CVE-2010-1411

Publication date 13 June 2010

Last updated 24 July 2024

Ubuntu priority

Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file that triggers a heap-based buffer overflow.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
tiff	10.04 LTS lucid	Fixed 3.9.2-2ubuntu0.3
	9.10 karmic	Fixed 3.8.2-13ubuntu0.3
	9.04 jaunty	Fixed 3.8.2-11ubuntu0.9.04.6
	8.04 LTS hardy	Fixed 3.8.2-7ubuntu3.6
	6.06 LTS dapper	Fixed 3.7.4-1ubuntu3.8

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-954-1
tiff vulnerabilities
21 June 2010

Other references

https://www.cve.org/CVERecord?id=CVE-2010-1411