Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2010:146 | First vendor Publication | 2010-08-06 |
Vendor | Mandriva | Last vendor Modification | 2010-08-06 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple vulnerabilities has been discovered and corrected in libtiff: The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to downsampled OJPEG input. (CVE-2010-2595) Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file that triggers a heap-based buffer overflow (CVE-2010-1411). Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF file that triggers a buffer overflow (CVE-2010-2065). The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values (CVE-2010-2483). The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image, related to downsampled OJPEG input and possibly related to a compiler optimization that triggers a divide-by-zero error (CVE-2010-2597). The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file (CVE-2010-248). Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file (CVE-2010-2067). tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to downsampled OJPEG input. (CVE-2010-2233). LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443 (CVE-2010-2482). The updated packages have been patched to correct these issues. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2010:146 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
43 % | CWE-20 | Improper Input Validation |
29 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
29 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12688 | |||
Oval ID: | oval:org.mitre.oval:def:12688 | ||
Title: | DSA-2084-1 tiff -- integer overflows | ||
Description: | Kevin Finisterre discovered that several integer overflows in the TIFF library could lead to the execution of arbitrary code. For the stable distribution, this problem has been fixed in version 3.8.2-11.3. For the unstable distribution, this problem has been fixed in version 3.9.4-1. We recommend that you upgrade your tiff packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2084-1 CVE-2010-1411 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | tiff |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12919 | |||
Oval ID: | oval:org.mitre.oval:def:12919 | ||
Title: | USN-954-1 -- tiff vulnerabilities | ||
Description: | Kevin Finisterre discovered that the TIFF library did not correctly handle certain image structures. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. Dan Rosenberg and Sauli Pahlman discovered multiple flaws in the TIFF library. If a user or automated system were into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service | ||
Family: | unix | Class: | patch |
Reference(s): | USN-954-1 CVE-2010-1411 CVE-2010-2065 CVE-2010-2067 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 10.04 Ubuntu 9.10 Ubuntu 6.06 Ubuntu 9.04 | Product(s): | tiff |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-10-03 | Name : Debian Security Advisory DSA 2552-1 (tiff) File : nvt/deb_2552_1.nasl |
2012-09-26 | Name : Gentoo Security Advisory GLSA 201209-02 (tiff) File : nvt/glsa_201209_02.nasl |
2011-08-09 | Name : CentOS Update for libtiff CESA-2010:0519 centos5 i386 File : nvt/gb_CESA-2010_0519_libtiff_centos5_i386.nasl |
2011-05-06 | Name : Fedora Update for mingw32-libtiff FEDORA-2011-5955 File : nvt/gb_fedora_2011_5955_mingw32-libtiff_fc13.nasl |
2011-04-19 | Name : Fedora Update for libtiff FEDORA-2011-3827 File : nvt/gb_fedora_2011_3827_libtiff_fc13.nasl |
2011-03-24 | Name : Ubuntu Update for tiff regression USN-1085-2 File : nvt/gb_ubuntu_USN_1085_2.nasl |
2011-03-15 | Name : Ubuntu Update for tiff vulnerabilities USN-1085-1 File : nvt/gb_ubuntu_USN_1085_1.nasl |
2011-03-15 | Name : Mandriva Update for libtiff MDVSA-2011:043 (libtiff) File : nvt/gb_mandriva_MDVSA_2011_043.nasl |
2010-08-21 | Name : Debian Security Advisory DSA 2084-1 (tiff) File : nvt/deb_2084_1.nasl |
2010-08-20 | Name : CentOS Update for libtiff CESA-2010:0520 centos3 i386 File : nvt/gb_CESA-2010_0520_libtiff_centos3_i386.nasl |
2010-08-09 | Name : Mandriva Update for libtiff MDVSA-2010:146 (libtiff) File : nvt/gb_mandriva_MDVSA_2010_146.nasl |
2010-08-09 | Name : Mandriva Update for libtiff MDVSA-2010:145 (libtiff) File : nvt/gb_mandriva_MDVSA_2010_145.nasl |
2010-07-12 | Name : Fedora Update for mingw32-libtiff FEDORA-2010-10469 File : nvt/gb_fedora_2010_10469_mingw32-libtiff_fc12.nasl |
2010-07-12 | Name : Fedora Update for mingw32-libtiff FEDORA-2010-10460 File : nvt/gb_fedora_2010_10460_mingw32-libtiff_fc13.nasl |
2010-07-12 | Name : RedHat Update for libtiff RHSA-2010:0520-01 File : nvt/gb_RHSA-2010_0520-01_libtiff.nasl |
2010-07-12 | Name : RedHat Update for libtiff RHSA-2010:0519-01 File : nvt/gb_RHSA-2010_0519-01_libtiff.nasl |
2010-07-06 | Name : Fedora Update for libtiff FEDORA-2010-10333 File : nvt/gb_fedora_2010_10333_libtiff_fc12.nasl |
