2017-10-16 12:31:07 -04:00
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org" ,
"ID" : "CVE-2009-2347" ,
"STATE" : "PUBLIC"
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a" ,
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
} ,
"vendor_name" : "n/a"
}
]
}
} ,
"data_format" : "MITRE" ,
"data_type" : "CVE" ,
"data_version" : "4.0" ,
"description" : {
"description_data" : [
{
"lang" : "eng" ,
"value" : "Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr."
}
]
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "n/a"
}
]
}
]
} ,
"references" : {
"reference_data" : [
{
2018-04-05 09:33:01 -04:00
"name" : "20090713 [oCERT-2009-012] libtiff tools integer overflows" ,
"refsource" : "BUGTRAQ" ,
2018-10-10 15:05:20 -04:00
"url" : "http://www.securityfocus.com/archive/1/504892/100/0/threaded"
2017-10-16 12:31:07 -04:00
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "http://www.ocert.org/advisories/ocert-2009-012.html" ,
"refsource" : "MISC" ,
2017-10-16 12:31:07 -04:00
"url" : "http://www.ocert.org/advisories/ocert-2009-012.html"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "http://article.gmane.org/gmane.linux.debian.devel.changes.unstable/178563/" ,
"refsource" : "CONFIRM" ,
2017-10-16 12:31:07 -04:00
"url" : "http://article.gmane.org/gmane.linux.debian.devel.changes.unstable/178563/"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2079" ,
"refsource" : "CONFIRM" ,
2017-10-16 12:31:07 -04:00
"url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2079"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2347" ,
"refsource" : "CONFIRM" ,
2017-10-16 12:31:07 -04:00
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2347"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "DSA-1835" ,
"refsource" : "DEBIAN" ,
2017-10-16 12:31:07 -04:00
"url" : "http://www.debian.org/security/2009/dsa-1835"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "FEDORA-2009-7724" ,
"refsource" : "FEDORA" ,
2017-10-16 12:31:07 -04:00
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00663.html"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "FEDORA-2009-7775" ,
"refsource" : "FEDORA" ,
2017-10-16 12:31:07 -04:00
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00724.html"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "GLSA-200908-03" ,
"refsource" : "GENTOO" ,
2017-10-16 12:31:07 -04:00
"url" : "http://security.gentoo.org/glsa/glsa-200908-03.xml"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "GLSA-201209-02" ,
"refsource" : "GENTOO" ,
2017-10-16 12:31:07 -04:00
"url" : "http://security.gentoo.org/glsa/glsa-201209-02.xml"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "MDVSA-2009:150" ,
"refsource" : "MANDRIVA" ,
2017-10-16 12:31:07 -04:00
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:150"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "MDVSA-2011:043" ,
"refsource" : "MANDRIVA" ,
2017-10-16 12:31:07 -04:00
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:043"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "RHSA-2009:1159" ,
"refsource" : "REDHAT" ,
2017-10-16 12:31:07 -04:00
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1159.html"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "USN-801-1" ,
"refsource" : "UBUNTU" ,
2017-10-16 12:31:07 -04:00
"url" : "http://www.ubuntu.com/usn/USN-801-1"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "35652" ,
"refsource" : "BID" ,
2017-10-16 12:31:07 -04:00
"url" : "http://www.securityfocus.com/bid/35652"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "55821" ,
"refsource" : "OSVDB" ,
2017-10-16 12:31:07 -04:00
"url" : "http://osvdb.org/55821"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "55822" ,
"refsource" : "OSVDB" ,
2017-10-16 12:31:07 -04:00
"url" : "http://osvdb.org/55822"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "oval:org.mitre.oval:def:10988" ,
"refsource" : "OVAL" ,
2017-10-16 12:31:07 -04:00
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10988"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "1022539" ,
"refsource" : "SECTRACK" ,
2017-10-16 12:31:07 -04:00
"url" : "http://www.securitytracker.com/id?1022539"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "35817" ,
"refsource" : "SECUNIA" ,
2017-10-16 12:31:07 -04:00
"url" : "http://secunia.com/advisories/35817"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "35811" ,
"refsource" : "SECUNIA" ,
2017-10-16 12:31:07 -04:00
"url" : "http://secunia.com/advisories/35811"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "35866" ,
"refsource" : "SECUNIA" ,
2017-10-16 12:31:07 -04:00
"url" : "http://secunia.com/advisories/35866"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "35883" ,
"refsource" : "SECUNIA" ,
2017-10-16 12:31:07 -04:00
"url" : "http://secunia.com/advisories/35883"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "35911" ,
"refsource" : "SECUNIA" ,
2017-10-16 12:31:07 -04:00
"url" : "http://secunia.com/advisories/35911"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "36194" ,
"refsource" : "SECUNIA" ,
2017-10-16 12:31:07 -04:00
"url" : "http://secunia.com/advisories/36194"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "50726" ,
"refsource" : "SECUNIA" ,
2017-10-16 12:31:07 -04:00
"url" : "http://secunia.com/advisories/50726"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "ADV-2009-1870" ,
"refsource" : "VUPEN" ,
2017-10-16 12:31:07 -04:00
"url" : "http://www.vupen.com/english/advisories/2009/1870"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "ADV-2011-0621" ,
"refsource" : "VUPEN" ,
2017-10-16 12:31:07 -04:00
"url" : "http://www.vupen.com/english/advisories/2011/0621"
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "libtiff-rgb2ycbcr-tiff2rgba-bo(51688)" ,
"refsource" : "XF" ,
2017-10-16 12:31:07 -04:00
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51688"
}
]
}
}
