VRDA Feed : Provides information for vulnerability impact analysis

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-2067

libtiff: Stack-based buffer overflow in the TIFFFetchSubject...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2067

Original

Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-06-24

Source Information Category:

Advisory, Alert

Last Updated:

2010-06-24

Affected Product Tags

cpe:/a:remotesensing:libtiff:3.4

cpe:/a:remotesensing:libtiff:3.4:beta18

cpe:/a:remotesensing:libtiff:3.4:beta24

cpe:/a:remotesensing:libtiff:3.4:beta28

cpe:/a:remotesensing:libtiff:3.4:beta29

cpe:/a:remotesensing:libtiff:3.4:beta31

cpe:/a:remotesensing:libtiff:3.4:beta32

cpe:/a:remotesensing:libtiff:3.4:beta34

cpe:/a:remotesensing:libtiff:3.4:beta35

cpe:/a:remotesensing:libtiff:3.4:beta36

cpe:/a:remotesensing:libtiff:3.4:beta37

cpe:/a:remotesensing:libtiff:3.5.1

cpe:/a:remotesensing:libtiff:3.5.2

cpe:/a:remotesensing:libtiff:3.5.3

cpe:/a:remotesensing:libtiff:3.5.4

cpe:/a:remotesensing:libtiff:3.5.5

cpe:/a:remotesensing:libtiff:3.5.6

cpe:/a:remotesensing:libtiff:3.5.6:beta

cpe:/a:remotesensing:libtiff:3.5.7

cpe:/a:remotesensing:libtiff:3.5.7:alpha

cpe:/a:remotesensing:libtiff:3.5.7:alpha2

cpe:/a:remotesensing:libtiff:3.5.7:alpha3

cpe:/a:remotesensing:libtiff:3.5.7:alpha4

cpe:/a:remotesensing:libtiff:3.5.7:beta

cpe:/a:remotesensing:libtiff:3.6.0

cpe:/a:remotesensing:libtiff:3.6.0:beta

cpe:/a:remotesensing:libtiff:3.6.0:beta2

cpe:/a:remotesensing:libtiff:3.6.1

cpe:/a:remotesensing:libtiff:3.7.0

cpe:/a:remotesensing:libtiff:3.7.0:alpha

cpe:/a:remotesensing:libtiff:3.7.0:beta

cpe:/a:remotesensing:libtiff:3.7.0:beta2

cpe:/a:remotesensing:libtiff:3.7.1

cpe:/a:remotesensing:libtiff:3.7.2

cpe:/a:remotesensing:libtiff:3.7.3

cpe:/a:remotesensing:libtiff:3.7.4

cpe:/a:remotesensing:libtiff:3.8.0

cpe:/a:remotesensing:libtiff:3.8.1

cpe:/a:remotesensing:libtiff:3.8.2

cpe:/a:remotesensing:libtiff:3.9.0

cpe:/a:remotesensing:libtiff:3.9.0:beta

cpe:/a:remotesensing:libtiff:3.9.1

cpe:/a:remotesensing:libtiff:3.9.2

cpe:/a:remotesensing:libtiff:3.9.3 and previous versions

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=599576

CONFIRM http://www.remotesensing.org/libtiff/v3.9.4.html

CONFIRM http://bugzilla.maptools.org/show_bug.cgi?id=2212

UBUNTU USN-954-1

Vulnerability Type Buffer Errors (CWE-119)