CVE-2011-1167

Common Vulnerabilities and Exposures

Upstream information

CVE-2011-1167 at MITRE

Description

Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.

NVD CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entry: 683337

SUSE Security Advisories:

SUSE-SR:2011:008, published Tue, 03 May 2011 11:00:00 +0000
SUSE-SR:2011:009, published Tue, 17 May 2011 10:00:00 +0000
openSUSE-SU-2011:0405-1, published Fri, 29 Apr 2011 08:08:16 +0200 (CEST)
openSUSE-SU-2011:0409-1, published Fri, 29 Apr 2011 09:08:12 +0200 (CEST)

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE 11.2	`libtiff3-debuginfo >= 3.8.2-145.150.1` `libtiff3-debuginfo-32bit >= 3.8.2-145.150.1` `tiff-debuginfo >= 3.8.2-145.150.1` `tiff-debugsource >= 3.8.2-145.150.1`
openSUSE 11.2	`libtiff-devel >= 3.8.2-145.150.1` `libtiff-devel-32bit >= 3.8.2-145.150.1` `libtiff3 >= 3.8.2-145.150.1` `libtiff3-32bit >= 3.8.2-145.150.1` `tiff >= 3.8.2-145.150.1`
SUSE Linux Enterprise Desktop 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for x86	`libtiff >= 3.8.2-5.24.1` `libtiff-devel >= 3.8.2-5.24.1` `tiff >= 3.8.2-5.24.1`	sled10-sp4.x86 sles10-sp4.x86 sles10-sp4.s390x sles10-sp4.ia64 sle10-sp4-sdk.x86-64 sles10-sp4.ppc sle10-sp4-sdk.ia64 sle10-sp4-sdk.s390x sled10-sp4.x86-64 sle10-sp4-sdk.x86 sles10-sp4.x86-64 sle10-sp4-sdk.ppc ZYPP Patch Nr: 7474
SUSE Linux Enterprise Desktop 10 SP4 for AMD64 and Intel EM64T	`libtiff >= 3.8.2-5.24.1` `libtiff-32bit >= 3.8.2-5.24.1` `libtiff-devel >= 3.8.2-5.24.1` `tiff >= 3.8.2-5.24.1`	sled10-sp4.x86 sles10-sp4.x86 sles10-sp4.s390x sles10-sp4.ia64 sle10-sp4-sdk.x86-64 sles10-sp4.ppc sle10-sp4-sdk.ia64 sle10-sp4-sdk.s390x sled10-sp4.x86-64 sle10-sp4-sdk.x86 sles10-sp4.x86-64 sle10-sp4-sdk.ppc ZYPP Patch Nr: 7474
SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for x86	`libtiff-devel >= 3.8.2-5.24.1`	sled10-sp4.x86 sles10-sp4.x86 sles10-sp4.s390x sles10-sp4.ia64 sle10-sp4-sdk.x86-64 sles10-sp4.ppc sle10-sp4-sdk.ia64 sle10-sp4-sdk.s390x sled10-sp4.x86-64 sle10-sp4-sdk.x86 sles10-sp4.x86-64 sle10-sp4-sdk.ppc ZYPP Patch Nr: 7474
SLE SDK 10 SP4 for IBM iSeries and IBM pSeries	`libtiff-devel >= 3.8.2-5.24.1` `libtiff-devel-64bit >= 3.8.2-5.24.1`	sled10-sp4.x86 sles10-sp4.x86 sles10-sp4.s390x sles10-sp4.ia64 sle10-sp4-sdk.x86-64 sles10-sp4.ppc sle10-sp4-sdk.ia64 sle10-sp4-sdk.s390x sled10-sp4.x86-64 sle10-sp4-sdk.x86 sles10-sp4.x86-64 sle10-sp4-sdk.ppc ZYPP Patch Nr: 7474
SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for X86-64	`libtiff-devel >= 3.8.2-5.24.1` `libtiff-devel-32bit >= 3.8.2-5.24.1`	sled10-sp4.x86 sles10-sp4.x86 sles10-sp4.s390x sles10-sp4.ia64 sle10-sp4-sdk.x86-64 sles10-sp4.ppc sle10-sp4-sdk.ia64 sle10-sp4-sdk.s390x sled10-sp4.x86-64 sle10-sp4-sdk.x86 sles10-sp4.x86-64 sle10-sp4-sdk.ppc ZYPP Patch Nr: 7474
