Vulnerability CVE-2011-1167: Information

Description

Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.

Severity: MEDIUM (6.8)

URL: https://nvd.nist.gov/vuln/detail/CVE-2011-1167

Published: March 28, 2011

Modified: Feb. 13, 2023

Error type identifier: CWE-119

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=684939	Patch
http://www.zerodayinitiative.com/advisories/ZDI-11-107
71256
46951
http://bugzilla.maptools.org/show_bug.cgi?id=2300	Patch
ADV-2011-0795
RHSA-2011:0392
43900
ADV-2011-0860
USN-1102-1
MDVSA-2011:064
ADV-2011-0845
ADV-2011-0859
43934
DSA-2210
ADV-2011-0930
FEDORA-2011-3836
ADV-2011-0905
ADV-2011-0960
SSA:2011-098-01
44135
FEDORA-2011-3827
44117
http://blackberry.com/btsc/KB27244
43974
1025257
8165
http://support.apple.com/kb/HT5130
APPLE-SA-2012-02-01-1
http://support.apple.com/kb/HT5281
APPLE-SA-2012-05-09-1
http://support.apple.com/kb/HT5503
APPLE-SA-2012-09-19-1
50726
GLSA-201209-02
SUSE-SR:2011:009
libtiff-thundercode-decoder-bo(66247)
20110321 ZDI-11-107: Libtiff ThunderCode Decoder THUNDER_2BITDELTAS Remote Code Execution Vulnerability

Affected configurations:
1. Configuration 1
  cpe:2.3:a:libtiff:libtiff:3.4:beta29:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.7.0:beta:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.6.0:beta2:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.4:beta34:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.6.0:beta:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.8.0:*:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.7.3:*:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.4:beta32:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.4:beta31:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.8.1:*:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.4:beta36:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.4:beta24:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.9.3:*:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.5.7:alpha4:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.8.2:*:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.4:beta28:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.5.7:beta:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.7.2:*:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.4:beta37:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.9.2-5.2.1:*:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.7.1:*:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.5.7:alpha3:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*
  End including
  3.9.4
  cpe:2.3:a:libtiff:libtiff:3.9.2:*:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.7.0:beta2:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.5.7:alpha:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.7.4:*:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.7.0:alpha:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.9.0:beta:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.5.6:beta:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.9.0:*:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.9.1:*:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.4:beta18:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.9:*:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.5.7:alpha2:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.5.6:*:*:*:*:*:*:*
  cpe:2.3:a:libtiff:libtiff:3.4:beta35:*:*:*:*:*:*

Version: v24.5.1

Vulnerability CVE-2011-1167: Information

Description

References to Advisories, Solutions, and Tools

Configuration 1