CVE-2010-3087
published 2010-09-28CVE-2010-3087: LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code…
PriorityP433medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
3.24%
86.7th percentile
LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF image.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tiff | < tiff 3.9.4-5 (bookworm) | tiff 3.9.4-5 (bookworm) |
| libtiff | libtiff | — | — |
| opensuse | opensuse | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
tiff regression
vendor_ubuntu·2011-03-15·CVSS 4.3
[MEDIUM] tiff regression
Title: tiff regression
Summary: Fix regression in CCITTFAX4 processing.
USN-1085-1 fixed vulnerabilities in the system TIFF library. The upstream
fixes were incomplete and created problems for certain CCITTFAX4 files.
This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Sauli Pahlman discovered that the TIFF library incorrectly handled invalid
td_stripbytecount fields. If a user or automated system were tricked into
opening a specially crafted TIFF image, a remote attacker could crash the
application, leading to a denial of service. This issue only affected
Ubuntu 10.04 LTS and 10.10. (CVE-2010-2482)
Sauli Pahlman discovered that the TIFF library incorrectly handled TIFF
files with an invalid combination of SamplesPerPixel and Photometric
valu
Ubuntu
tiff vulnerabilities
vendor_ubuntu·2011-03-07·CVSS 4.3
CVE-2010-3087 [MEDIUM] tiff vulnerabilities
Title: tiff vulnerabilities
Summary: Certain applications could be made to run programs as your login if they
opened a specially crafted TIFF file.
Sauli Pahlman discovered that the TIFF library incorrectly handled invalid
td_stripbytecount fields. If a user or automated system were tricked into
opening a specially crafted TIFF image, a remote attacker could crash the
application, leading to a denial of service. This issue only affected
Ubuntu 10.04 LTS and 10.10. (CVE-2010-2482)
Sauli Pahlman discovered that the TIFF library incorrectly handled TIFF
files with an invalid combination of SamplesPerPixel and Photometric
values. If a user or automated system were tricked into opening a specially
crafted TIFF image, a remote attacker could crash the application, leading
to a denial of servi
Red Hat
libtiff: DoS or possible arbitrary code execution via crafted TIFF image
vendor_redhat·2010-07-02·CVSS 6.8
CVE-2010-3087 [MEDIUM] CWE-190 libtiff: DoS or possible arbitrary code execution via crafted TIFF image
libtiff: DoS or possible arbitrary code execution via crafted TIFF image
LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF image.
Package: libtiff (Red Hat Enterprise Linux 4) - Not affected
Package: libtiff (Red Hat Enterprise Linux 5) - Not affected
Package: libtiff (Red Hat Enterprise Linux 6) - Not affected
Debian
CVE-2010-3087: tiff - LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to caus...
vendor_debian·2010·CVSS 6.8
CVE-2010-3087 [MEDIUM] CVE-2010-3087: tiff - LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to caus...
LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF image.
Scope: local
bookworm: resolved (fixed in 3.9.4-5)
bullseye: resolved (fixed in 3.9.4-5)
forky: resolved (fixed in 3.9.4-5)
sid: resolved (fixed in 3.9.4-5)
trixie: resolved (fixed in 3.9.4-5)
GHSA
GHSA-rx6q-233c-f2vp: LibTIFF before 3
ghsa_unreviewed·2022-05-14
CVE-2010-3087 [MEDIUM] CWE-119 GHSA-rx6q-233c-f2vp: LibTIFF before 3
LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF image.
OSV
CVE-2010-3087: LibTIFF before 3
osv·2010-09-28·CVSS 6.8
CVE-2010-3087 [MEDIUM] CVE-2010-3087: LibTIFF before 3
LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF image.
No detection rules found.
No public exploits indexed.
http://blackberry.com/btsc/KB27244http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.htmlhttp://secunia.com/advisories/50726http://security.gentoo.org/glsa/glsa-201209-02.xmlhttp://support.novell.com/security/cve/CVE-2010-3087.htmlhttps://bugzilla.novell.com/show_bug.cgi?id=624215http://blackberry.com/btsc/KB27244http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.htmlhttp://secunia.com/advisories/50726http://security.gentoo.org/glsa/glsa-201209-02.xmlhttp://support.novell.com/security/cve/CVE-2010-3087.htmlhttps://bugzilla.novell.com/show_bug.cgi?id=624215
2010-09-28
Published