QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2009-2347

Back to search

CVE-2009-2347

Published: Jul 14, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.

VendorProductVersions

n/a

n/a

affected
n/a

References

35817
third-party-advisory
x_refsource_SECUNIA
35866
third-party-advisory
x_refsource_SECUNIA
FEDORA-2009-7724
vendor-advisory
x_refsource_FEDORA
55821
vdb-entry
x_refsource_OSVDB
FEDORA-2009-7775
vendor-advisory
x_refsource_FEDORA
ADV-2009-1870
vdb-entry
x_refsource_VUPEN
oval:org.mitre.oval:def:10988
vdb-entry
signature
x_refsource_OVAL
1022539
vdb-entry
x_refsource_SECTRACK
ADV-2011-0621
vdb-entry
x_refsource_VUPEN
USN-801-1
vendor-advisory
x_refsource_UBUNTU
35811
third-party-advisory
x_refsource_SECUNIA
35883
third-party-advisory
x_refsource_SECUNIA
GLSA-201209-02
vendor-advisory
x_refsource_GENTOO
36194
third-party-advisory
x_refsource_SECUNIA
MDVSA-2009:150
vendor-advisory
x_refsource_MANDRIVA
GLSA-200908-03
vendor-advisory
x_refsource_GENTOO
35911
third-party-advisory
x_refsource_SECUNIA
55822
vdb-entry
x_refsource_OSVDB
RHSA-2009:1159
vendor-advisory
x_refsource_REDHAT
35652
vdb-entry
x_refsource_BID
DSA-1835
vendor-advisory
x_refsource_DEBIAN
MDVSA-2011:043
vendor-advisory
x_refsource_MANDRIVA
50726
third-party-advisory
x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now