Computer Security
[EN] securityvulns.ru no-pyccku


libtiff multiple security vulnerabilities
updated since 23.06.2010
Published:29.06.2010
Source:
SecurityVulns ID:10950
Type:library
Threat Level:
7/10
Description:Multiple memory corruptions on tiff files parsing.
Affected:LIBTIFF : libtiff 3.9
CVE:CVE-2010-2067 (Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file.)
 CVE-2010-2065 (Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF file that triggers a buffer overflow.)
 CVE-2010-1411 (Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file that triggers a heap-based buffer overflow.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 06.21.10: Multiple Vendor LibTIFF 3.9.2 Stack Buffer Overflow Vulnerability (29.06.2010)
 documentBUNTU, [USN-954-1] tiff vulnerabilities (23.06.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod