CVE-2009-2347

Impact:
Moderate
Public Date:
2009-07-13
CWE:
CWE-190
Bugzilla:
510041: CVE-2009-2347 libtiff: integer overflows in various inter-color spaces conversion tools (crash, ACE)

The MITRE CVE dictionary describes this issue as:

Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.

Find out more about CVE-2009-2347 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 6.4
Base Metrics AV:N/AC:L/Au:N/C:N/I:P/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 4 (libtiff) RHSA-2009:1159 2009-07-16
Red Hat Enterprise Linux 3 (libtiff) RHSA-2009:1159 2009-07-16
Red Hat Enterprise Linux 5 (libtiff) RHSA-2009:1159 2009-07-16

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.