Upstream information

CVE-2012-1173 at MITRE

Description

Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.82
Vector AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entries: 753362 [RESOLVED / FIXED], 854393 [NEEDINFO]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • libtiff5 >= 4.0.3-9.78
  • libtiff5-32bit >= 4.0.3-9.78
Patchnames:
SUSE Linux Enterprise Desktop 12 GA libtiff5-32bit
SUSE Linux Enterprise Desktop 12 SP1
  • libtiff5 >= 4.0.4-12.2
  • libtiff5-32bit >= 4.0.4-12.2
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA libtiff5-32bit
SUSE Linux Enterprise Desktop 12 SP2
  • libtiff5 >= 4.0.6-26.3
  • libtiff5-32bit >= 4.0.6-26.3
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA libtiff5-32bit
SUSE Linux Enterprise Server 12 SP2
  • libtiff5 >= 4.0.6-26.3
  • libtiff5-32bit >= 4.0.6-26.3
  • tiff >= 4.0.6-26.3
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA libtiff5-32bit
SUSE Linux Enterprise Desktop 10 SP4 for x86
SUSE Linux Enterprise Server 10 SP4 for x86
  • libtiff >= 3.8.2-5.26.1
  • libtiff-devel >= 3.8.2-5.26.1
  • tiff >= 3.8.2-5.26.1
Builds
ZYPP Patch Nr: 8055
SUSE Linux Enterprise Desktop 10 SP4 for AMD64 and Intel EM64T
  • libtiff >= 3.8.2-5.26.1
  • libtiff-32bit >= 3.8.2-5.26.1
  • libtiff-devel >= 3.8.2-5.26.1
  • tiff >= 3.8.2-5.26.1
Builds
ZYPP Patch Nr: 8055
SLE SDK 10 SP4 for IPF
SLE SDK 10 SP4 for x86
  • libtiff-devel >= 3.8.2-5.26.1
Builds
ZYPP Patch Nr: 8055
SLE SDK 10 SP4 for IBM iSeries and IBM pSeries
  • libtiff-devel >= 3.8.2-5.26.1
  • libtiff-devel-64bit >= 3.8.2-5.26.1
Builds
ZYPP Patch Nr: 8055
SLE SDK 10 SP4 for IBM zSeries
SLE SDK 10 SP4 for X86-64
  • libtiff-devel >= 3.8.2-5.26.1
  • libtiff-devel-32bit >= 3.8.2-5.26.1
Builds
ZYPP Patch Nr: 8055
SUSE Linux Enterprise Server 10 SP4 for IPF
  • libtiff >= 3.8.2-5.26.1
  • libtiff-devel >= 3.8.2-5.26.1
  • libtiff-x86 >= 3.8.2-5.26.1
  • tiff >= 3.8.2-5.26.1
Builds
ZYPP Patch Nr: 8055
SUSE Linux Enterprise Server 10 SP4 for IBM POWER
  • libtiff >= 3.8.2-5.26.1
  • libtiff-64bit >= 3.8.2-5.26.1
  • libtiff-devel >= 3.8.2-5.26.1
  • libtiff-devel-64bit >= 3.8.2-5.26.1
  • tiff >= 3.8.2-5.26.1
Builds
ZYPP Patch Nr: 8055
SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T
SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit
  • libtiff >= 3.8.2-5.26.1
  • libtiff-32bit >= 3.8.2-5.26.1
  • libtiff-devel >= 3.8.2-5.26.1
  • libtiff-devel-32bit >= 3.8.2-5.26.1
  • tiff >= 3.8.2-5.26.1
Builds
ZYPP Patch Nr: 8055
SUSE Linux Enterprise Server 10 SP3 LTSS for x86
  • libtiff >= 3.8.2-5.36.1
  • libtiff-devel >= 3.8.2-5.36.1
  • tiff >= 3.8.2-5.36.1
Builds
