CVE-2009-2347

Common Vulnerabilities and Exposures

Upstream information

CVE-2009-2347 at MITRE

Description

Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.

NVD CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Novell/SUSE information

Novell Bugzilla entry: 519796, 616827

SUSE Security Advisories:

SUSE-SR:2009:014, published Tue, 01 Sep 2009 07:00:00 +0000

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE 10.3	`libtiff-devel >= 3.8.2-68.7` `libtiff-devel-32bit >= 3.8.2-68.7` `libtiff-devel-64bit >= 3.8.2-68.7` `libtiff3 >= 3.8.2-68.7` `libtiff3-32bit >= 3.8.2-68.7` `libtiff3-64bit >= 3.8.2-68.7` `tiff >= 3.8.2-68.7`
Novell Linux Desktop 9 for x86 Novell Linux POS 9 Open Enterprise Server SUSE CORE 9 for IBM S/390 31bit SUSE CORE 9 for x86	`libtiff >= 3.6.1-38.41` `tiff >= 3.6.1-38.41`	core9.ppc core9.x86-64 core9.s390 sles9-nld.x86 core9.s390x sles9-nlpos.x86 sles9-oes.x86 core9.x86 sles9-nld.x86-64 core9.ia64 YOU Patch Nr: 12470
SUSE CORE 9 for Itanium Processor Family	`libtiff >= 3.6.1-38.41` `libtiff-x86 >= 9-200908071506` `tiff >= 3.6.1-38.41`	core9.ppc core9.x86-64 core9.s390 sles9-nld.x86 core9.s390x sles9-nlpos.x86 sles9-oes.x86 core9.x86 sles9-nld.x86-64 core9.ia64 YOU Patch Nr: 12470
SUSE CORE 9 for IBM POWER	`libtiff >= 3.6.1-38.41` `libtiff-64bit >= 9-200908071517` `tiff >= 3.6.1-38.41`	core9.ppc core9.x86-64 core9.s390 sles9-nld.x86 core9.s390x sles9-nlpos.x86 sles9-oes.x86 core9.x86 sles9-nld.x86-64 core9.ia64 YOU Patch Nr: 12470
Novell Linux Desktop 9 for x86_64 SUSE CORE 9 for AMD64 and Intel EM64T SUSE CORE 9 for IBM zSeries 64bit	`libtiff >= 3.6.1-38.41` `libtiff-32bit >= 9-200908071506` `tiff >= 3.6.1-38.41`	core9.ppc core9.x86-64 core9.s390 sles9-nld.x86 core9.s390x sles9-nlpos.x86 sles9-oes.x86 core9.x86 sles9-nld.x86-64 core9.ia64 YOU Patch Nr: 12470
SUSE CORE 9 for AMD64 and Intel EM64T	`libtiff >= 3.6.1-38.50` `tiff >= 3.6.1-38.50`	Builds YOU Patch Nr: 12741
SUSE Linux Enterprise Desktop 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP2 for x86	`libtiff >= 3.8.2-5.16` `libtiff-devel >= 3.8.2-5.16` `tiff >= 3.8.2-5.16`	sle10-sp2-sdk.x86-64 sles10-sp2.s390x sle10-sp2-sdk.ia64 sle10-sp2-sdk.ppc sle10-sp2-sdk.x86 sled10-sp2.x86-64 sles10-sp2.ia64 sles10-sp2.ppc sles10-sp2.x86 sled10-sp2.x86 sles10-sp2.x86-64 sle10-sp2-sdk.s390x ZYPP Patch Nr: 6407
SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T	`libtiff >= 3.8.2-5.16` `libtiff-32bit >= 3.8.2-5.16` `libtiff-devel >= 3.8.2-5.16` `tiff >= 3.8.2-5.16`	sle10-sp2-sdk.x86-64 sles10-sp2.s390x sle10-sp2-sdk.ia64 sle10-sp2-sdk.ppc sle10-sp2-sdk.x86 sled10-sp2.x86-64 sles10-sp2.ia64 sles10-sp2.ppc sles10-sp2.x86 sled10-sp2.x86 sles10-sp2.x86-64 sle10-sp2-sdk.s390x ZYPP Patch Nr: 6407
SUSE Linux Enterprise Server 10 SP2 for IPF	`libtiff >= 3.8.2-5.16` `libtiff-devel >= 3.8.2-5.16` `libtiff-x86 >= 3.8.2-5.16` `tiff >= 3.8.2-5.16`	sle10-sp2-sdk.x86-64 sles10-sp2.s390x sle10-sp2-sdk.ia64 sle10-sp2-sdk.ppc sle10-sp2-sdk.x86 sled10-sp2.x86-64 sles10-sp2.ia64 sles10-sp2.ppc sles10-sp2.x86 sled10-sp2.x86 sles10-sp2.x86-64 sle10-sp2-sdk.s390x ZYPP Patch Nr: 6407
SUSE Linux Enterprise Server 10 SP2 for IBM POWER	`libtiff >= 3.8.2-5.16` `libtiff-64bit >= 3.8.2-5.16` `libtiff-devel >= 3.8.2-5.16` `libtiff-devel-64bit >= 3.8.2-5.16` `tiff >= 3.8.2-5.16`	sle10-sp2-sdk.x86-64 sles10-sp2.s390x sle10-sp2-sdk.ia64 sle10-sp2-sdk.ppc sle10-sp2-sdk.x86 sled10-sp2.x86-64 sles10-sp2.ia64 sles10-sp2.ppc sles10-sp2.x86 sled10-sp2.x86 sles10-sp2.x86-64 sle10-sp2-sdk.s390x ZYPP Patch Nr: 6407
SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit	`libtiff >= 3.8.2-5.16` `libtiff-32bit >= 3.8.2-5.16` `libtiff-devel >= 3.8.2-5.16` `libtiff-devel-32bit >= 3.8.2-5.16` `tiff >= 3.8.2-5.16`	sle10-sp2-sdk.x86-64 sles10-sp2.s390x sle10-sp2-sdk.ia64 sle10-sp2-sdk.ppc sle10-sp2-sdk.x86 sled10-sp2.x86-64 sles10-sp2.ia64 sles10-sp2.ppc sles10-sp2.x86 sled10-sp2.x86 sles10-sp2.x86-64 sle10-sp2-sdk.s390x ZYPP Patch Nr: 6407

Markets

Products By Category

Novell

NetIQ (Moving soon to NetIQ.com)

A-Z

Contribute