#VU29276 Integer overflow in LibTIFF - CVE-2009-2347

Cybersecurity Help s.r.o.

Published: 2020-06-25

Vulnerability identifier: #VU29276

Vulnerability risk: High

CVSSv4.0: 5.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2009-2347

CWE-ID: CWE-190

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
LibTIFF
Universal components / Libraries / Libraries used by multiple products

Vendor: LibTIFF

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to several integer overflows within the cvt_whole_image() function in tiff2rgba and tiffcvt() function in rgb2ycbcr when processing width and height values. A remote attacker can pass specially crafted TIFF image to the application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

LibTIFF: 3.8.0 - 3.9.3

External links
https://article.gmane.org/gmane.linux.debian.devel.changes.unstable/178563/
https://bugzilla.maptools.org/show_bug.cgi?id=2079
https://security.gentoo.org/glsa/glsa-200908-03.xml
https://security.gentoo.org/glsa/glsa-201209-02.xml
https://www.debian.org/security/2009/dsa-1835
https://www.mandriva.com/security/advisories?name=MDVSA-2009:150
https://www.mandriva.com/security/advisories?name=MDVSA-2011:043
https://www.ocert.org/advisories/ocert-2009-012.html
https://www.redhat.com/support/errata/RHSA-2009-1159.html
https://www.securityfocus.com/archive/1/504892/100/0/threaded
https://www.securityfocus.com/bid/35652
https://www.securitytracker.com/id?1022539
https://www.ubuntu.com/usn/USN-801-1
https://www.vupen.com/english/advisories/2009/1870
https://www.vupen.com/english/advisories/2011/0621
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2347
https://exchange.xforce.ibmcloud.com/vulnerabilities/51688
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10988
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00663.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00724.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Integer overflow in tiff (Alpine package)

Gentoo update for libTIFF

Integer overflow in libtiff