Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-4665

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2010-4665
Last Modified 20 Feb 2014 11:37:24
Published 03 May 2011 04:55:04
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2010-4665

Summary

Integer overflow in the ReadDirectory function in tiffdump.c in tiffdump in LibTIFF before 3.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF file containing a directory data structure with many directory entries.

Vulnerable Systems

Application

  • Libtiff 3.4

  • Libtiff 3.5.1

  • Libtiff 3.5.2

  • Libtiff 3.5.3

  • Libtiff 3.5.4

  • Libtiff 3.5.5

  • Libtiff 3.5.6

  • Libtiff 3.5.7

  • Libtiff 3.6.0

  • Libtiff 3.6.1

  • Libtiff 3.7.0

  • Libtiff 3.7.1

  • Libtiff 3.7.2

  • Libtiff 3.7.3

  • Libtiff 3.7.4

  • Libtiff 3.8.0

  • Libtiff 3.8.1

  • Libtiff 3.8.2

  • Libtiff 3.9

  • Libtiff 3.9.0

  • Libtiff 3.9.1

  • Libtiff 3.9.2

  • Libtiff 3.9.2-5.2.1

  • Libtiff 3.9.3

  • Libtiff 3.9.4


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=695887

CONFIRM - http://www.remotesensing.org/libtiff/v3.9.5.html

MLIST - [oss-security] 20110412 libtiff CVE assignments

CONFIRM - http://bugzilla.maptools.org/show_bug.cgi?id=2218

BID - 47338

SECUNIA - 44271

FEDORA - FEDORA-2011-5304

UBUNTU - USN-1416-1

DEBIAN - DSA-2552

GENTOO - GLSA-201209-02

SECUNIA - 50726

SUSE - SUSE-SR:2011:009

Related Patches

SUN125673-05 Solaris 9 SPARC: GNOME 2.0.2: SUNWTiff libtiff library patch

Novell SUSE 2011:7474 libtiff security update for SLE 10 SP4 i586


Last Updated: 27 May 2016 10:49:36