CVE-2010-2065 — Integer Overflow or Wraparound in Tiff

CWE-189 CWE-190 — Integer Overflow or Wraparound7 documents7 sources

Severity

6.8MEDIUMNVD

EPSS

2.8%

top 13.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Tiff Libtiff

Timeline

PublishedJun 24

Latest updateMay 17

Description

Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF file that triggers a buffer overflow.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶NVDlibtiff/libtiff3.9.2+21

▶debiandebian/tiff< tiff 3.9.4-1 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-jgr3-673f-qm3h: Integer overflow in the TIFFroundup macro in LibTIFF before 3↗2022-05-17

▶

OSV

CVE-2010-2065: Integer overflow in the TIFFroundup macro in LibTIFF before 3↗2010-06-24

▶

📋Vendor Advisories

Ubuntu

tiff vulnerabilities↗2010-06-21

▶

Red Hat

libtiff: TIFFroundup() integer overflow in TIFFFillStrip()↗2010-06-15

▶

Debian

CVE-2010-2065: tiff - Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 allows remote ...↗2010

▶

💬Community

Bugzilla

CVE-2010-2065 libtiff: TIFFroundup() integer overflow in TIFFFillStrip()↗2010-06-07

▶