Published: 24/06/2010 Updated: 15/05/2013

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 607

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Integer overflow in the TIFFroundup macro in LibTIFF prior to 3.9.3 allows remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF file that triggers a buffer overflow.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libtiff libtiff 3.5.2
libtiff libtiff 3.5.3
libtiff libtiff 3.7.0
libtiff libtiff 3.7.1
libtiff libtiff 3.4
libtiff libtiff 3.6.0
libtiff libtiff 3.9.1
libtiff libtiff 3.9
libtiff libtiff 3.5.6
libtiff libtiff 3.5.7
libtiff libtiff 3.8.2
libtiff libtiff 3.9.0
libtiff libtiff 3.7.2
libtiff libtiff 3.7.3
libtiff libtiff 3.5.1
libtiff libtiff 3.6.1
libtiff libtiff
libtiff libtiff 3.7.4
libtiff libtiff 3.5.4
libtiff libtiff 3.5.5
libtiff libtiff 3.8.0
libtiff libtiff 3.8.1

Multiple integer overflows leading to crashes or arbitrary code execution ...

CWE-189 https://bugzilla.redhat.com/show_bug.cgi?id=601274 http://secunia.com/advisories/40181 http://www.remotesensing.org/libtiff/v3.9.3.html http://www.ubuntu.com/usn/USN-954-1 https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/589565 http://marc.info/?l=oss-security&m=127731610612908&w=2 http://www.vupen.com/english/advisories/2011/0204 http://blogs.sun.com/security/entry/cve_2010_2065_cve_2010 http://www.vupen.com/english/advisories/2011/0621 http://www.mandriva.com/security/advisories?name=MDVSA-2011:043 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.596424 http://www.vupen.com/english/advisories/2010/1638 http://secunia.com/advisories/40381 http://secunia.com/advisories/50726 http://security.gentoo.org/glsa/glsa-201209-02.xml https://usn.ubuntu.com/954-1/https://nvd.nist.gov

CVE-2010-2065

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect