CVE-2010-2067
published 2010-06-24CVE-2010-2067: Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of…
PriorityP432medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
4.78%
90.8th percentile
Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | tiff | < tiff 3.9.4-1 (bookworm) | tiff 3.9.4-1 (bookworm) |
| libtiff | libtiff | < 3.9.4 | 3.9.4 |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
vendor_ubuntu6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
tiff vulnerabilities
vendor_ubuntu·2010-06-21·CVSS 6.8
CVE-2010-1411 [MEDIUM] tiff vulnerabilities
Title: tiff vulnerabilities
Summary: Multiple integer overflows leading to crashes or arbitrary code execution.
Kevin Finisterre discovered that the TIFF library did not correctly handle
certain image structures. If a user or automated system were tricked
into opening a specially crafted TIFF image, a remote attacker could
execute arbitrary code with user privileges, or crash the application,
leading to a denial of service. (CVE-2010-1411)
Dan Rosenberg and Sauli Pahlman discovered multiple flaws in the TIFF
library. If a user or automated system were into opening a specially
crafted TIFF image, a remote attacker could execute arbitrary code
with user privileges, or crash the application, leading to a denial
of service. (Only Ubuntu 10.04 LTS was affected.) (CVE-2010-2065,
CVE-2010-2067
Red Hat
libtiff: SubjectDistance EXIF tag reading stack based buffer overflow
vendor_redhat·2010-06-21·CVSS 6.8
CVE-2010-2067 [MEDIUM] CWE-228 libtiff: SubjectDistance EXIF tag reading stack based buffer overflow
libtiff: SubjectDistance EXIF tag reading stack based buffer overflow
Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file.
Statement: Not vulnerable. These issues did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Debian
CVE-2010-2067: tiff - Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirr...
vendor_debian·2010·CVSS 6.8
CVE-2010-2067 [MEDIUM] CVE-2010-2067: tiff - Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirr...
Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file.
Scope: local
bookworm: resolved (fixed in 3.9.4-1)
bullseye: resolved (fixed in 3.9.4-1)
forky: resolved (fixed in 3.9.4-1)
sid: resolved (fixed in 3.9.4-1)
trixie: resolved (fixed in 3.9.4-1)
GHSA
GHSA-gchp-g2jj-rx9p: Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread
ghsa_unreviewed·2022-05-14
CVE-2010-2067 [MEDIUM] CWE-119 GHSA-gchp-g2jj-rx9p: Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread
Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file.
OSV
CVE-2010-2067: Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread
osv·2010-06-24·CVSS 6.8
CVE-2010-2067 [MEDIUM] CVE-2010-2067: Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread
Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file.
No detection rules found.
No public exploits indexed.
http://bugzilla.maptools.org/show_bug.cgi?id=2212http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=874http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.htmlhttp://marc.info/?l=oss-security&m=127731610612908&w=2http://osvdb.org/65676http://secunia.com/advisories/40241http://secunia.com/advisories/40381http://secunia.com/advisories/50726http://security.gentoo.org/glsa/glsa-201209-02.xmlhttp://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.596424http://www.remotesensing.org/libtiff/v3.9.4.htmlhttp://www.ubuntu.com/usn/USN-954-1http://www.vupen.com/english/advisories/2010/1638https://bugzilla.redhat.com/show_bug.cgi?id=599576http://bugzilla.maptools.org/show_bug.cgi?id=2212http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=874http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.htmlhttp://marc.info/?l=oss-security&m=127731610612908&w=2http://osvdb.org/65676http://secunia.com/advisories/40241http://secunia.com/advisories/40381http://secunia.com/advisories/50726http://security.gentoo.org/glsa/glsa-201209-02.xmlhttp://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.596424http://www.remotesensing.org/libtiff/v3.9.4.htmlhttp://www.ubuntu.com/usn/USN-954-1http://www.vupen.com/english/advisories/2010/1638https://bugzilla.redhat.com/show_bug.cgi?id=599576
2010-06-24
Published