Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2012-2088

Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow.

Related bugs and status

CVE-2012-2088 (Candidate) is related to these bugs:

Bug #1016324: Two tiff issues: CVE-2012-2113 / CVE-2012-2088

Summary				In	Importance	Status
	1016324	Two tiff issues: CVE-2012-2113 / CVE-2012-2088		tiff (Ubuntu)	Undecided	Fix Released
	1016324	Two tiff issues: CVE-2012-2113 / CVE-2012-2088		tiff (Debian)	Unknown	Fix Released

Bug #1065637: please Update to 3.9.7 in R

Summary				In	Importance	Status
	1065637	please Update to 3.9.7 in R		tiff3 (Ubuntu)	Low	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugzilla.redha...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://www.securityfoc...
MISC: http://lists.apple.com...
MISC: http://security.gentoo...
MISC: http://www.mandriva.co...
MISC: http://rhn.redhat.com/...
MISC: http://lists.opensuse....
MISC: http://support.apple.c...
MISC: http://support.apple.c...
MISC: https://hermes.opensus...