[Forgot Password]
Login  Register Subscribe

24003

 
 

131573

 
 

108530

 
 

909

 
 

85343

 
 

134

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2009-2285Date: (C)2009-07-01   (M)2018-06-04


Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 4.3
Exploit Score: Exploit Score: 8.6
Impact Score: Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: MEDIUM
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: PARTIAL
Scope: Integrity: NONE
Confidentiality: Availability: NONE
Integrity:  
Availability:  
  
Reference:
SUNALERT-267808
SECUNIA-35695
SECUNIA-35716
SECUNIA-35866
SECUNIA-35883
SECUNIA-35912
SECUNIA-36194
SECUNIA-36831
SECUNIA-38241
SECUNIA-39135
ADV-2009-1637
ADV-2009-2727
ADV-2009-3184
ADV-2010-0173
APPLE-SA-2009-11-09-1
APPLE-SA-2010-01-19-1
APPLE-SA-2010-02-02-1
APPLE-SA-2010-03-11-1
APPLE-SA-2010-03-30-2
DSA-1835
FEDORA-2009-7335
FEDORA-2009-7358
FEDORA-2009-7417
FEDORA-2009-7717
FEDORA-2009-7763
GLSA-200908-03
RHSA-2009:1159
USN-797-1
http://www.openwall.com/lists/oss-security/2009/06/22/1
http://www.openwall.com/lists/oss-security/2009/06/23/1
http://www.openwall.com/lists/oss-security/2009/06/29/5
http://bugzilla.maptools.org/show_bug.cgi?id=2065
http://support.apple.com/kb/HT3937
http://support.apple.com/kb/HT4004
http://support.apple.com/kb/HT4013
http://support.apple.com/kb/HT4070
http://support.apple.com/kb/HT4105
http://www.lan.st/showthread.php?t=1856&page=3
https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/380149

CPE    1
cpe:/a:libtiff:libtiff:3.8.2
CWE    1
CWE-119
OVAL    25
oval:org.secpod.oval:def:500650
oval:org.secpod.oval:def:700322
oval:org.mitre.oval:def:7049
oval:org.secpod.oval:def:3342
...

© SecPod Technologies