Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2009-2347

Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.

  • Published: Jul 14, 2009
  • Updated: Apr 13, 2023
  • CVE: CVE-2009-2347
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 9.3
  • AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

Software From Fixed in
libtiff / libtiff 3.8.0 3.8.0.x
libtiff / libtiff 3.8.1 3.8.1.x
libtiff / libtiff 3.8.2 3.8.2.x
libtiff / libtiff 4.0 4.0.x
libtiff / libtiff 3.9 3.9.x