SUSE Linux Enterprise Server 10 SP4 for IPF	`libtiff >= 3.8.2-5.24.1` `libtiff-devel >= 3.8.2-5.24.1` `libtiff-x86 >= 3.8.2-5.24.1` `tiff >= 3.8.2-5.24.1`	sled10-sp4.x86 sles10-sp4.x86 sles10-sp4.s390x sles10-sp4.ia64 sle10-sp4-sdk.x86-64 sles10-sp4.ppc sle10-sp4-sdk.ia64 sle10-sp4-sdk.s390x sled10-sp4.x86-64 sle10-sp4-sdk.x86 sles10-sp4.x86-64 sle10-sp4-sdk.ppc ZYPP Patch Nr: 7474
SUSE Linux Enterprise Server 10 SP4 for IBM POWER	`libtiff >= 3.8.2-5.24.1` `libtiff-64bit >= 3.8.2-5.24.1` `libtiff-devel >= 3.8.2-5.24.1` `libtiff-devel-64bit >= 3.8.2-5.24.1` `tiff >= 3.8.2-5.24.1`	sled10-sp4.x86 sles10-sp4.x86 sles10-sp4.s390x sles10-sp4.ia64 sle10-sp4-sdk.x86-64 sles10-sp4.ppc sle10-sp4-sdk.ia64 sle10-sp4-sdk.s390x sled10-sp4.x86-64 sle10-sp4-sdk.x86 sles10-sp4.x86-64 sle10-sp4-sdk.ppc ZYPP Patch Nr: 7474
SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit	`libtiff >= 3.8.2-5.24.1` `libtiff-32bit >= 3.8.2-5.24.1` `libtiff-devel >= 3.8.2-5.24.1` `libtiff-devel-32bit >= 3.8.2-5.24.1` `tiff >= 3.8.2-5.24.1`	sled10-sp4.x86 sles10-sp4.x86 sles10-sp4.s390x sles10-sp4.ia64 sle10-sp4-sdk.x86-64 sles10-sp4.ppc sle10-sp4-sdk.ia64 sle10-sp4-sdk.s390x sled10-sp4.x86-64 sle10-sp4-sdk.x86 sles10-sp4.x86-64 sle10-sp4-sdk.ppc ZYPP Patch Nr: 7474
SUSE Linux Enterprise SDK 10 SP3	`libtiff-devel >= 3.8.2-5.24.1`	sles10-sp3.ppc sles10-sp3.ia64 sle10-sp3-sdk.ppc sles10-sp3.x86-64 sle10-sp3-sdk.x86 sles10-sp3.s390x sles10-sp3.x86 sle10-sp3-sdk.ia64 sle10-sp3-sdk.x86-64 sle10-sp3-sdk.s390x ZYPP Patch Nr: 7473
SUSE Linux Enterprise SDK 10 SP3	`libtiff-devel >= 3.8.2-5.24.1` `libtiff-devel-64bit >= 3.8.2-5.24.1`	sles10-sp3.ppc sles10-sp3.ia64 sle10-sp3-sdk.ppc sles10-sp3.x86-64 sle10-sp3-sdk.x86 sles10-sp3.s390x sles10-sp3.x86 sle10-sp3-sdk.ia64 sle10-sp3-sdk.x86-64 sle10-sp3-sdk.s390x ZYPP Patch Nr: 7473
SUSE Linux Enterprise SDK 10 SP3	`libtiff-devel >= 3.8.2-5.24.1` `libtiff-devel-32bit >= 3.8.2-5.24.1`	sles10-sp3.ppc sles10-sp3.ia64 sle10-sp3-sdk.ppc sles10-sp3.x86-64 sle10-sp3-sdk.x86 sles10-sp3.s390x sles10-sp3.x86 sle10-sp3-sdk.ia64 sle10-sp3-sdk.x86-64 sle10-sp3-sdk.s390x ZYPP Patch Nr: 7473
SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3	`libtiff >= 3.8.2-5.24.1` `libtiff-32bit >= 3.8.2-5.24.1` `libtiff-devel >= 3.8.2-5.24.1` `libtiff-devel-32bit >= 3.8.2-5.24.1` `tiff >= 3.8.2-5.24.1`	sles10-sp3.ppc sles10-sp3.ia64 sle10-sp3-sdk.ppc sles10-sp3.x86-64 sle10-sp3-sdk.x86 sles10-sp3.s390x sles10-sp3.x86 sle10-sp3-sdk.ia64 sle10-sp3-sdk.x86-64 sle10-sp3-sdk.s390x ZYPP Patch Nr: 7473
