Unrated severityNVD Advisory· Published Jul 22, 2012· Updated Jun 16, 2026
CVE-2012-2088
CVE-2012-2088
Description
Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
48cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*+ 47 more
- cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*range: <=3.9.4
- cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.4:beta18:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.4:beta24:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.4:beta28:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.4:beta29:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.4:beta31:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.4:beta32:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.4:beta34:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.4:beta35:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.4:beta36:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.4:beta37:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.6:beta:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.7:alpha:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.7:alpha2:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.7:alpha3:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.7:alpha4:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.7:beta:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.6.0:beta:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.6.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.7.0:alpha:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.7.0:beta:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.7.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.9:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.9.0:beta:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.9.2-5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.9.3:*:*:*:*:*:*:*
- (no CPE)range: <=3.9.4
Patches
Vulnerability mechanics
References
12- secunia.com/advisories/49686nvdVendor Advisory
- lists.apple.com/archives/security-announce/2013/Mar/msg00002.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2012-07/msg00010.htmlnvd
- rhn.redhat.com/errata/RHSA-2012-1054.htmlnvd
- secunia.com/advisories/50726nvd
- security.gentoo.org/glsa/glsa-201209-02.xmlnvd
- support.apple.com/kb/HT6162nvd
- support.apple.com/kb/HT6163nvd
- www.mandriva.com/security/advisoriesnvd
- www.securityfocus.com/bid/54270nvd
- bugzilla.redhat.com/show_bug.cginvd
- hermes.opensuse.org/messages/15083566nvd
News mentions
0No linked articles in our index yet.