NVD Vulnerability Detail

CVE-2011-1167

Summary	Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.
Publication Date	March 29, 2011, 1:55 a.m.
Registration Date	Jan. 28, 2021, 4:38 p.m.
Last Update	Nov. 21, 2024, 10:25 a.m.

CVSS2.0 : MEDIUM
Score	6.8
Vector	AV:N/AC:M/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:libtiff:libtiff:3.4:beta29::::::
cpe:2.3:a:libtiff:libtiff:3.7.0:beta::::::
cpe:2.3:a:libtiff:libtiff:3.6.0:beta2::::::
cpe:2.3:a:libtiff:libtiff:3.4:beta34::::::
cpe:2.3:a:libtiff:libtiff:3.6.1:::::::*
cpe:2.3:a:libtiff:libtiff:3.6.0:beta::::::
cpe:2.3:a:libtiff:libtiff:3.8.0:::::::*
cpe:2.3:a:libtiff:libtiff:3.7.3:::::::*
cpe:2.3:a:libtiff:libtiff:3.4:beta32::::::
cpe:2.3:a:libtiff:libtiff:3.4:beta31::::::
cpe:2.3:a:libtiff:libtiff:3.8.1:::::::*
cpe:2.3:a:libtiff:libtiff:3.4:beta36::::::
cpe:2.3:a:libtiff:libtiff:3.4:beta24::::::
cpe:2.3:a:libtiff:libtiff:3.9.3:::::::*
cpe:2.3:a:libtiff:libtiff:3.4:::::::*
cpe:2.3:a:libtiff:libtiff:3.5.7:alpha4::::::
cpe:2.3:a:libtiff:libtiff:3.8.2:::::::*
cpe:2.3:a:libtiff:libtiff:3.4:beta28::::::
cpe:2.3:a:libtiff:libtiff:3.5.7:::::::*
cpe:2.3:a:libtiff:libtiff:3.5.7:beta::::::
cpe:2.3:a:libtiff:libtiff:3.7.2:::::::*
cpe:2.3:a:libtiff:libtiff:3.4:beta37::::::
cpe:2.3:a:libtiff:libtiff:3.7.0:::::::*
cpe:2.3:a:libtiff:libtiff:3.9.2-5.2.1:::::::*
cpe:2.3:a:libtiff:libtiff:3.6.0:::::::*
cpe:2.3:a:libtiff:libtiff:3.5.3:::::::*
cpe:2.3:a:libtiff:libtiff:3.7.1:::::::*
cpe:2.3:a:libtiff:libtiff:3.5.4:::::::*
cpe:2.3:a:libtiff:libtiff:3.5.2:::::::*
cpe:2.3:a:libtiff:libtiff:3.5.7:alpha3::::::
cpe:2.3:a:libtiff:libtiff::::::::		3.9.4
cpe:2.3:a:libtiff:libtiff:3.9.2:::::::*
cpe:2.3:a:libtiff:libtiff:3.7.0:beta2::::::
cpe:2.3:a:libtiff:libtiff:3.5.7:alpha::::::
cpe:2.3:a:libtiff:libtiff:3.7.4:::::::*
cpe:2.3:a:libtiff:libtiff:3.7.0:alpha::::::
cpe:2.3:a:libtiff:libtiff:3.5.5:::::::*
cpe:2.3:a:libtiff:libtiff:3.9.0:beta::::::
cpe:2.3:a:libtiff:libtiff:3.5.6:beta::::::
cpe:2.3:a:libtiff:libtiff:3.9.0:::::::*
cpe:2.3:a:libtiff:libtiff:3.5.1:::::::*
cpe:2.3:a:libtiff:libtiff:3.9.1:::::::*
cpe:2.3:a:libtiff:libtiff:3.4:beta18::::::
cpe:2.3:a:libtiff:libtiff:3.9:::::::*
cpe:2.3:a:libtiff:libtiff:3.5.7:alpha2::::::
cpe:2.3:a:libtiff:libtiff:3.5.6:::::::*
cpe:2.3:a:libtiff:libtiff:3.4:beta35::::::

