CVE-2010-2067: Buffer Overflow
First published: Thu Jun 03 2010(Updated: )
iDefense reported to us a libtiff flaw discovered by Dan Rosenberg. Quoting description from iDefense advisory draft: Remote exploitation of a stack buffer overflow vulnerability in version 3.9.2 of LibTIFF, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the current user. ... This vulnerability is due to insufficient bounds checking when copying data into a stack allocated buffer. During the processing of a certain EXIF tag a fixed sized stack buffer is used as a destination location for a memory copy. This memory copy can cause the bounds of a stack buffer to be overflown and this condition may lead to arbitrary code execution.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Libtiff Libtiff | <3.9.4 | |
| Canonical Ubuntu Linux | =6.06 | |
| Canonical Ubuntu Linux | =9.04 | |
| Canonical Ubuntu Linux | =8.04 | |
| Canonical Ubuntu Linux | =10.04 | |
| Canonical Ubuntu Linux | =9.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugzilla.maptools.org/show_bug.cgi?id=2212
- http://www.remotesensing.org/libtiff/v3.9.4.html
- https://bugzilla.redhat.com/show_bug.cgi?id=599576
- http://www.ubuntu.com/usn/USN-954-1
- http://osvdb.org/65676
- http://secunia.com/advisories/40241
- http://marc.info/?l=oss-security&m=127731610612908&w=2
- http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
- http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.596424
- http://www.vupen.com/english/advisories/2010/1638
- http://secunia.com/advisories/40381
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=874
- http://secunia.com/advisories/50726
- http://security.gentoo.org/glsa/glsa-201209-02.xml
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=419396&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=419396&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=422072&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=422072&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=599576#c1
- http://www.ubuntu.com/usn/usn-954-1
- http://admin.fedoraproject.org/updates/libtiff-3.9.4-1.fc12
- http://admin.fedoraproject.org/updates/libtiff-3.9.4-1.fc13
- collector/nvd-historical
- collector/redhat-bugzilla
- alias/CVE-2010-2067
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/type
- agent/event
- agent/author
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/libtiff
- canonical/libtiff libtiff
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/6.06
- version/canonical ubuntu linux/9.04
- version/canonical ubuntu linux/8.04
- version/canonical ubuntu linux/10.04
- version/canonical ubuntu linux/9.10