c: avoid spec
http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1590.htmlhttp://secunia.com/advisories/51491http://www.debian.org/security/2012/dsa-2589http://www.openwall.com/lists/oss-security/2012/11/28/1http://www.securityfocus.com/bid/56715http://www.ubuntu.com/usn/USN-1655-1https://bugzilla.redhat.com/show_bug.cgi?id=867235https://exchange.xforce.ibmcloud.com/vulnerabilities/80339http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1590.htmlhttp://secunia.com/advisories/51491http://www.debian.org/security/2012/dsa-2589http://www.openwall.com/lists/oss-security/2012/11/28/1http://www.securityfocus.com/bid/56715http://www.ubuntu.com/usn/USN-1655-1https://bugzilla.redhat.com/show_bug.cgi?id=867235https://exchange.xforce.ibmcloud.com/vulnerabilities/80339
2013-01-04
Published