Vulnerability Details : CVE-2009-2285

Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.
Publish Date : 2009-07-01 Last Update Date : 2018-10-03

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

CVSS Score	4.3
Confidentiality Impact	Partial (There is considerable informational disclosure.)
Integrity Impact	None (There is no impact to the integrity of the system)
Availability Impact	None (There is no impact to the availability of the system.)
Access Complexity	Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication	Not required (Authentication is not required to exploit the vulnerability.)
Gained Access	None
Vulnerability Type(s)	Denial Of ServiceOverflow
CWE ID	119

- Additional Vendor Supplied Data

Vendor	Impact	CVSS Score	CVSS Vector	Report Date	Publish Date
Redhat	moderate	5.0	AV:N/AC:L/Au:N/C:N/I:N/A:P	2009-06-22	2009-01-03

If you are a vendor and you have additional data which can be automatically imported into our database, please contact admin @ cvedetails.com

- Related OVAL Definitions

Title	Definition Id	Family
Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial o...	oval:org.mitre.oval:def:10145	unix
CVE-2009-2285	oval:org.opensuse.security:def:20092285	unix
DSA-1835 tiff -- several vulnerabilities	oval:org.mitre.oval:def:7522	unix
DSA-1835-1 tiff -- several	oval:org.mitre.oval:def:13644	unix
ELSA-2009:1159: libtiff security update (Moderate)	oval:org.mitre.oval:def:22533	unix
LibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability	oval:org.mitre.oval:def:7049	windows
RHSA-2009:1159 -- libtiff security update (Moderate)	oval:org.mitre.oval:def:28879	unix
RHSA-2009:1159: libtiff security update (Moderate)	oval:com.redhat.rhsa:def:20091159	unix

OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.

- Products Affected By CVE-2009-2285

#	Product Type	Vendor	Product	Version	Update	Edition	Language
1	Application	Libtiff	Libtiff	3.8.2				Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
Libtiff	Libtiff	1

- References For CVE-2009-2285

https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00714.html
FEDORA FEDORA-2009-7763

https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00655.html
FEDORA FEDORA-2009-7717

https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00230.html
FEDORA FEDORA-2009-7417

https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00161.html
FEDORA FEDORA-2009-7358

https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00142.html
FEDORA FEDORA-2009-7335

http://security.gentoo.org/glsa/glsa-200908-03.xml
GENTOO GLSA-200908-03

http://sunsolve.sun.com/search/document.do?assetkey=1-66-267808-1
SUNALERT 267808

http://support.apple.com/kb/HT3937 CONFIRM

http://support.apple.com/kb/HT4004 CONFIRM

http://support.apple.com/kb/HT4013 CONFIRM

http://support.apple.com/kb/HT4070 CONFIRM

http://support.apple.com/kb/HT4105 CONFIRM

http://www.debian.org/security/2009/dsa-1835
DEBIAN DSA-1835

http://www.lan.st/showthread.php?t=1856&page=3

http://www.openwall.com/lists/oss-security/2009/06/22/1
MLIST [oss-security] 20090621 libtiff buffer underflow in LZWDecodeCompat

http://www.openwall.com/lists/oss-security/2009/06/23/1
MLIST [oss-security] 20090623 Re: libtiff buffer underflow in LZWDecodeCompat

https://usn.ubuntu.com/797-1/
UBUNTU USN-797-1

https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/380149 CONFIRM

http://www.vupen.com/english/advisories/2010/0173
VUPEN ADV-2010-0173

http://www.vupen.com/english/advisories/2009/3184
VUPEN ADV-2009-3184

http://www.redhat.com/support/errata/RHSA-2009-1159.html
REDHAT RHSA-2009:1159

http://www.vupen.com/english/advisories/2009/1637
VUPEN ADV-2009-1637

http://www.vupen.com/english/advisories/2009/2727
VUPEN ADV-2009-2727

http://www.openwall.com/lists/oss-security/2009/06/29/5
MLIST [oss-security] 20090629 CVE Request -- libtiff [was: Re: libtiff buffer underflow in LZWDecodeCompat]

http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
APPLE APPLE-SA-2010-01-19-1

http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html
APPLE APPLE-SA-2010-03-11-1

http://lists.apple.com/archives/security-announce/2010/Feb/msg00000.html
APPLE APPLE-SA-2010-02-02-1

http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html
APPLE APPLE-SA-2010-03-30-2

http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
APPLE APPLE-SA-2009-11-09-1

http://bugzilla.maptools.org/show_bug.cgi?id=2065 CONFIRM

- Metasploit Modules Related To CVE-2009-2285

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)