ZYPP Patch Nr: 8721
SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T
SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit
  • libtiff >= 3.8.2-5.36.1
  • libtiff-32bit >= 3.8.2-5.36.1
  • libtiff-devel >= 3.8.2-5.36.1
  • libtiff-devel-32bit >= 3.8.2-5.36.1
  • tiff >= 3.8.2-5.36.1
Builds
ZYPP Patch Nr: 8721
SUSE Linux Enterprise Software Development Kit 11 SP1
SUSE Linux Enterprise Software Development Kit 11 SP2
  • libtiff-devel >= 3.8.2-141.144.1
Builds
SAT Patch Nr: 6106
SUSE Linux Enterprise Software Development Kit 11 SP1
SUSE Linux Enterprise Software Development Kit 11 SP2
  • libtiff-devel >= 3.8.2-141.144.1
  • libtiff-devel-32bit >= 3.8.2-141.144.1
Builds
SAT Patch Nr: 6106
SUSE Linux Enterprise Desktop 11 SP1
SUSE Linux Enterprise Desktop 11 SP2
  • libtiff3 >= 3.8.2-141.144.1
Builds
SAT Patch Nr: 6106
SUSE Linux Enterprise Desktop 11 SP1
SUSE Linux Enterprise Desktop 11 SP2
  • libtiff3 >= 3.8.2-141.144.1
  • libtiff3-32bit >= 3.8.2-141.144.1
Builds
SAT Patch Nr: 6106
SUSE Linux Enterprise Server 11 SP1
SUSE Linux Enterprise Server 11 SP1 for VMware
SUSE Linux Enterprise Server 11 SP2
  • libtiff3 >= 3.8.2-141.144.1
  • libtiff3-32bit >= 3.8.2-141.144.1
  • tiff >= 3.8.2-141.144.1
Builds
SAT Patch Nr: 6106
SUSE Linux Enterprise Server 11 SP1
SUSE Linux Enterprise Server 11 SP1 for VMware
SUSE Linux Enterprise Server 11 SP2
  • libtiff3 >= 3.8.2-141.144.1
  • tiff >= 3.8.2-141.144.1
Builds
SAT Patch Nr: 6106
SUSE Linux Enterprise Server 11 SP1
SUSE Linux Enterprise Server 11 SP2
  • libtiff3 >= 3.8.2-141.144.1
  • libtiff3-x86 >= 3.8.2-141.144.1
  • tiff >= 3.8.2-141.144.1
Builds
SAT Patch Nr: 6106
openSUSE 11.4
  • libtiff-devel >= 3.9.4-3.25.1
  • libtiff-devel-32bit >= 3.9.4-3.25.1
  • libtiff3 >= 3.9.4-3.25.1
  • libtiff3-32bit >= 3.9.4-3.25.1
  • libtiff3-debuginfo >= 3.9.4-3.25.1
  • libtiff3-debuginfo-32bit >= 3.9.4-3.25.1
  • libtiff3-debuginfo-x86 >= 3.9.4-3.25.1
  • libtiff3-x86 >= 3.9.4-3.25.1
  • tiff >= 3.9.4-3.25.1
  • tiff-debuginfo >= 3.9.4-3.25.1
  • tiff-debugsource >= 3.9.4-3.25.1
Patchnames:
openSUSE-2012-234
openSUSE 13.2
  • libtiff-devel >= 4.0.3-10.1.2
  • libtiff5 >= 4.0.3-10.1.2
  • libtiff5-32bit >= 4.0.3-10.1.2
  • tiff >= 4.0.3-10.1.2
Patchnames:
openSUSE 13.2 GA libtiff-devel
openSUSE Leap 42.1
  • libtiff-devel >= 4.0.4-1.1
  • libtiff5 >= 4.0.4-1.1
  • libtiff5-32bit >= 4.0.4-1.1
  • tiff >= 4.0.4-1.1
Patchnames:
openSUSE Leap 42.1 GA libtiff-devel
openSUSE Leap 42.2
  • libtiff-devel >= 4.0.6-10.1
  • libtiff5 >= 4.0.6-10.1
  • libtiff5-32bit >= 4.0.6-10.1
  • tiff >= 4.0.6-10.1
Patchnames:
openSUSE Leap 42.2 GA libtiff-devel