Launchpad.net

CVE 2010-1411

Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file that triggers a heap-based buffer overflow.

Related bugs and status

CVE-2010-1411 (Candidate) is related to these bugs:

Bug #898825: freeimage: multiple vulnerabilities in embedded code copies

Summary				In	Importance	Status
	898825	freeimage: multiple vulnerabilities in embedded code copies		freeimage (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2010-06-15-1
SECTRACK: 1024103
SECUNIA: 40220
VUPEN: ADV-2010-1481
CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2010-06-16-1
VUPEN: ADV-2010-1512
SECUNIA: 40196
CONFIRM: http://support.apple.c...
CONFIRM: http://www.remotesensi...
CONFIRM: https://bugzilla.redha...
UBUNTU: USN-954-1
SECUNIA: 40181
VUPEN: ADV-2010-1435
BID: 40823
FEDORA: FEDORA-2010-10460
FEDORA: FEDORA-2010-10469
REDHAT: RHSA-2010:0519
REDHAT: RHSA-2010:0520
SECUNIA: 40478
SECUNIA: 40527
VUPEN: ADV-2010-1731
VUPEN: ADV-2010-1761
SECUNIA: 40536
SUSE: SUSE-SR:2010:014
SECUNIA: 40381
VUPEN: ADV-2010-1638
GENTOO: GLSA-201209-02
SECUNIA: 50726
MLIST: [oss-security] 2010062...
SLACKWARE: SSA:2010-180-02