CVE-2010-2067

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file.

References

http://bugzilla.maptools.org/show_bug.cgi?id=2212

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=874

http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

http://marc.info/?l=oss-security&m=127731610612908&w=2

http://osvdb.org/65676

http://secunia.com/advisories/40241

http://secunia.com/advisories/40381

http://secunia.com/advisories/50726

http://security.gentoo.org/glsa/glsa-201209-02.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.596424

http://www.remotesensing.org/libtiff/v3.9.4.html

http://www.ubuntu.com/usn/USN-954-1

http://www.vupen.com/english/advisories/2010/1638

https://bugzilla.redhat.com/show_bug.cgi?id=599576

Details

Source: MITRE

Published: 2010-06-24

Updated: 2018-11-16

Type: CWE-119

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (7 total)

IDNameProductFamilySeverity
75618openSUSE Security Update : libtiff-devel (openSUSE-SU-2010:0420-1)NessusSuSE Local Security Checks
medium
62235GLSA-201209-02 : libTIFF: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
48272Mandriva Linux Security Advisory : libtiff (MDVSA-2010:146)NessusMandriva Local Security Checks
high
47596Fedora 12 : libtiff-3.9.4-1.fc12 (2010-10333)NessusFedora Local Security Checks
high
47585Fedora 13 : libtiff-3.9.4-1.fc13 (2010-10334)NessusFedora Local Security Checks
high
47563Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 9.0 / 9.1 / current : libtiff (SSA:2010-180-02)NessusSlackware Local Security Checks
medium
47110Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : tiff vulnerabilities (USN-954-1)NessusUbuntu Local Security Checks
medium