CVE-2012-4564

libtiff < 4.0.3 - Denial of Service and Possible Remote Code Execution via Crafted PPM Image

Title source: llm
STIX 2.1

Description

ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow.

References (11)

Core 11
Core References
Broken Link vdb-entry x_refsource_osvdb
http://www.osvdb.org/86878
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2012/dsa-2575
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=871700
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/11/02/3
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/56372
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1631-1
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/79750
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/11/02/7
Third Party Advisory, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/51133
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-1590.html

Scores

EPSS 0.2717
EPSS Percentile 96.5%

Details

Status published
Products (16)
canonical/ubuntu_linux 8.04
canonical/ubuntu_linux 10.04
canonical/ubuntu_linux 11.10
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 12.10
debian/debian_linux 6.0
debian/debian_linux 7.0
libtiff/libtiff < 4.0.3
opensuse/opensuse 11.4
redhat/enterprise_linux_desktop 5.0
... and 6 more
Published Nov 11, 2012
Tracked Since Feb 18, 2026