CVE-2011-1167

Published: Mar 28, 2011Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.

Affected (47)

Products: Libtiff: Libtiff

Libtiff

1 product

Libtiff

Configuration A

47 vulnerable

Vulnerable Software	Affected Versions
Libtiff Libtiff	Up to 3.9.4
Libtiff Libtiff	Version 3.4
Libtiff Libtiff	Version 3.4 beta18
Libtiff Libtiff	Version 3.4 beta24
Libtiff Libtiff	Version 3.4 beta28
Libtiff Libtiff	Version 3.4 beta29
Libtiff Libtiff	Version 3.4 beta31
Libtiff Libtiff	Version 3.4 beta32
Libtiff Libtiff	Version 3.4 beta34
Libtiff Libtiff	Version 3.4 beta35
Libtiff Libtiff	Version 3.4 beta36
Libtiff Libtiff	Version 3.4 beta37
Libtiff Libtiff	Version 3.5.1
Libtiff Libtiff	Version 3.5.2
Libtiff Libtiff	Version 3.5.3
Libtiff Libtiff	Version 3.5.4
Libtiff Libtiff	Version 3.5.5
Libtiff Libtiff	Version 3.5.6
Libtiff Libtiff	Version 3.5.6 beta
Libtiff Libtiff	Version 3.5.7
Libtiff Libtiff	Version 3.5.7 alpha2
Libtiff Libtiff	Version 3.5.7 alpha3
Libtiff Libtiff	Version 3.5.7 alpha4
Libtiff Libtiff	Version 3.5.7 alpha
Libtiff Libtiff	Version 3.5.7 beta
Libtiff Libtiff	Version 3.6.0
Libtiff Libtiff	Version 3.6.0 beta2
Libtiff Libtiff	Version 3.6.0 beta
Libtiff Libtiff	Version 3.6.1
Libtiff Libtiff	Version 3.7.0
Libtiff Libtiff	Version 3.7.0 alpha
Libtiff Libtiff	Version 3.7.0 beta2
Libtiff Libtiff	Version 3.7.0 beta
Libtiff Libtiff	Version 3.7.1
Libtiff Libtiff	Version 3.7.2
Libtiff Libtiff	Version 3.7.3
Libtiff Libtiff	Version 3.7.4
Libtiff Libtiff	Version 3.8.0
Libtiff Libtiff	Version 3.8.1
Libtiff Libtiff	Version 3.8.2
Libtiff Libtiff	Version 3.9.0
Libtiff Libtiff	Version 3.9.0 beta
Libtiff Libtiff	Version 3.9.1
Libtiff Libtiff	Version 3.9.2-5.2.1
Libtiff Libtiff	Version 3.9.2
Libtiff Libtiff	Version 3.9.3
Libtiff Libtiff	Version 3.9

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (76)

http://blackberry.com/btsc/KB27244

Source: secalert@redhat.com

http://bugzilla.maptools.org/show_bug.cgi?id=2300

Source: secalert@redhat.com

Patch

http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html

Source: secalert@redhat.com

http://lists.apple.com/archives/security-announce/2012/May/msg00001.html

Source: secalert@redhat.com

http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html

Source: secalert@redhat.com

http://secunia.com/advisories/43900

Source: secalert@redhat.com

http://secunia.com/advisories/43934

Source: secalert@redhat.com

http://secunia.com/advisories/43974

Source: secalert@redhat.com

http://secunia.com/advisories/44117

Source: secalert@redhat.com

http://secunia.com/advisories/44135

Source: secalert@redhat.com

http://secunia.com/advisories/50726

Source: secalert@redhat.com

http://security.gentoo.org/glsa/glsa-201209-02.xml

Source: secalert@redhat.com

http://securityreason.com/securityalert/8165

Source: secalert@redhat.com

http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820

Source: secalert@redhat.com

http://support.apple.com/kb/HT5130

Source: secalert@redhat.com

http://support.apple.com/kb/HT5281

Source: secalert@redhat.com

http://support.apple.com/kb/HT5503

Source: secalert@redhat.com

http://ubuntu.com/usn/usn-1102-1

Source: secalert@redhat.com

http://www.debian.org/security/2011/dsa-2210

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2011:064

Source: secalert@redhat.com

http://www.osvdb.org/71256

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2011-0392.html

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/517101/100/0/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/bid/46951

Source: secalert@redhat.com

http://www.securitytracker.com/id?1025257

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2011/0795

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2011/0845

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2011/0859

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2011/0860

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2011/0905

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2011/0930

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2011/0960

Source: secalert@redhat.com

http://www.zerodayinitiative.com/advisories/ZDI-11-107

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=684939

Source: secalert@redhat.com

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/66247

Source: secalert@redhat.com

http://blackberry.com/btsc/KB27244