CVE-2012-3401

Common Vulnerabilities and Exposures

Upstream information

CVE-2012-3401 at MITRE

Description

The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow.

NVD CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entry: 770816

SUSE Security Advisories:

openSUSE-SU-2012:0955-1, published Mon, 6 Aug 2012 12:08:41 +0200 (CEST)

List of released packages

Product(s)	Fixed package version(s)	References
SUSE CORE 9 for AMD64 and Intel EM64T	`libtiff >= 3.6.1-38.58` `libtiff-32bit >= 9-201207191441` `tiff >= 3.6.1-38.58`	Builds YOU Patch Nr: 12901
SLE 11 SP1 DEBUGINFO	`tiff-debuginfo >= 3.8.2-141.148.1` `tiff-debugsource >= 3.8.2-141.148.1`	sle11-sp1-sdk.x86-64 sle11-sp1-sdk.s390x sled11-sp2.x86 sles11-sp2.s390x sled11-sp1.x86-64 sles11-sp2.x86 sles11-sp1.x86 sles11-sp2.ia64 sle11-sp2-sdk.s390x sle11-sp1-sdk.x86 sled11-sp1.x86 sles11-sp1.ppc sle11-sp2-sdk.x86-64 sles11-sp2.ppc sle11-sp2-sdk.ia64 sle11-sp2-sdk.ppc sle11-sp1-sdk.ia64 sles11-sp1-vmware.x86 sles11-sp1-vmware.x86-64 sles11-sp1.s390x sle11-sp1-sdk.ppc sle11-sp2-sdk.x86 sles11-sp1.x86-64 sles11-sp2.x86-64 sles11-sp1.ia64 sled11-sp2.x86-64 SAT Patch Nr: 6579
SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Software Development Kit 11 SP2	`libtiff-devel >= 3.8.2-141.148.1`	sle11-sp1-sdk.x86-64 sle11-sp1-sdk.s390x sled11-sp2.x86 sles11-sp2.s390x sled11-sp1.x86-64 sles11-sp2.x86 sles11-sp1.x86 sles11-sp2.ia64 sle11-sp2-sdk.s390x sle11-sp1-sdk.x86 sled11-sp1.x86 sles11-sp1.ppc sle11-sp2-sdk.x86-64 sles11-sp2.ppc sle11-sp2-sdk.ia64 sle11-sp2-sdk.ppc sle11-sp1-sdk.ia64 sles11-sp1-vmware.x86 sles11-sp1-vmware.x86-64 sles11-sp1.s390x sle11-sp1-sdk.ppc sle11-sp2-sdk.x86 sles11-sp1.x86-64 sles11-sp2.x86-64 sles11-sp1.ia64 sled11-sp2.x86-64 SAT Patch Nr: 6579
SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Software Development Kit 11 SP2	`libtiff-devel >= 3.8.2-141.148.1` `libtiff-devel-32bit >= 3.8.2-141.148.1`	sle11-sp1-sdk.x86-64 sle11-sp1-sdk.s390x sled11-sp2.x86 sles11-sp2.s390x sled11-sp1.x86-64 sles11-sp2.x86 sles11-sp1.x86 sles11-sp2.ia64 sle11-sp2-sdk.s390x sle11-sp1-sdk.x86 sled11-sp1.x86 sles11-sp1.ppc sle11-sp2-sdk.x86-64 sles11-sp2.ppc sle11-sp2-sdk.ia64 sle11-sp2-sdk.ppc sle11-sp1-sdk.ia64 sles11-sp1-vmware.x86 sles11-sp1-vmware.x86-64 sles11-sp1.s390x sle11-sp1-sdk.ppc sle11-sp2-sdk.x86 sles11-sp1.x86-64 sles11-sp2.x86-64 sles11-sp1.ia64 sled11-sp2.x86-64 SAT Patch Nr: 6579
SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 11 SP2	`libtiff3 >= 3.8.2-141.148.1`	sle11-sp1-sdk.x86-64 sle11-sp1-sdk.s390x sled11-sp2.x86 sles11-sp2.s390x sled11-sp1.x86-64 sles11-sp2.x86 sles11-sp1.x86 sles11-sp2.ia64 sle11-sp2-sdk.s390x sle11-sp1-sdk.x86 sled11-sp1.x86 sles11-sp1.ppc sle11-sp2-sdk.x86-64 sles11-sp2.ppc sle11-sp2-sdk.ia64 sle11-sp2-sdk.ppc sle11-sp1-sdk.ia64 sles11-sp1-vmware.x86 sles11-sp1-vmware.x86-64 sles11-sp1.s390x sle11-sp1-sdk.ppc sle11-sp2-sdk.x86 sles11-sp1.x86-64 sles11-sp2.x86-64 sles11-sp1.ia64 sled11-sp2.x86-64 SAT Patch Nr: 6579
SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 11 SP2	`libtiff3 >= 3.8.2-141.148.1` `libtiff3-32bit >= 3.8.2-141.148.1`	sle11-sp1-sdk.x86-64 sle11-sp1-sdk.s390x sled11-sp2.x86 sles11-sp2.s390x sled11-sp1.x86-64 sles11-sp2.x86 sles11-sp1.x86 sles11-sp2.ia64 sle11-sp2-sdk.s390x sle11-sp1-sdk.x86 sled11-sp1.x86 sles11-sp1.ppc sle11-sp2-sdk.x86-64 sles11-sp2.ppc sle11-sp2-sdk.ia64 sle11-sp2-sdk.ppc sle11-sp1-sdk.ia64 sles11-sp1-vmware.x86 sles11-sp1-vmware.x86-64 sles11-sp1.s390x sle11-sp1-sdk.ppc sle11-sp2-sdk.x86 sles11-sp1.x86-64 sles11-sp2.x86-64 sles11-sp1.ia64 sled11-sp2.x86-64 SAT Patch Nr: 6579
SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP2	`libtiff3 >= 3.8.2-141.148.1` `tiff >= 3.8.2-141.148.1`	sle11-sp1-sdk.x86-64 sle11-sp1-sdk.s390x sled11-sp2.x86 sles11-sp2.s390x sled11-sp1.x86-64 sles11-sp2.x86 sles11-sp1.x86 sles11-sp2.ia64 sle11-sp2-sdk.s390x sle11-sp1-sdk.x86 sled11-sp1.x86 sles11-sp1.ppc sle11-sp2-sdk.x86-64 sles11-sp2.ppc sle11-sp2-sdk.ia64 sle11-sp2-sdk.ppc sle11-sp1-sdk.ia64 sles11-sp1-vmware.x86 sles11-sp1-vmware.x86-64 sles11-sp1.s390x sle11-sp1-sdk.ppc sle11-sp2-sdk.x86 sles11-sp1.x86-64 sles11-sp2.x86-64 sles11-sp1.ia64 sled11-sp2.x86-64 SAT Patch Nr: 6579
SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP2	`libtiff3 >= 3.8.2-141.148.1` `libtiff3-x86 >= 3.8.2-141.148.1` `tiff >= 3.8.2-141.148.1`	sle11-sp1-sdk.x86-64 sle11-sp1-sdk.s390x sled11-sp2.x86 sles11-sp2.s390x sled11-sp1.x86-64 sles11-sp2.x86 sles11-sp1.x86 sles11-sp2.ia64 sle11-sp2-sdk.s390x sle11-sp1-sdk.x86 sled11-sp1.x86 sles11-sp1.ppc sle11-sp2-sdk.x86-64 sles11-sp2.ppc sle11-sp2-sdk.ia64 sle11-sp2-sdk.ppc sle11-sp1-sdk.ia64 sles11-sp1-vmware.x86 sles11-sp1-vmware.x86-64 sles11-sp1.s390x sle11-sp1-sdk.ppc sle11-sp2-sdk.x86 sles11-sp1.x86-64 sles11-sp2.x86-64 sles11-sp1.ia64 sled11-sp2.x86-64 SAT Patch Nr: 6579
SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP2	`libtiff3 >= 3.8.2-141.148.1` `libtiff3-32bit >= 3.8.2-141.148.1` `tiff >= 3.8.2-141.148.1`	sle11-sp1-sdk.x86-64 sle11-sp1-sdk.s390x sled11-sp2.x86 sles11-sp2.s390x sled11-sp1.x86-64 sles11-sp2.x86 sles11-sp1.x86 sles11-sp2.ia64 sle11-sp2-sdk.s390x sle11-sp1-sdk.x86 sled11-sp1.x86 sles11-sp1.ppc sle11-sp2-sdk.x86-64 sles11-sp2.ppc sle11-sp2-sdk.ia64 sle11-sp2-sdk.ppc sle11-sp1-sdk.ia64 sles11-sp1-vmware.x86 sles11-sp1-vmware.x86-64 sles11-sp1.s390x sle11-sp1-sdk.ppc sle11-sp2-sdk.x86 sles11-sp1.x86-64 sles11-sp2.x86-64 sles11-sp1.ia64 sled11-sp2.x86-64 SAT Patch Nr: 6579
SUSE Linux Enterprise Desktop 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for x86	`libtiff >= 3.8.2-5.30.5` `libtiff-devel >= 3.8.2-5.30.5` `tiff >= 3.8.2-5.30.5`	sle10-sp4-sdk.x86-64 sled10-sp4.x86-64 sle10-sp4-sdk.s390x sled10-sp4.x86 sle10-sp4-sdk.ppc sles10-sp4.x86-64 sles10-sp4.ia64 sle10-sp4-sdk.ia64 sles10-sp4.s390x sles10-sp4.ppc sle10-sp4-sdk.x86 sles10-sp4.x86 ZYPP Patch Nr: 8230
