Vulnerability Details : CVE-2011-1167
Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.
Vulnerability category: OverflowExecute code
Products affected by CVE-2011-1167
- cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.7:beta:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.7:alpha:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.4:beta36:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.4:beta35:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.4:beta29:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.4:beta28:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.7.0:alpha:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.7.0:beta:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.7:alpha4:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.6:beta:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.4:beta34:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.4:beta24:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.4:beta18:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.6.0:beta:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.7:alpha3:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.4:beta32:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.6.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.7:alpha2:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.4:beta37:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.4:beta31:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.7.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.9:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.9.2-5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.9.0:beta:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-1167
33.87%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-1167
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2011-1167
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1167
-
http://support.apple.com/kb/HT5503
About the security content of iOS 6 - Apple Support
-
http://www.vupen.com/english/advisories/2011/0905
Webmail | OVH- OVH
-
http://bugzilla.maptools.org/show_bug.cgi?id=2300
Bug 2300 – Thunder Decoder VulnerabilityPatch
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:064
mandriva.com
-
http://www.vupen.com/english/advisories/2011/0860
Webmail | OVH- OVH
-
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
Apple - Lists.apple.com
-
http://www.debian.org/security/2011/dsa-2210
Debian -- Security Information -- DSA-2210-1 tiff
-
http://support.apple.com/kb/HT5281
About the security content of OS X Lion v10.7.4 and Security Update 2012-002 - Apple Support
-
http://www.securityfocus.com/bid/46951
libTIFF ThunderCode Decoder Heap Buffer Overflow Vulnerability
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820
The Slackware Linux Project: Slackware Security Advisories
-
http://www.vupen.com/english/advisories/2011/0930
Webmail | OVH- OVH
-
http://www.vupen.com/english/advisories/2011/0795
Webmail | OVH- OVH
-
http://ubuntu.com/usn/usn-1102-1
USN-1102-1: tiff vulnerability | Ubuntu security notices
-
https://bugzilla.redhat.com/show_bug.cgi?id=684939
684939 – (CVE-2011-1167) CVE-2011-1167 libtiff: heap-based buffer overflow in thunder decoder (ZDI-11-107)Patch
-
http://securityreason.com/securityalert/8165
Libtiff ThunderCode Decoder THUNDER_2BITDELTAS Remote Code Execution Vulnerability - CXSecurity.com
-
http://www.redhat.com/support/errata/RHSA-2011-0392.html
Support
-
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2011:009
-
http://www.vupen.com/english/advisories/2011/0859
Webmail | OVH- OVH
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/66247
LibTiff ThunderCode Decoder buffer overflow CVE-2011-1167 Vulnerability Report
-
http://www.vupen.com/english/advisories/2011/0960
Webmail | OVH- OVH
-
http://www.securityfocus.com/archive/1/517101/100/0/threaded
SecurityFocus
-
http://www.zerodayinitiative.com/advisories/ZDI-11-107
ZDI-11-107 | Zero Day Initiative
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html
[SECURITY] Fedora 13 Update: libtiff-3.9.4-4.fc13
-
http://www.vupen.com/english/advisories/2011/0845
Webmail | OVH- OVH
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html
[SECURITY] Fedora 14 Update: libtiff-3.9.4-4.fc14
-
http://security.gentoo.org/glsa/glsa-201209-02.xml
libTIFF: Multiple vulnerabilities (GLSA 201209-02) — Gentoo security
-
http://blackberry.com/btsc/KB27244
-
http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
Apple - Lists.apple.com
-
http://support.apple.com/kb/HT5130
About the security content of OS X Lion v10.7.3 and Security Update 2012-001 - Apple Support
-
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
Apple - Lists.apple.com
-
http://www.securitytracker.com/id?1025257
LibTIFF Buffer Overflow in ThunderCode Decoder Lets Remote Users Execute Arbitrary Code - SecurityTracker
Jump to