CVE-2011-1167

Published: 03/28/2011 16:55:04

Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.

MEDIUM
CVSS v2: 6.8

Status

DocFilters Release	Package	State	Justification	Comment
25.1	libtiff (4.6.0)	Not Affected	Code Not Present	4.6.0 does not match CVE configuration.
24.4	libtiff (4.6.0)	Not Affected	Code Not Present	4.6.0 does not match CVE configuration.
24.4.0	libtiff (4.6.0)	Not Affected	Code Not Present	4.6.0 does not match CVE configuration.
24.3	libtiff (4.6.0)	Not Affected	Code Not Present	4.6.0 does not match CVE configuration.
24.2.1	libtiff (4.6.0)	Not Affected	Code Not Present	4.6.0 does not match CVE configuration.
24.2	libtiff (4.6.0)	Not Affected	Code Not Present	4.6.0 does not match CVE configuration.
24.1	libtiff (4.6.0)	Not Affected	Code Not Present	4.6.0 does not match CVE configuration.
23.3	libtiff (4.5.1)	Not Affected	Code Not Present	4.5.1 does not match CVE configuration.
23.2.1	libtiff (4.3.0)	Not Affected	Code Not Present	4.3.0 does not match CVE configuration.
23.2	libtiff (4.3.0)	Not Affected	Code Not Present	4.3.0 does not match CVE configuration.
23.1	libtiff (4.3.0)	Not Affected	Code Not Present	4.3.0 does not match CVE configuration.
22.4	libtiff (4.3.0)	Not Affected	Code Not Present	4.3.0 does not match CVE configuration.
22.3	libtiff (4.3.0)	Not Affected	Code Not Present	4.3.0 does not match CVE configuration.
22.2	libtiff (4.3.0)	Not Affected	Code Not Present	4.3.0 does not match CVE configuration.
22.1	libtiff (4.0.8)	Not Affected	Code Not Present	4.0.8 does not match CVE configuration.
21.11.1	libtiff (4.0.8)	Not Affected	Code Not Present	4.0.8 does not match CVE configuration.
21.11	libtiff (4.0.8)	Not Affected	Code Not Present	4.0.8 does not match CVE configuration.
21.8.1	libtiff (4.0.8)	Not Affected	Code Not Present	4.0.8 does not match CVE configuration.
21.8	libtiff (4.0.8)	Not Affected	Code Not Present	4.0.8 does not match CVE configuration.
21.5.1	libtiff (4.0.8)	Not Affected	Code Not Present	4.0.8 does not match CVE configuration.
21.5.0	libtiff (4.0.8)	Not Affected	Code Not Present	4.0.8 does not match CVE configuration.
21.2.0	libtiff (4.0.8)	Not Affected	Code Not Present	4.0.8 does not match CVE configuration.
11.4.20	libtiff (4.0.8)	Not Affected	Code Not Present	4.0.8 does not match CVE configuration.
11.4.19.3667	libtiff (4.0.8)	Not Affected	Code Not Present	4.0.8 does not match CVE configuration.
11.4.18.3599	libtiff (4.0.8)	Not Affected	Code Not Present	4.0.8 does not match CVE configuration.
11.4.17	libtiff (4.0.8)	Not Affected	Code Not Present	4.0.8 does not match CVE configuration.
11.4.16.3445	libtiff (4.0.8)	Not Affected	Code Not Present	4.0.8 does not match CVE configuration.
11.4.15.3368	libtiff (4.0.8)	Not Affected	Code Not Present	4.0.8 does not match CVE configuration.
11.4.14.3263	libtiff (4.0.8)	Not Affected	Code Not Present	4.0.8 does not match CVE configuration.
11.4.13.3179	libtiff (4.0.8)	Not Affected	Code Not Present	4.0.8 does not match CVE configuration.
11.4.12.3054	libtiff (4.0.8)	Not Affected	Code Not Present	4.0.8 does not match CVE configuration.
11.4.11.3040	libtiff (4.0.8)	Not Affected	Code Not Present	4.0.8 does not match CVE configuration.
11.4.11.2990	libtiff (4.0.8)	Not Affected	Code Not Present	4.0.8 does not match CVE configuration.
11.4.10.2934	libtiff (4.0.8)	Not Affected	Code Not Present	4.0.8 does not match CVE configuration.
11.4.9.2878	libtiff (4.0.8)	Not Affected	Code Not Present	4.0.8 does not match CVE configuration.
11.4.8.2822	libtiff (4.0.8)	Not Affected	Code Not Present	4.0.8 does not match CVE configuration.

Severity score breakdown

References

NVD
MITRE