exploit the possibilities
Showing 1 - 5 of 5 RSS Feed

CVE-2010-1411

Status Candidate

Overview

Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file that triggers a heap-based buffer overflow.

Related Files

Gentoo Linux Security Advisory 201209-02
Posted Sep 24, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201209-2 - Multiple vulnerabilities in libTIFF could result in execution of arbitrary code or Denial of Service. Versions less than 4.0.2-r1 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-2347, CVE-2009-5022, CVE-2010-1411, CVE-2010-2065, CVE-2010-2067, CVE-2010-2233, CVE-2010-2443, CVE-2010-2481, CVE-2010-2482, CVE-2010-2483, CVE-2010-2595, CVE-2010-2596, CVE-2010-2597, CVE-2010-2630, CVE-2010-2631, CVE-2010-3087, CVE-2010-4665, CVE-2011-0192, CVE-2011-0192, CVE-2011-1167, CVE-2011-1167, CVE-2012-1173, CVE-2012-2088, CVE-2012-2113, CVE-2012-3401
MD5 | b1e333c1e644cbcc9addafc4e21e030b
Mandriva Linux Security Advisory 2010-146
Posted Aug 6, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-146 - The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service via a crafted TIFF image that triggers an array index error, related to downsampled OJPEG input. Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3 allow remote attackers to execute arbitrary code or cause a denial of service via a crafted TIFF file that triggers a heap-based buffer overflow. Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF file that triggers a buffer overflow. The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values. The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to downsampled OJPEG input and possibly related to a compiler optimization that triggers a divide-by-zero error. The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file. Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file. tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to downsampled OJPEG input. LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service via a crafted TIFF file, a different vulnerability than CVE-2010-2443. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2010-2595, CVE-2010-1411, CVE-2010-2065, CVE-2010-2483, CVE-2010-2597, CVE-2010-2481, CVE-2010-2067, CVE-2010-2233, CVE-2010-2482
MD5 | 40631af2a0f8063cb9fc05b84d48cfbb
Mandriva Linux Security Advisory 2010-145
Posted Aug 6, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-145 - The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service via a crafted TIFF image that triggers an array index error, related to downsampled OJPEG input. Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3 allow remote attackers to execute arbitrary code or cause a denial of service via a crafted TIFF file that triggers a heap-based buffer overflow. Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF file that triggers a buffer overflow. The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values. The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to downsampled OJPEG input and possibly related to a compiler optimization that triggers a divide-by-zero error. The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2010-2595, CVE-2010-1411, CVE-2010-2065, CVE-2010-2483, CVE-2010-2597, CVE-2010-2481
MD5 | 6553e5bc471d8c962095afd227252de4
Debian Linux Security Advisory 2084-1
Posted Aug 3, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2084-1 - Kevin Finisterre discovered that several integer overflows in the TIFF library could lead to the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2010-1411
MD5 | eee0b2dc5203a6b6a7594c742cedab63
Ubuntu Security Notice 954-1
Posted Jun 23, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 954-1 - Kevin Finisterre discovered that the TIFF library did not correctly handle certain image structures. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. Dan Rosenberg and Sauli Pahlman discovered multiple flaws in the TIFF library. If a user or automated system were into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2010-1411, CVE-2010-2065, CVE-2010-2067
MD5 | 429d7801cafc04d4c2b64382bd0d7e92
Page 1 of 1
Back1Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    6 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close