CVE-2009-5022

libtiff < 3.9.5 - Heap-based Buffer Overflow in OJPEG Decoder

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-5022. PoCs published by Francis Provencher.

AI-analyzed exploit summary This exploit targets a heap-based buffer overflow in IrfanView when processing JPEG compressed TIFF images with a specially crafted 'ImageWidth' value. The provided PoC is a malicious TIFF file designed to trigger remote code execution.

Description

Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Francis Provencher · textdoswindows

https://www.exploit-db.com/exploits/22681

View Code ZIP pw:eip

This exploit targets a heap-based buffer overflow in IrfanView when processing JPEG compressed TIFF images with a specially crafted 'ImageWidth' value. The provided PoC is a malicious TIFF file designed to trigger remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: IrfanView 4.33

No auth needed

Prerequisites: Victim must open the malicious TIFF file in IrfanView

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (17)

Core 17

Core References

Exploit x_refsource_confirm

http://bugzilla.maptools.org/show_bug.cgi?id=1999

Exploit mailing-list x_refsource_mlist

http://openwall.com/lists/oss-security/2011/04/12/10

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2011/dsa-2256

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/66774

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/44271

Exploit x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=695885

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1025380

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2011:078

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-201209-02.xml

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058478.html

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2011/1014

Patch x_refsource_confirm

http://www.remotesensing.org/libtiff/v3.9.5.html

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2011/1082

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/47338

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1120-1

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2011-0452.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/50726

Scores

EPSS 0.1080

EPSS Percentile 95.3%

Details

CWE

CWE-119

Status published

Products (25)

libtiff/libtiff 3.4 (11 CPE variants)

libtiff/libtiff 3.5.1

libtiff/libtiff 3.5.2

libtiff/libtiff 3.5.3

libtiff/libtiff 3.5.4

libtiff/libtiff 3.5.5

libtiff/libtiff 3.5.6 (2 CPE variants)

libtiff/libtiff 3.5.7 (6 CPE variants)

libtiff/libtiff 3.6.0 (3 CPE variants)

libtiff/libtiff 3.6.1

... and 15 more

Published May 03, 2011

Tracked Since Feb 18, 2026