CVE-2010-2067

Related Files

Gentoo Linux Security Advisory 201209-02

Posted Sep 24, 2012

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201209-2 - Multiple vulnerabilities in libTIFF could result in execution of arbitrary code or Denial of Service. Versions less than 4.0.2-r1 are affected.

tags | advisory, denial of service, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2009-2347, CVE-2009-5022, CVE-2010-1411, CVE-2010-2065, CVE-2010-2067, CVE-2010-2233, CVE-2010-2443, CVE-2010-2481, CVE-2010-2482, CVE-2010-2483, CVE-2010-2595, CVE-2010-2596, CVE-2010-2597, CVE-2010-2630, CVE-2010-2631, CVE-2010-3087, CVE-2010-4665, CVE-2011-0192, CVE-2011-0192, CVE-2011-1167, CVE-2011-1167, CVE-2012-1173, CVE-2012-2088, CVE-2012-2113, CVE-2012-3401

SHA-256 | 4c1d531cd4481a5572a3c053df88570eab2536699dd069f5b711c89773f211c5

Download | Favorite | View

Mandriva Linux Security Advisory 2010-146

Posted Aug 6, 2010

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-146 - The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service via a crafted TIFF image that triggers an array index error, related to downsampled OJPEG input. Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3 allow remote attackers to execute arbitrary code or cause a denial of service via a crafted TIFF file that triggers a heap-based buffer overflow. Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF file that triggers a buffer overflow. The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values. The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to downsampled OJPEG input and possibly related to a compiler optimization that triggers a divide-by-zero error. The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file. Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file. tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to downsampled OJPEG input. LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service via a crafted TIFF file, a different vulnerability than CVE-2010-2443. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, overflow, arbitrary

systems | linux, mandriva

advisories | CVE-2010-2595, CVE-2010-1411, CVE-2010-2065, CVE-2010-2483, CVE-2010-2597, CVE-2010-2481, CVE-2010-2067, CVE-2010-2233, CVE-2010-2482

SHA-256 | 97281473d38a1c17020486c8ef8d34328b374f039467458966916cddef933680

Download | Favorite | View

iDEFENSE Security Advisory 2010-06-21.1

Posted Jun 29, 2010

Authored by iDefense Labs, Dan Rosenberg | Site idefense.com

iDefense Security Advisory 06.21.10 - Remote exploitation of a stack buffer overflow vulnerability in version 3.9.2 of LibTIFF, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability is due to insufficient bounds checking when copying data into a stack allocated buffer. During the processing of a certain EXIF tag a fixed sized stack buffer is used as a destination location for a memory copy. This memory copy can cause the bounds of a stack buffer to be overflown and this condition may lead to arbitrary code execution. iDefense has confirmed the existence of this vulnerability in version 3.9.2 of libTIFF. Previous versions are not affected.

tags | advisory, remote, overflow, arbitrary, code execution

advisories | CVE-2010-2067

SHA-256 | 014d43587d44901b7350126457fa46e3ddd7be36fcae7a02d6977373e2a71713

Download | Favorite | View

Ubuntu Security Notice 954-1

Posted Jun 23, 2010

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 954-1 - Kevin Finisterre discovered that the TIFF library did not correctly handle certain image structures. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. Dan Rosenberg and Sauli Pahlman discovered multiple flaws in the TIFF library. If a user or automated system were into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service.

tags | advisory, remote, denial of service, arbitrary

systems | linux, ubuntu

advisories | CVE-2010-1411, CVE-2010-2065, CVE-2010-2067

SHA-256 | 445168d075106e2e28b608bb7b0e6b3a6fb154c276fc48ef2ed70391a24d46d6

Download | Favorite | View