CVE-2010-1411 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2010-1411

CVE-2010-1411

June 17, 2010

Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file that triggers a heap-based buffer overflow.

Related Resources (33)

http://secunia.com/advisories/50726

http://www.securityfocus.com/bid/40823

http://support.apple.com/kb/HT4196

http://marc.info/?l=oss-security&m=127731610612908&w=2

http://support.apple.com/kb/HT4188

http://secunia.com/advisories/40220

http://www.vupen.com/english/advisories/2010/1761

http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

http://www.remotesensing.org/libtiff/v3.9.3.html

http://secunia.com/advisories/40196

http://www.ubuntu.com/usn/USN-954-1

http://www.vupen.com/english/advisories/2010/1731

http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html

https://access.redhat.com/security/cve/CVE-2010-1411

http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043835.html

http://secunia.com/advisories/40527

http://www.vupen.com/english/advisories/2010/1638

http://security.gentoo.org/glsa/glsa-201209-02.xml

http://www.vupen.com/english/advisories/2010/1435

http://secunia.com/advisories/40381

http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html

http://secunia.com/advisories/40181

http://secunia.com/advisories/40478

https://bugzilla.redhat.com/show_bug.cgi?id=592361

http://www.redhat.com/support/errata/RHSA-2010-0520.html

http://www.vupen.com/english/advisories/2010/1481

http://www.redhat.com/support/errata/RHSA-2010-0519.html

http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.596424

http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043769.html

http://securitytracker.com/id?1024103

http://support.apple.com/kb/HT4220

http://www.vupen.com/english/advisories/2010/1512

http://secunia.com/advisories/40536

Do you need more information?

CVSS v4

Base Score:

6.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

LOW

Vulnerable System Availability

LOW

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

5.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

CVSS v2

Base Score:

6.8

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

EPSS

Base Score:

0.74