Related information, measures and tools

No	URL	タグ
1	http://blackberry.com/btsc/KB27244
2	http://bugzilla.maptools.org/show_bug.cgi?id=2300	Patch
3	http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
4	http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
5	http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
6	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html
7	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html
8	http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
9	http://secunia.com/advisories/43900
10	http://secunia.com/advisories/43934
11	http://secunia.com/advisories/43974
12	http://secunia.com/advisories/44117
13	http://secunia.com/advisories/44135
14	http://secunia.com/advisories/50726
15	http://security.gentoo.org/glsa/glsa-201209-02.xml
16	http://securityreason.com/securityalert/8165
17	http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820
18	http://support.apple.com/kb/HT5130
19	http://support.apple.com/kb/HT5281
20	http://support.apple.com/kb/HT5503
21	http://ubuntu.com/usn/usn-1102-1
22	http://www.debian.org/security/2011/dsa-2210
23	http://www.mandriva.com/security/advisories?name=MDVSA-2011:064
24	http://www.osvdb.org/71256
25	http://www.redhat.com/support/errata/RHSA-2011-0392.html
26	http://www.securityfocus.com/archive/1/517101/100/0/threaded
27	http://www.securityfocus.com/bid/46951
28	http://www.securitytracker.com/id?1025257
29	http://www.vupen.com/english/advisories/2011/0795
30	http://www.vupen.com/english/advisories/2011/0845
31	http://www.vupen.com/english/advisories/2011/0859
32	http://www.vupen.com/english/advisories/2011/0860
33	http://www.vupen.com/english/advisories/2011/0905
34	http://www.vupen.com/english/advisories/2011/0930
35	http://www.vupen.com/english/advisories/2011/0960
36	http://www.zerodayinitiative.com/advisories/ZDI-11-107
37	https://bugzilla.redhat.com/show_bug.cgi?id=684939	Patch
38	https://exchange.xforce.ibmcloud.com/vulnerabilities/66247
39	http://blackberry.com/btsc/KB27244
40	https://exchange.xforce.ibmcloud.com/vulnerabilities/66247
41	https://bugzilla.redhat.com/show_bug.cgi?id=684939	Patch
42	http://www.zerodayinitiative.com/advisories/ZDI-11-107
43	http://www.vupen.com/english/advisories/2011/0960
44	http://www.vupen.com/english/advisories/2011/0930
45	http://www.vupen.com/english/advisories/2011/0905
46	http://www.vupen.com/english/advisories/2011/0860
47	http://www.vupen.com/english/advisories/2011/0859
48	http://www.vupen.com/english/advisories/2011/0845
49	http://www.vupen.com/english/advisories/2011/0795
50	http://www.securitytracker.com/id?1025257
51	http://www.securityfocus.com/bid/46951
52	http://www.securityfocus.com/archive/1/517101/100/0/threaded
53	http://www.redhat.com/support/errata/RHSA-2011-0392.html
54	http://www.osvdb.org/71256
55	http://www.mandriva.com/security/advisories?name=MDVSA-2011:064
56	http://www.debian.org/security/2011/dsa-2210
57	http://ubuntu.com/usn/usn-1102-1
58	http://support.apple.com/kb/HT5503
59	http://support.apple.com/kb/HT5281
60	http://support.apple.com/kb/HT5130
61	http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820
62	http://securityreason.com/securityalert/8165
63	http://security.gentoo.org/glsa/glsa-201209-02.xml
64	http://secunia.com/advisories/50726
65	http://secunia.com/advisories/44135
66	http://secunia.com/advisories/44117
67	http://secunia.com/advisories/43974
68	http://secunia.com/advisories/43934
69	http://secunia.com/advisories/43900
70	http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
71	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html
72	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html
73	http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
74	http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
75	http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
76	http://bugzilla.maptools.org/show_bug.cgi?id=2300	Patch

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

JVN Vulnerability Information

LibTIFF の Thunder デコーダにおけるヒープベースのバッファオーバーフローの脆弱性

Title	LibTIFF の Thunder デコーダにおけるヒープベースのバッファオーバーフローの脆弱性
Summary	LibTIFF の tif_thunder.c 内にある Thunder デコーダには、ヒープベースのバッファオーバーフローの脆弱性が存在します。
Possible impacts	第三者により、不正な BitsPerSample の値を持つ .tiff ファイル内にある、巧妙に細工された THUNDER_2BITDELTAS データを介して、任意のコードを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	March 28, 2011, midnight
Registration Date	April 27, 2011, 11:35 a.m.
Last Update	Jan. 31, 2013, 10:10 a.m.

Affected System

レッドハット

Red Hat Enterprise Linux 4 (as)

Red Hat Enterprise Linux 4 (es)

Red Hat Enterprise Linux 4 (ws)

Red Hat Enterprise Linux 4.8 (as)

Red Hat Enterprise Linux 4.8 (es)

Red Hat Enterprise Linux 5 (server)

Red Hat Enterprise Linux Desktop 4.0

Red Hat Enterprise Linux Desktop 5.0 (client)

Red Hat Enterprise Linux Desktop 6

Red Hat Enterprise Linux HPC Node 6

Red Hat Enterprise Linux Long Life (v. 5.6 server)

Red Hat Enterprise Linux Server 6

Red Hat Enterprise Linux Workstation 6

RHEL Desktop Workstation 5 (client)

サイバートラスト株式会社

Asianux Server 3 (x86)

Asianux Server 3 (x86-64)

Asianux Server 3.0

Asianux Server 3.0 (x86-64)

Asianux Server 4.0

Asianux Server 4.0 (x86-64)

アップル

Apple Mac OS X v10.6.8

Apple Mac OS X Server v10.6.8

Apple TV 5.1 未満 (第 2 世代以降)

iOS 6 未満 (iPad 2 以降)

iOS 6 未満 (iPhone 3GS 以降)

iOS 6 未満 (iPod touch 第 4 世代以降)

LibTIFF

LibTIFF 3.9.4 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2011-1167	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1167
National Vulnerability Database (NVD)
2	CVE-2011-1167	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1167

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
Apple Security Updates
1	HT5281	http://support.apple.com/kb/HT5281
2	HT5503	http://support.apple.com/kb/HT5503
3	HT5504	http://support.apple.com/kb/HT5504
Apple セキュリティアップデート
4	HT5281	http://support.apple.com/kb/HT5281?viewlocale=ja_JP
5	HT5503	http://support.apple.com/kb/HT5503?viewlocale=ja_JP
6	HT5504	http://support.apple.com/kb/HT5504?viewlocale=ja_JP
Asianux Technical Support Network
7	libtiff-3.8.2-7.7.0.1.AXS3	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1386
LibTIFF - TIFF Library and Utilities
8	libtiff	ftp://ftp.remotesensing.org/pub/libtiff
9	Top Page	http://www.remotesensing.org/libtiff
MIRACLE LINUX アップデート情報
10	2207	http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=2207
Red Hat Security Advisory
11	RHSA-2011:0392	https://rhn.redhat.com/errata/RHSA-2011-0392.html
SECURITY BLOG
12	Multiple vulnerabilities in LibTIFF	https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_libtiff

その他

No	Name	URL
ISS X-Force Database
1	66247	http://xforce.iss.net/xforce/xfdb/66247
JVN
2	JVNVU#624491	http://jvn.jp/cert/JVNVU624491/index.html
3	JVNVU#692779	http://jvn.jp/cert/JVNVU692779/
OPEN SOURCE VULNERABILITY DATABASE (OSVDB)
4	71256	http://osvdb.org/71256
Secunia Advisory
5	SA43593	http://secunia.com/advisories/43593
6	SA43900	http://secunia.com/advisories/43900
SecurityFocus
7	46951	http://www.securityfocus.com/bid/46951
VUPEN Security
8	VUPEN/ADV-2011-0795	http://www.vupen.com/english/advisories/2011/0795

