Vulnerability Details : CVE-2009-2285
Potential exploit
Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.
Vulnerability category: Denial of service
Products affected by CVE-2009-2285
- cpe:2.3:a:libtiff:libtiff:3.8.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-2285
15.55%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-2285
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2009-2285
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-2285
-
http://secunia.com/advisories/39135
Sign in
-
http://www.lan.st/showthread.php?t=1856&page=3
Origin DNS error | www.lan.st | CloudflareExploit
-
http://support.apple.com/kb/HT4070
About the security content of Safari 4.0.5 - Apple Support
-
http://www.vupen.com/english/advisories/2009/3184
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www.openwall.com/lists/oss-security/2009/06/23/1
oss-security - Re: libtiff buffer underflow in LZWDecodeCompat
-
http://support.apple.com/kb/HT4013
About the security content of iOS 3.1.3 and iOS 3.1.3 for iPod touch - Apple Support
-
http://secunia.com/advisories/35716
About Secunia Research | Flexera
-
http://secunia.com/advisories/35883
About Secunia Research | Flexera
-
http://www.openwall.com/lists/oss-security/2009/06/22/1
oss-security - libtiff buffer underflow in LZWDecodeCompatExploit
-
http://secunia.com/advisories/35695
About Secunia Research | Flexera
-
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00714.html
[SECURITY] Fedora 11 Update: mingw32-libtiff-3.8.2-17.fc11
-
http://secunia.com/advisories/38241
Sign in
-
http://www.openwall.com/lists/oss-security/2009/06/29/5
oss-security - CVE Request -- libtiff [was: Re: libtiff buffer underflow in LZWDecodeCompat]Exploit
-
http://security.gentoo.org/glsa/glsa-200908-03.xml
libTIFF: User-assisted execution of arbitrary code (GLSA 200908-03) — Gentoo security
-
http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
Apple - Lists.apple.com
-
http://www.redhat.com/support/errata/RHSA-2009-1159.html
Support
-
http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html
Apple - Lists.apple.com
-
http://www.vupen.com/english/advisories/2009/1637
Site en construction
-
http://support.apple.com/kb/HT4105
About the security content of iTunes 9.1 - Apple Support
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10145
404 Not Found
-
https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/380149
Bug #380149 “tiff2ps crashed with SIGSEGV in TIFFReadScanline()” : Bugs : tiff package : UbuntuExploit
-
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00142.html
[SECURITY] Fedora 9 Update: libtiff-3.8.2-13.fc9
-
http://lists.apple.com/archives/security-announce/2010/Feb/msg00000.html
Apple - Lists.apple.com
-
http://support.apple.com/kb/HT4004
About Security Update 2010-001 - Apple Support
-
http://support.apple.com/kb/HT3937
Page Not Found - Apple Support
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7049
404 Not Found
-
http://secunia.com/advisories/35912
About Secunia Research | Flexera
-
http://bugzilla.maptools.org/show_bug.cgi?id=2065
Bug 2065 – LZWDecodeCompat buffer underflowExploit
-
http://secunia.com/advisories/35866
About Secunia Research | Flexera
-
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00655.html
[SECURITY] Fedora 10 Update: mingw32-libtiff-3.8.2-17.fc10
-
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00230.html
[SECURITY] Fedora 11 Update: libtiff-3.8.2-13.fc11
-
https://usn.ubuntu.com/797-1/
404: Page not found | Ubuntu
-
http://secunia.com/advisories/36194
About Secunia Research | Flexera
-
http://www.debian.org/security/2009/dsa-1835
[SECURITY] [DSA 1835-1] New tiff packages fix several vulnerabilities
-
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
-
http://www.vupen.com/english/advisories/2009/2727
Site en construction
-
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00161.html
[SECURITY] Fedora 10 Update: libtiff-3.8.2-13.fc10
-
http://secunia.com/advisories/36831
About Secunia Research | Flexera
-
http://www.vupen.com/english/advisories/2010/0173
Webmail | OVH- OVH
-
http://sunsolve.sun.com/search/document.do?assetkey=1-66-267808-1
-
http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html
Apple - Lists.apple.com
Jump to