SUSE Linux Enterprise Server 10 SP3	`libtiff >= 3.8.2-5.24.1` `libtiff-devel >= 3.8.2-5.24.1` `tiff >= 3.8.2-5.24.1`	sles10-sp3.ppc sles10-sp3.ia64 sle10-sp3-sdk.ppc sles10-sp3.x86-64 sle10-sp3-sdk.x86 sles10-sp3.s390x sles10-sp3.x86 sle10-sp3-sdk.ia64 sle10-sp3-sdk.x86-64 sle10-sp3-sdk.s390x ZYPP Patch Nr: 7473
SUSE Linux Enterprise Server 10 SP3	`libtiff >= 3.8.2-5.24.1` `libtiff-devel >= 3.8.2-5.24.1` `libtiff-x86 >= 3.8.2-5.24.1` `tiff >= 3.8.2-5.24.1`	sles10-sp3.ppc sles10-sp3.ia64 sle10-sp3-sdk.ppc sles10-sp3.x86-64 sle10-sp3-sdk.x86 sles10-sp3.s390x sles10-sp3.x86 sle10-sp3-sdk.ia64 sle10-sp3-sdk.x86-64 sle10-sp3-sdk.s390x ZYPP Patch Nr: 7473
SUSE Linux Enterprise Server 10 SP3	`libtiff >= 3.8.2-5.24.1` `libtiff-64bit >= 3.8.2-5.24.1` `libtiff-devel >= 3.8.2-5.24.1` `libtiff-devel-64bit >= 3.8.2-5.24.1` `tiff >= 3.8.2-5.24.1`	sles10-sp3.ppc sles10-sp3.ia64 sle10-sp3-sdk.ppc sles10-sp3.x86-64 sle10-sp3-sdk.x86 sles10-sp3.s390x sles10-sp3.x86 sle10-sp3-sdk.ia64 sle10-sp3-sdk.x86-64 sle10-sp3-sdk.s390x ZYPP Patch Nr: 7473
Open Enterprise Server	`libtiff >= 3.6.1-38.48` `tiff >= 3.6.1-38.48`	core9.s390 core9.x86-64 sles9-nlpos.x86 core9.ppc core9.s390x core9.x86 sles9-oes.x86 core9.ia64 YOU Patch Nr: 12702
openSUSE 11.3	`libtiff3-debuginfo >= 3.9.2-5.10.1` `libtiff3-debuginfo-32bit >= 3.9.2-5.10.1` `tiff-debuginfo >= 3.9.2-5.10.1` `tiff-debugsource >= 3.9.2-5.10.1`
openSUSE 11.3	`libtiff-devel >= 3.9.2-5.10.1` `libtiff-devel-32bit >= 3.9.2-5.10.1` `libtiff3 >= 3.9.2-5.10.1` `libtiff3-32bit >= 3.9.2-5.10.1` `tiff >= 3.9.2-5.10.1`
openSUSE 11.4 DEBUGINFO	`libtiff3-debuginfo >= 3.9.4-3.7.1` `libtiff3-debuginfo-32bit >= 3.9.4-3.7.1` `tiff-debuginfo >= 3.9.4-3.7.1` `tiff-debugsource >= 3.9.4-3.7.1`
openSUSE 11.4	`libtiff-devel >= 3.9.4-3.7.1` `libtiff-devel-32bit >= 3.9.4-3.7.1` `libtiff3 >= 3.9.4-3.7.1` `libtiff3-32bit >= 3.9.4-3.7.1` `tiff >= 3.9.4-3.7.1`
SLE 11 SP1 DEBUGINFO	`tiff-debuginfo >= 3.8.2-141.142.1` `tiff-debugsource >= 3.8.2-141.142.1`	sle11-sp1-sdk.x86 sled11-sp1.x86-64 sles11-sp1.s390x sles11-sp1.ia64 sles11-sp1.x86 sles11-sp1-vmware.x86 sle11-sp1-sdk.s390x sles11-sp1.x86-64 sle11-sp1-sdk.ppc sles11-sp1.ppc sle11-sp1-sdk.ia64 sles11-sp1-vmware.x86-64 sle11-sp1-sdk.x86-64 sled11-sp1.x86 SAT Patch Nr: 4397
SUSE Linux Enterprise Software Development Kit 11 SP1	`libtiff-devel >= 3.8.2-141.142.1`	sle11-sp1-sdk.x86 sled11-sp1.x86-64 sles11-sp1.s390x sles11-sp1.ia64 sles11-sp1.x86 sles11-sp1-vmware.x86 sle11-sp1-sdk.s390x sles11-sp1.x86-64 sle11-sp1-sdk.ppc sles11-sp1.ppc sle11-sp1-sdk.ia64 sles11-sp1-vmware.x86-64 sle11-sp1-sdk.x86-64 sled11-sp1.x86 SAT Patch Nr: 4397