2010-07-06 | Name : FreeBSD Ports: tiff File : nvt/freebsd_tiff6.nasl |
2010-07-02 | Name : Fedora Update for libtiff FEDORA-2010-10334 File : nvt/gb_fedora_2010_10334_libtiff_fc13.nasl |
2010-06-25 | Name : Fedora Update for libtiff FEDORA-2010-10359 File : nvt/gb_fedora_2010_10359_libtiff_fc11.nasl |
2010-06-25 | Name : Ubuntu Update for tiff vulnerabilities USN-954-1 File : nvt/gb_ubuntu_USN_954_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2010-180-02 libtiff File : nvt/esoft_slk_ssa_2010_180_02.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
66084 | LibTIFF TIFFRGBAImageGet Function Invalid SamplesPerPixel / Photometric Combi... |
66083 | LibTIFF td_stripbytecount Field Handling Weakness Crafted TIFF File DoS |
65971 | LibTIFF tif_strip.c TIFFVStripSize Function Downsampled OJPEG Input DoS |
65969 | LibTIFF TIFFYCbCrtoRGB Function Downsampled OJPEG Input ReferenceBlackWhite V... |
65968 | LibTIFF tif_getimage.c Downsampled OJPEG Input Vertical Flip DoS |
65795 | LibTIFF OJPEG File Handling Unspecified DoS |
65754 | LibTIFF TIFFroundup Macro TIFF File Handling Overflow |
65676 | LibTIFF tif_dirread.c TIFFFetchSubjectDistance Function SubjectDistance Field... |
65296 | Apple Safari ImageIO TIFF File Handling Multiple Overflows |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libtiff-devel-100715.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0520.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0519.nasl - Type : ACT_GATHER_INFO |
2012-09-27 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2552.nasl - Type : ACT_GATHER_INFO |
2012-09-24 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201209-02.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100708_libtiff_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2011-08-11 | Name : The remote Windows host has an application that is affected by multiple vulne... File : blackberry_es_png_kb27244.nasl - Type : ACT_GATHER_INFO |
2011-03-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1085-2.nasl - Type : ACT_GATHER_INFO |
2011-03-09 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-043.nasl - Type : ACT_GATHER_INFO |
2011-03-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1085-1.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libtiff-7052.nasl - Type : ACT_GATHER_INFO |
2010-08-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0520.nasl - Type : ACT_GATHER_INFO |
2010-08-09 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-145.nasl - Type : ACT_GATHER_INFO |
2010-08-09 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-146.nasl - Type : ACT_GATHER_INFO |
2010-08-04 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2084.nasl - Type : ACT_GATHER_INFO |
2010-07-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0520.nasl - Type : ACT_GATHER_INFO |
2010-07-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0519.nasl - Type : ACT_GATHER_INFO |
2010-07-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0519.nasl - Type : ACT_GATHER_INFO |
2010-07-07 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10460.nasl - Type : ACT_GATHER_INFO |
2010-07-07 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10469.nasl - Type : ACT_GATHER_INFO |
2010-07-06 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10333.nasl - Type : ACT_GATHER_INFO |
2010-07-02 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10334.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-180-02.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10359.nasl - Type : ACT_GATHER_INFO |
2010-06-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-954-1.nasl - Type : ACT_GATHER_INFO |
2010-06-17 | Name : The remote host contains a multimedia application that has multiple vulnerabi... File : itunes_9_2_banner.nasl - Type : ACT_GATHER_INFO |
2010-06-17 | Name : The remote host contains an application that is affected by multiple vulnerab... File : itunes_9_2.nasl - Type : ACT_GATHER_INFO |
2010-06-15 | Name : The remote host is missing a Mac OS X update that fixes a security issue. File : macosx_SecUpd2010-004.nasl - Type : ACT_GATHER_INFO |
2010-06-15 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_4.nasl - Type : ACT_GATHER_INFO |
2010-06-15 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12618.nasl - Type : ACT_GATHER_INFO |
2010-06-15 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libtiff-devel-100525.nasl - Type : ACT_GATHER_INFO |
2010-06-15 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libtiff-devel-100524.nasl - Type : ACT_GATHER_INFO |
2010-06-15 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libtiff-devel-100525.nasl - Type : ACT_GATHER_INFO |
2010-06-14 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_313da7dc763b11dfbcce0018f3e2eb82.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:41:37 |
|