CVE-2011-1167 - OpenCVE

Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Libtiff	Libtiff

Configuration 1 [-]

OR	cpe:2.3:a:libtiff:libtiff::::::::
	cpe:2.3:a:libtiff:libtiff:3.4:::::::*
	cpe:2.3:a:libtiff:libtiff:3.4:beta18::::::
	cpe:2.3:a:libtiff:libtiff:3.4:beta24::::::
	cpe:2.3:a:libtiff:libtiff:3.4:beta28::::::
	cpe:2.3:a:libtiff:libtiff:3.4:beta29::::::
	cpe:2.3:a:libtiff:libtiff:3.4:beta31::::::
	cpe:2.3:a:libtiff:libtiff:3.4:beta32::::::
	cpe:2.3:a:libtiff:libtiff:3.4:beta34::::::
	cpe:2.3:a:libtiff:libtiff:3.4:beta35::::::
	cpe:2.3:a:libtiff:libtiff:3.4:beta36::::::
	cpe:2.3:a:libtiff:libtiff:3.4:beta37::::::
	cpe:2.3:a:libtiff:libtiff:3.5.1:::::::*
	cpe:2.3:a:libtiff:libtiff:3.5.2:::::::*
	cpe:2.3:a:libtiff:libtiff:3.5.3:::::::*
	cpe:2.3:a:libtiff:libtiff:3.5.4:::::::*
	cpe:2.3:a:libtiff:libtiff:3.5.5:::::::*
	cpe:2.3:a:libtiff:libtiff:3.5.6:::::::*
	cpe:2.3:a:libtiff:libtiff:3.5.6:beta::::::
	cpe:2.3:a:libtiff:libtiff:3.5.7:::::::*
	cpe:2.3:a:libtiff:libtiff:3.5.7:alpha::::::
	cpe:2.3:a:libtiff:libtiff:3.5.7:alpha2::::::
	cpe:2.3:a:libtiff:libtiff:3.5.7:alpha3::::::
	cpe:2.3:a:libtiff:libtiff:3.5.7:alpha4::::::
	cpe:2.3:a:libtiff:libtiff:3.5.7:beta::::::
	cpe:2.3:a:libtiff:libtiff:3.6.0:::::::*
	cpe:2.3:a:libtiff:libtiff:3.6.0:beta::::::
	cpe:2.3:a:libtiff:libtiff:3.6.0:beta2::::::
	cpe:2.3:a:libtiff:libtiff:3.6.1:::::::*
	cpe:2.3:a:libtiff:libtiff:3.7.0:::::::*
	cpe:2.3:a:libtiff:libtiff:3.7.0:alpha::::::
	cpe:2.3:a:libtiff:libtiff:3.7.0:beta::::::
	cpe:2.3:a:libtiff:libtiff:3.7.0:beta2::::::
	cpe:2.3:a:libtiff:libtiff:3.7.1:::::::*
	cpe:2.3:a:libtiff:libtiff:3.7.2:::::::*
	cpe:2.3:a:libtiff:libtiff:3.7.3:::::::*
	cpe:2.3:a:libtiff:libtiff:3.7.4:::::::*
	cpe:2.3:a:libtiff:libtiff:3.8.0:::::::*
	cpe:2.3:a:libtiff:libtiff:3.8.1:::::::*
	cpe:2.3:a:libtiff:libtiff:3.8.2:::::::*
	cpe:2.3:a:libtiff:libtiff:3.9:::::::*
	cpe:2.3:a:libtiff:libtiff:3.9.0:::::::*
	cpe:2.3:a:libtiff:libtiff:3.9.0:beta::::::
	cpe:2.3:a:libtiff:libtiff:3.9.1:::::::*
	cpe:2.3:a:libtiff:libtiff:3.9.2:::::::*
	cpe:2.3:a:libtiff:libtiff:3.9.2-5.2.1:::::::*
	cpe:2.3:a:libtiff:libtiff:3.9.3:::::::*

References

Link	Resource
http://blackberry.com/btsc/KB27244
http://bugzilla.maptools.org/show_bug.cgi?id=2300	Patch
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://secunia.com/advisories/43900
http://secunia.com/advisories/43934
http://secunia.com/advisories/43974
http://secunia.com/advisories/44117
http://secunia.com/advisories/44135
http://secunia.com/advisories/50726
http://security.gentoo.org/glsa/glsa-201209-02.xml
http://securityreason.com/securityalert/8165
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820
http://support.apple.com/kb/HT5130
http://support.apple.com/kb/HT5281
http://support.apple.com/kb/HT5503
http://ubuntu.com/usn/usn-1102-1
http://www.debian.org/security/2011/dsa-2210
http://www.mandriva.com/security/advisories?name=MDVSA-2011:064
http://www.osvdb.org/71256
http://www.redhat.com/support/errata/RHSA-2011-0392.html
http://www.securityfocus.com/archive/1/517101/100/0/threaded
http://www.securityfocus.com/bid/46951
http://www.securitytracker.com/id?1025257
http://www.vupen.com/english/advisories/2011/0795
http://www.vupen.com/english/advisories/2011/0845
http://www.vupen.com/english/advisories/2011/0859
http://www.vupen.com/english/advisories/2011/0860
http://www.vupen.com/english/advisories/2011/0905
http://www.vupen.com/english/advisories/2011/0930
http://www.vupen.com/english/advisories/2011/0960
http://www.zerodayinitiative.com/advisories/ZDI-11-107
https://bugzilla.redhat.com/show_bug.cgi?id=684939	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/66247