CVE-2010-3087 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Tiff

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190 — Integer Overflow or Wraparound8 documents7 sources

Severity

6.8MEDIUMNVD

EPSS

1.8%

top 17.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Tiff Libtiff Opensuse

Timeline

PublishedSep 28

Latest updateMay 14

Description

LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF image.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶NVDlibtiff/libtiff3.9.2-5.2.1

▶NVDopensuse/opensuse11.3

▶debiandebian/tiff< tiff 3.9.4-5 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-rx6q-233c-f2vp: LibTIFF before 3↗2022-05-14

▶

OSV

CVE-2010-3087: LibTIFF before 3↗2010-09-28

▶

📋Vendor Advisories

Ubuntu

tiff regression↗2011-03-15

▶

Ubuntu

tiff vulnerabilities↗2011-03-07

▶

Red Hat

libtiff: DoS or possible arbitrary code execution via crafted TIFF image↗2010-07-02

▶

Debian

CVE-2010-3087: tiff - LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to caus...↗2010

▶

💬Community

Bugzilla

CVE-2010-3087 libtiff: DoS or possible arbitrary code execution via crafted TIFF image↗2010-09-28

▶