FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2010-1411

This CVE name corresponds to:

Entered Topic
2010-06-12 tiff -- buffer overflow vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2010-1411 at cve.mitre.org

Details

Type Candidate
Name CVE-2010-1411
Phase Assigned(20100415)

Description

Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file that triggers a heap-based buffer overflow.

References

Source Reference
MLIST [oss-security] 20100623 CVE requests: LibTIFF
CONFIRM http://support.apple.com/kb/HT4188
CONFIRM http://support.apple.com/kb/HT4220
CONFIRM http://support.apple.com/kb/HT4196
CONFIRM http://www.remotesensing.org/libtiff/v3.9.3.html
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=592361
APPLE APPLE-SA-2010-06-15-1
APPLE APPLE-SA-2010-06-16-1
FEDORA FEDORA-2010-10460
FEDORA FEDORA-2010-10469
GENTOO GLSA-201209-02
REDHAT RHSA-2010:0519
REDHAT RHSA-2010:0520
SLACKWARE SSA:2010-180-02
SUSE SUSE-SR:2010:014
UBUNTU USN-954-1
BID 40823
SECTRACK 1024103
SECUNIA 40220
SECUNIA 40196
SECUNIA 40181
SECUNIA 40478
SECUNIA 40527
SECUNIA 40536
SECUNIA 40381
SECUNIA 50726
VUPEN ADV-2010-1481
VUPEN ADV-2010-1512
VUPEN ADV-2010-1435
VUPEN ADV-2010-1731
VUPEN ADV-2010-1761
VUPEN ADV-2010-1638

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.