CVE-2009-5022

Опубликовано: 09 фев. 2009

Источник: redhat

CVSS2: 6.8

EPSS Средний

Описание

Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file.

Отчет

This flaw did not affect libtiff as shipped in Red Hat Enterprise Linux 4 or 5. The OJPEG decoder is disabled in those distributions.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 4	libtiff	Not affected
Red Hat Enterprise Linux 5	libtiff	Not affected
Red Hat Enterprise Linux 6	libtiff	Fixed	RHSA-2011:0452	18.04.2011

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-228->CWE-119

https://bugzilla.redhat.com/show_bug.cgi?id=695885libtiff ojpeg buffer overflow

EPSS

Процентиль: 94%

0.16073

Средний

6.8 Medium

CVSS2

Связанные уязвимости

CVE-2009-5022

ubuntu

больше 14 лет назад

Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file.

CVE-2009-5022

nvd

больше 14 лет назад

Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file.

CVE-2009-5022

debian

больше 14 лет назад

Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibT ...

GHSA-c6jf-8jhf-3f5j

github

больше 3 лет назад

Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file.

ELSA-2011-0452

oracle-oval

больше 14 лет назад

ELSA-2011-0452: libtiff security update (IMPORTANT)

EPSS

Процентиль: 94%

0.16073

Средний

6.8 Medium

CVSS2