SUSE Linux Enterprise Desktop 10 SP4 for AMD64 and Intel EM64T	`libtiff >= 3.8.2-5.30.5` `libtiff-32bit >= 3.8.2-5.30.5` `libtiff-devel >= 3.8.2-5.30.5` `tiff >= 3.8.2-5.30.5`	sle10-sp4-sdk.x86-64 sled10-sp4.x86-64 sle10-sp4-sdk.s390x sled10-sp4.x86 sle10-sp4-sdk.ppc sles10-sp4.x86-64 sles10-sp4.ia64 sle10-sp4-sdk.ia64 sles10-sp4.s390x sles10-sp4.ppc sle10-sp4-sdk.x86 sles10-sp4.x86 ZYPP Patch Nr: 8230
SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for x86	`libtiff-devel >= 3.8.2-5.30.5`	sle10-sp4-sdk.x86-64 sled10-sp4.x86-64 sle10-sp4-sdk.s390x sled10-sp4.x86 sle10-sp4-sdk.ppc sles10-sp4.x86-64 sles10-sp4.ia64 sle10-sp4-sdk.ia64 sles10-sp4.s390x sles10-sp4.ppc sle10-sp4-sdk.x86 sles10-sp4.x86 ZYPP Patch Nr: 8230
SLE SDK 10 SP4 for IBM iSeries and IBM pSeries	`libtiff-devel >= 3.8.2-5.30.5` `libtiff-devel-64bit >= 3.8.2-5.30.5`	sle10-sp4-sdk.x86-64 sled10-sp4.x86-64 sle10-sp4-sdk.s390x sled10-sp4.x86 sle10-sp4-sdk.ppc sles10-sp4.x86-64 sles10-sp4.ia64 sle10-sp4-sdk.ia64 sles10-sp4.s390x sles10-sp4.ppc sle10-sp4-sdk.x86 sles10-sp4.x86 ZYPP Patch Nr: 8230
SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for X86-64	`libtiff-devel >= 3.8.2-5.30.5` `libtiff-devel-32bit >= 3.8.2-5.30.5`	sle10-sp4-sdk.x86-64 sled10-sp4.x86-64 sle10-sp4-sdk.s390x sled10-sp4.x86 sle10-sp4-sdk.ppc sles10-sp4.x86-64 sles10-sp4.ia64 sle10-sp4-sdk.ia64 sles10-sp4.s390x sles10-sp4.ppc sle10-sp4-sdk.x86 sles10-sp4.x86 ZYPP Patch Nr: 8230
SUSE Linux Enterprise Server 10 SP4 for IPF	`libtiff >= 3.8.2-5.30.5` `libtiff-devel >= 3.8.2-5.30.5` `libtiff-x86 >= 3.8.2-5.30.5` `tiff >= 3.8.2-5.30.5`	sle10-sp4-sdk.x86-64 sled10-sp4.x86-64 sle10-sp4-sdk.s390x sled10-sp4.x86 sle10-sp4-sdk.ppc sles10-sp4.x86-64 sles10-sp4.ia64 sle10-sp4-sdk.ia64 sles10-sp4.s390x sles10-sp4.ppc sle10-sp4-sdk.x86 sles10-sp4.x86 ZYPP Patch Nr: 8230
SUSE Linux Enterprise Server 10 SP4 for IBM POWER	`libtiff >= 3.8.2-5.30.5` `libtiff-64bit >= 3.8.2-5.30.5` `libtiff-devel >= 3.8.2-5.30.5` `libtiff-devel-64bit >= 3.8.2-5.30.5` `tiff >= 3.8.2-5.30.5`	sle10-sp4-sdk.x86-64 sled10-sp4.x86-64 sle10-sp4-sdk.s390x sled10-sp4.x86 sle10-sp4-sdk.ppc sles10-sp4.x86-64 sles10-sp4.ia64 sle10-sp4-sdk.ia64 sles10-sp4.s390x sles10-sp4.ppc sle10-sp4-sdk.x86 sles10-sp4.x86 ZYPP Patch Nr: 8230
SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit	`libtiff >= 3.8.2-5.30.5` `libtiff-32bit >= 3.8.2-5.30.5` `libtiff-devel >= 3.8.2-5.30.5` `libtiff-devel-32bit >= 3.8.2-5.30.5` `tiff >= 3.8.2-5.30.5`	sle10-sp4-sdk.x86-64 sled10-sp4.x86-64 sle10-sp4-sdk.s390x sled10-sp4.x86 sle10-sp4-sdk.ppc sles10-sp4.x86-64 sles10-sp4.ia64 sle10-sp4-sdk.ia64 sles10-sp4.s390x sles10-sp4.ppc sle10-sp4-sdk.x86 sles10-sp4.x86 ZYPP Patch Nr: 8230

Products

Products By Category

Collaboration

Endpoint Management

File & Networking Services

Services & Support

Help Yourself

Let Us Help

Download

IT Consulting

Technical Training

Customer Center

Contribute

Partners

Partner With Novell

PartnerNet

Find a Partner

Developers

Communities

About Novell

How to Buy