SUSE Linux Enterprise Software Development Kit 11 SP1	`libtiff-devel >= 3.8.2-141.142.1` `libtiff-devel-32bit >= 3.8.2-141.142.1`	sle11-sp1-sdk.x86 sled11-sp1.x86-64 sles11-sp1.s390x sles11-sp1.ia64 sles11-sp1.x86 sles11-sp1-vmware.x86 sle11-sp1-sdk.s390x sles11-sp1.x86-64 sle11-sp1-sdk.ppc sles11-sp1.ppc sle11-sp1-sdk.ia64 sles11-sp1-vmware.x86-64 sle11-sp1-sdk.x86-64 sled11-sp1.x86 SAT Patch Nr: 4397
SUSE Linux Enterprise Desktop 11 SP1	`libtiff3 >= 3.8.2-141.142.1`	sle11-sp1-sdk.x86 sled11-sp1.x86-64 sles11-sp1.s390x sles11-sp1.ia64 sles11-sp1.x86 sles11-sp1-vmware.x86 sle11-sp1-sdk.s390x sles11-sp1.x86-64 sle11-sp1-sdk.ppc sles11-sp1.ppc sle11-sp1-sdk.ia64 sles11-sp1-vmware.x86-64 sle11-sp1-sdk.x86-64 sled11-sp1.x86 SAT Patch Nr: 4397
SUSE Linux Enterprise Desktop 11 SP1	`libtiff3 >= 3.8.2-141.142.1` `libtiff3-32bit >= 3.8.2-141.142.1`	sle11-sp1-sdk.x86 sled11-sp1.x86-64 sles11-sp1.s390x sles11-sp1.ia64 sles11-sp1.x86 sles11-sp1-vmware.x86 sle11-sp1-sdk.s390x sles11-sp1.x86-64 sle11-sp1-sdk.ppc sles11-sp1.ppc sle11-sp1-sdk.ia64 sles11-sp1-vmware.x86-64 sle11-sp1-sdk.x86-64 sled11-sp1.x86 SAT Patch Nr: 4397
SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1 for VMware	`libtiff3 >= 3.8.2-141.142.1` `tiff >= 3.8.2-141.142.1`	sle11-sp1-sdk.x86 sled11-sp1.x86-64 sles11-sp1.s390x sles11-sp1.ia64 sles11-sp1.x86 sles11-sp1-vmware.x86 sle11-sp1-sdk.s390x sles11-sp1.x86-64 sle11-sp1-sdk.ppc sles11-sp1.ppc sle11-sp1-sdk.ia64 sles11-sp1-vmware.x86-64 sle11-sp1-sdk.x86-64 sled11-sp1.x86 SAT Patch Nr: 4397
SUSE Linux Enterprise Server 11 SP1	`libtiff3 >= 3.8.2-141.142.1` `libtiff3-x86 >= 3.8.2-141.142.1` `tiff >= 3.8.2-141.142.1`	sle11-sp1-sdk.x86 sled11-sp1.x86-64 sles11-sp1.s390x sles11-sp1.ia64 sles11-sp1.x86 sles11-sp1-vmware.x86 sle11-sp1-sdk.s390x sles11-sp1.x86-64 sle11-sp1-sdk.ppc sles11-sp1.ppc sle11-sp1-sdk.ia64 sles11-sp1-vmware.x86-64 sle11-sp1-sdk.x86-64 sled11-sp1.x86 SAT Patch Nr: 4397
SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1 for VMware	`libtiff3 >= 3.8.2-141.142.1` `libtiff3-32bit >= 3.8.2-141.142.1` `tiff >= 3.8.2-141.142.1`	sle11-sp1-sdk.x86 sled11-sp1.x86-64 sles11-sp1.s390x sles11-sp1.ia64 sles11-sp1.x86 sles11-sp1-vmware.x86 sle11-sp1-sdk.s390x sles11-sp1.x86-64 sle11-sp1-sdk.ppc sles11-sp1.ppc sle11-sp1-sdk.ia64 sles11-sp1-vmware.x86-64 sle11-sp1-sdk.x86-64 sled11-sp1.x86 SAT Patch Nr: 4397

Products

Products By Category

Collaboration

Endpoint Management

File & Networking Services

Services & Support

Help Yourself

Let Us Help

Download

IT Consulting

Technical Training

Customer Center

Contribute

Partners

Partner With Novell

PartnerNet

Find a Partner

Developers

Communities

About Novell

How to Buy