CVE-2011-1167

Current Description

Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.

Basic Data

PublishedMarch 28, 2011
Last ModifiedOctober 09, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-119
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.8
SeverityMEDIUM
Exploitability Score8.6
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationLibtiffLibtiff3.4*******
    2.3ApplicationLibtiffLibtiff3.4beta18******
    2.3ApplicationLibtiffLibtiff3.4beta24******
    2.3ApplicationLibtiffLibtiff3.4beta28******
    2.3ApplicationLibtiffLibtiff3.4beta29******
    2.3ApplicationLibtiffLibtiff3.4beta31******
    2.3ApplicationLibtiffLibtiff3.4beta32******
    2.3ApplicationLibtiffLibtiff3.4beta34******
    2.3ApplicationLibtiffLibtiff3.4beta35******
    2.3ApplicationLibtiffLibtiff3.4beta36******
    2.3ApplicationLibtiffLibtiff3.4beta37******
    2.3ApplicationLibtiffLibtiff3.5.1*******
    2.3ApplicationLibtiffLibtiff3.5.2*******
    2.3ApplicationLibtiffLibtiff3.5.3*******
    2.3ApplicationLibtiffLibtiff3.5.4*******
    2.3ApplicationLibtiffLibtiff3.5.5*******
    2.3ApplicationLibtiffLibtiff3.5.6*******
    2.3ApplicationLibtiffLibtiff3.5.6beta******
    2.3ApplicationLibtiffLibtiff3.5.7*******
    2.3ApplicationLibtiffLibtiff3.5.7alpha******
    2.3ApplicationLibtiffLibtiff3.5.7alpha2******
    2.3ApplicationLibtiffLibtiff3.5.7alpha3******
    2.3ApplicationLibtiffLibtiff3.5.7alpha4******
    2.3ApplicationLibtiffLibtiff3.5.7beta******
    2.3ApplicationLibtiffLibtiff3.6.0*******
    2.3ApplicationLibtiffLibtiff3.6.0beta******
    2.3ApplicationLibtiffLibtiff3.6.0beta2******
    2.3ApplicationLibtiffLibtiff3.6.1*******
    2.3ApplicationLibtiffLibtiff3.7.0*******
    2.3ApplicationLibtiffLibtiff3.7.0alpha******
    2.3ApplicationLibtiffLibtiff3.7.0beta******
    2.3ApplicationLibtiffLibtiff3.7.0beta2******
    2.3ApplicationLibtiffLibtiff3.7.1*******
    2.3ApplicationLibtiffLibtiff3.7.2*******
    2.3ApplicationLibtiffLibtiff3.7.3*******
    2.3ApplicationLibtiffLibtiff3.7.4*******
    2.3ApplicationLibtiffLibtiff3.8.0*******
    2.3ApplicationLibtiffLibtiff3.8.1*******
    2.3ApplicationLibtiffLibtiff3.8.2*******
    2.3ApplicationLibtiffLibtiff3.9*******
    2.3ApplicationLibtiffLibtiff3.9.0*******
    2.3ApplicationLibtiffLibtiff3.9.0beta******
    2.3ApplicationLibtiffLibtiff3.9.1*******
    2.3ApplicationLibtiffLibtiff3.9.2*******
    2.3ApplicationLibtiffLibtiff3.9.2-5.2.1*******
    2.3ApplicationLibtiffLibtiff3.9.3*******
    2.3ApplicationLibtiffLibtiff********3.9.4

Vulnerable Software List

VendorProductVersions
Libtiff Libtiff *, 3.4, 3.5.1, 3.5.2, 3.5.3, 3.5.4, 3.5.5, 3.5.6, 3.5.7, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.7.4, 3.8.0, 3.8.1, 3.8.2, 3.9, 3.9.0, 3.9.1, 3.9.2, 3.9.2-5.2.1, 3.9.3

References

NameSourceURLTags
http://blackberry.com/btsc/KB27244http://blackberry.com/btsc/KB27244CONFIRM
http://bugzilla.maptools.org/show_bug.cgi?id=2300http://bugzilla.maptools.org/show_bug.cgi?id=2300CONFIRMPatch
APPLE-SA-2012-02-01-1http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.htmlAPPLE
APPLE-SA-2012-05-09-1http://lists.apple.com/archives/security-announce/2012/May/msg00001.htmlAPPLE
APPLE-SA-2012-09-19-1http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.htmlAPPLE
FEDORA-2011-3836http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.htmlFEDORA
FEDORA-2011-3827http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.htmlFEDORA
SUSE-SR:2011:009http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.htmlSUSE
43900http://secunia.com/advisories/43900SECUNIA
43934http://secunia.com/advisories/43934SECUNIA
43974http://secunia.com/advisories/43974SECUNIA
44117http://secunia.com/advisories/44117SECUNIA
44135http://secunia.com/advisories/44135SECUNIA
50726http://secunia.com/advisories/50726SECUNIA
GLSA-201209-02http://security.gentoo.org/glsa/glsa-201209-02.xmlGENTOO
8165http://securityreason.com/securityalert/8165SREASON
SSA:2011-098-01http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820SLACKWARE
http://support.apple.com/kb/HT5130http://support.apple.com/kb/HT5130CONFIRM
http://support.apple.com/kb/HT5281http://support.apple.com/kb/HT5281CONFIRM
http://support.apple.com/kb/HT5503http://support.apple.com/kb/HT5503CONFIRM
USN-1102-1http://ubuntu.com/usn/usn-1102-1UBUNTU
DSA-2210http://www.debian.org/security/2011/dsa-2210DEBIAN
MDVSA-2011:064http://www.mandriva.com/security/advisories?name=MDVSA-2011:064MANDRIVA
71256http://www.osvdb.org/71256OSVDB
RHSA-2011:0392http://www.redhat.com/support/errata/RHSA-2011-0392.htmlREDHAT
20110321 ZDI-11-107: Libtiff ThunderCode Decoder THUNDER_2BITDELTAS Remote Code Execution Vulnerabilityhttp://www.securityfocus.com/archive/1/517101/100/0/threadedBUGTRAQ
46951http://www.securityfocus.com/bid/46951BID
1025257http://www.securitytracker.com/id?1025257SECTRACK
ADV-2011-0795http://www.vupen.com/english/advisories/2011/0795VUPEN
ADV-2011-0845http://www.vupen.com/english/advisories/2011/0845VUPEN
ADV-2011-0859http://www.vupen.com/english/advisories/2011/0859VUPEN
ADV-2011-0860http://www.vupen.com/english/advisories/2011/0860VUPEN
ADV-2011-0905http://www.vupen.com/english/advisories/2011/0905VUPEN
ADV-2011-0930http://www.vupen.com/english/advisories/2011/0930VUPEN
ADV-2011-0960http://www.vupen.com/english/advisories/2011/0960VUPEN
http://www.zerodayinitiative.com/advisories/ZDI-11-107http://www.zerodayinitiative.com/advisories/ZDI-11-107MISC
https://bugzilla.redhat.com/show_bug.cgi?id=684939https://bugzilla.redhat.com/show_bug.cgi?id=684939CONFIRMPatch
libtiff-thundercode-decoder-bo(66247)https://exchange.xforce.ibmcloud.com/vulnerabilities/66247XF