[Forgot Password]
Login  Register Subscribe

23631

 
 

126941

 
 

98503

 
 

909

 
 

79321

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2010-2067

Date: (C)2010-06-24   (M)2017-11-18 


Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file.

CVSS Score: 6.8Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=874
SECUNIA-40241
SECUNIA-40381
SECUNIA-50726
OSVDB-65676
ADV-2010-1638
GLSA-201209-02
SSA:2010-180-02
SUSE-SR:2010:014
USN-954-1
http://marc.info/?l=oss-security&m=127731610612908&w=2
http://bugzilla.maptools.org/show_bug.cgi?id=2212
http://www.remotesensing.org/libtiff/v3.9.4.html
https://bugzilla.redhat.com/show_bug.cgi?id=599576

CPE    45
cpe:/a:libtiff:libtiff:3.8.0
cpe:/a:libtiff:libtiff:3.6.1
cpe:/a:libtiff:libtiff:3.8.2
cpe:/a:libtiff:libtiff:3.6.0:beta
...
CWE    1
CWE-119
OVAL    5
oval:org.secpod.oval:def:300023
oval:org.secpod.oval:def:100026
oval:org.secpod.oval:def:100532
oval:org.secpod.oval:def:102543
...

© 2013 SecPod Technologies