cpe:/o:apple:mac_os_x:10.5.8 cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x:10.6.3 cpe:/o:apple:mac_os_x_server:10.5.8 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x_server:10.6.3 CVE-2010-1411 2010-06-17T12:30:01.810-04:00 2013-05-14T23:08:28.183-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-06-18T07:31:00.000-04:00 SECTRACK 1024103 SECUNIA 40181 SECUNIA 40196 SECUNIA 40220 SECUNIA 40381 SECUNIA 40478 SECUNIA 40527 SECUNIA 40536 BID 40823 SECUNIA 50726 VUPEN ADV-2010-1435 VUPEN ADV-2010-1481 VUPEN ADV-2010-1512 VUPEN ADV-2010-1638 VUPEN ADV-2010-1731 VUPEN ADV-2010-1761 APPLE APPLE-SA-2010-06-15-1 APPLE APPLE-SA-2010-06-16-1 FEDORA FEDORA-2010-10460 FEDORA FEDORA-2010-10469 GENTOO GLSA-201209-02 REDHAT RHSA-2010:0519 REDHAT RHSA-2010:0520 SLACKWARE SSA:2010-180-02 SUSE SUSE-SR:2010:014 UBUNTU USN-954-1 MLIST [oss-security] 20100623 CVE requests: LibTIFF CONFIRM http://support.apple.com/kb/HT4188 CONFIRM http://support.apple.com/kb/HT4196 CONFIRM http://support.apple.com/kb/HT4220 CONFIRM http://www.remotesensing.org/libtiff/v3.9.3.html CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=592361 Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file that triggers a heap-based buffer overflow.