CVE-2010-2067 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Libtiff

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-228 — Improper Handling of Syntactically Invalid Structure CWE-121 — Stack-based Buffer Overflow7 documents7 sources

Severity

6.8MEDIUMNVD

EPSS

2.8%

top 13.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libtiff Debian Tiff Canonical Ubuntu Linux

Timeline

PublishedJun 24

Latest updateMay 14

Description

Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶NVDlibtiff/libtiff< 3.9.4

▶debiandebian/tiff< tiff 3.9.4-1 (bookworm)

Also affects: Ubuntu Linux 10.04, 6.06, 8.04, 9.04, 9.10

🔴Vulnerability Details

GHSA

GHSA-gchp-g2jj-rx9p: Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread↗2022-05-14

▶

OSV

CVE-2010-2067: Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread↗2010-06-24

▶

📋Vendor Advisories

Ubuntu

tiff vulnerabilities↗2010-06-21

▶

Red Hat

libtiff: SubjectDistance EXIF tag reading stack based buffer overflow↗2010-06-21

▶

Debian

CVE-2010-2067: tiff - Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirr...↗2010

▶

💬Community

Bugzilla

CVE-2010-2067 libtiff: SubjectDistance EXIF tag reading stack based buffer overflow↗2010-06-03

▶