Lucene search

[email protected]CVE-2010-2067

HistoryJun 24, 2010 - 12:30 p.m.

CVE-2010-2067

2010-06-2412:30:01

CWE-119

[email protected]

web.nvd.nist.gov

cve

2010

2067

stack-based buffer overflow

libtiff

denial of service

application crash

execute arbitrary code

exif

tiff

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

High

0.026 Low

EPSS

Percentile

90.4%

JSON

Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file.

Affected configurations

NVD

Node

libtifflibtiffRange<3.9.4

Node

canonicalubuntu_linuxMatch6.06lts

canonicalubuntu_linuxMatch8.04lts

canonicalubuntu_linuxMatch9.04

canonicalubuntu_linuxMatch9.10

canonicalubuntu_linuxMatch10.04lts

CPENameOperatorVersion
libtiff:libtifflibtifflt3.9.4

CPE	Name	Operator	Version
libtiff:libtiff	libtiff	lt	3.9.4

References

bugzilla.maptools.org/show_bug.cgi?id=2212

labs.idefense.com/intelligence/vulnerabilities/display.php?id=874

lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

marc.info/?l=oss-security&m=127731610612908&w=2

osvdb.org/65676

secunia.com/advisories/40241

secunia.com/advisories/40381

secunia.com/advisories/50726

security.gentoo.org/glsa/glsa-201209-02.xml

slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.596424

www.remotesensing.org/libtiff/v3.9.4.html

www.ubuntu.com/usn/USN-954-1

www.vupen.com/english/advisories/2010/1638

bugzilla.redhat.com/show_bug.cgi?id=599576

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

High

0.026 Low

EPSS

Percentile

90.4%

JSON

Related for CVE-2010-2067

cvelist1 debiancve1 securityvulns3 nessus7 ubuntucve1 prion1 nvd1 slackware1 openvas14 ubuntu1 fedora3 gentoo1