Change Log

No	Changed Details	Date of change
0	[2011年04月27日] 掲載 [2012年04月17日] ベンダ情報：オラクル (Multiple vulnerabilities in LibTIFF) を追加 [2012年05月15日] 影響を受けるシステム：アップル (HT5281) の情報を追加ベンダ情報：アップル (HT5281) を追加 [2012年09月30日] 影響を受けるシステム：アップル (HT5281) の情報を追加ベンダ情報：アップル (HT5281) を追加 [2012年10月02日] 影響を受けるシステム：アップル (HT5503) の情報を追加ベンダ情報：アップル (HT5503) を追加 [2013年01月31] 影響を受けるシステム：アップル (HT5504) の情報を追加ベンダ情報：アップル (HT5504) を追加	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:libtiff:libtiff:3.4:beta29::::::
cpe:2.3:a:libtiff:libtiff:3.7.0:beta::::::
cpe:2.3:a:libtiff:libtiff:3.6.0:beta2::::::
cpe:2.3:a:libtiff:libtiff:3.4:beta34::::::
cpe:2.3:a:libtiff:libtiff:3.6.1:::::::*
cpe:2.3:a:libtiff:libtiff:3.6.0:beta::::::
cpe:2.3:a:libtiff:libtiff:3.8.0:::::::*
cpe:2.3:a:libtiff:libtiff:3.7.3:::::::*
cpe:2.3:a:libtiff:libtiff:3.4:beta32::::::
cpe:2.3:a:libtiff:libtiff:3.4:beta31::::::
cpe:2.3:a:libtiff:libtiff:3.8.1:::::::*
cpe:2.3:a:libtiff:libtiff:3.4:beta36::::::
cpe:2.3:a:libtiff:libtiff:3.4:beta24::::::
cpe:2.3:a:libtiff:libtiff:3.9.3:::::::*
cpe:2.3:a:libtiff:libtiff:3.4:::::::*
cpe:2.3:a:libtiff:libtiff:3.5.7:alpha4::::::
cpe:2.3:a:libtiff:libtiff:3.8.2:::::::*
cpe:2.3:a:libtiff:libtiff:3.4:beta28::::::
cpe:2.3:a:libtiff:libtiff:3.5.7:::::::*
cpe:2.3:a:libtiff:libtiff:3.5.7:beta::::::
cpe:2.3:a:libtiff:libtiff:3.7.2:::::::*
cpe:2.3:a:libtiff:libtiff:3.4:beta37::::::
cpe:2.3:a:libtiff:libtiff:3.7.0:::::::*
cpe:2.3:a:libtiff:libtiff:3.9.2-5.2.1:::::::*
cpe:2.3:a:libtiff:libtiff:3.6.0:::::::*
cpe:2.3:a:libtiff:libtiff:3.5.3:::::::*
cpe:2.3:a:libtiff:libtiff:3.7.1:::::::*
cpe:2.3:a:libtiff:libtiff:3.5.4:::::::*
cpe:2.3:a:libtiff:libtiff:3.5.2:::::::*
cpe:2.3:a:libtiff:libtiff:3.5.7:alpha3::::::
cpe:2.3:a:libtiff:libtiff::::::::		3.9.4
cpe:2.3:a:libtiff:libtiff:3.9.2:::::::*
cpe:2.3:a:libtiff:libtiff:3.7.0:beta2::::::
cpe:2.3:a:libtiff:libtiff:3.5.7:alpha::::::
cpe:2.3:a:libtiff:libtiff:3.7.4:::::::*
cpe:2.3:a:libtiff:libtiff:3.7.0:alpha::::::
cpe:2.3:a:libtiff:libtiff:3.5.5:::::::*
cpe:2.3:a:libtiff:libtiff:3.9.0:beta::::::
cpe:2.3:a:libtiff:libtiff:3.5.6:beta::::::
cpe:2.3:a:libtiff:libtiff:3.9.0:::::::*
cpe:2.3:a:libtiff:libtiff:3.5.1:::::::*
cpe:2.3:a:libtiff:libtiff:3.9.1:::::::*
cpe:2.3:a:libtiff:libtiff:3.4:beta18::::::
cpe:2.3:a:libtiff:libtiff:3.9:::::::*
cpe:2.3:a:libtiff:libtiff:3.5.7:alpha2::::::
cpe:2.3:a:libtiff:libtiff:3.5.6:::::::*
cpe:2.3:a:libtiff:libtiff:3.4:beta35::::::