CVE-2010-2065

EPSS 5.58%
Published 24.06.2010 12:30:01
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF file that triggers a buffer overflow.

Affected products Warnungen 0 Metrics 2 CWE 0 References 18

Data is provided by the National Vulnerability Database (NVD)

Libtiff ≫ Libtiff Version <= 3.9.2

Libtiff ≫ Libtiff Version3.4

Libtiff ≫ Libtiff Version3.4 Updatebeta18

Libtiff ≫ Libtiff Version3.4 Updatebeta24

Libtiff ≫ Libtiff Version3.4 Updatebeta28

Libtiff ≫ Libtiff Version3.4 Updatebeta29

Libtiff ≫ Libtiff Version3.4 Updatebeta31

Libtiff ≫ Libtiff Version3.4 Updatebeta32

Libtiff ≫ Libtiff Version3.4 Updatebeta34

Libtiff ≫ Libtiff Version3.4 Updatebeta35

Libtiff ≫ Libtiff Version3.4 Updatebeta36

Libtiff ≫ Libtiff Version3.4 Updatebeta37

Libtiff ≫ Libtiff Version3.5.1

Libtiff ≫ Libtiff Version3.5.2

Libtiff ≫ Libtiff Version3.5.3

Libtiff ≫ Libtiff Version3.5.4

Libtiff ≫ Libtiff Version3.5.5

Libtiff ≫ Libtiff Version3.5.6

Libtiff ≫ Libtiff Version3.5.6 Updatebeta

Libtiff ≫ Libtiff Version3.5.7

Libtiff ≫ Libtiff Version3.5.7 Updatealpha

Libtiff ≫ Libtiff Version3.5.7 Updatealpha2

Libtiff ≫ Libtiff Version3.5.7 Updatealpha3

Libtiff ≫ Libtiff Version3.5.7 Updatealpha4

Libtiff ≫ Libtiff Version3.5.7 Updatebeta

Libtiff ≫ Libtiff Version3.6.0

Libtiff ≫ Libtiff Version3.6.0 Updatebeta

Libtiff ≫ Libtiff Version3.6.0 Updatebeta2

Libtiff ≫ Libtiff Version3.6.1

Libtiff ≫ Libtiff Version3.7.0

Libtiff ≫ Libtiff Version3.7.0 Updatealpha

Libtiff ≫ Libtiff Version3.7.0 Updatebeta

Libtiff ≫ Libtiff Version3.7.0 Updatebeta2

Libtiff ≫ Libtiff Version3.7.1

Libtiff ≫ Libtiff Version3.7.2

Libtiff ≫ Libtiff Version3.7.3

Libtiff ≫ Libtiff Version3.7.4

Libtiff ≫ Libtiff Version3.8.0

Libtiff ≫ Libtiff Version3.8.1

Libtiff ≫ Libtiff Version3.8.2

Libtiff ≫ Libtiff Version3.9

Libtiff ≫ Libtiff Version3.9.0

Libtiff ≫ Libtiff Version3.9.0 Updatebeta

Libtiff ≫ Libtiff Version3.9.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	5.58%	0.899

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

http://secunia.com/advisories/50726

http://security.gentoo.org/glsa/glsa-201209-02.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2011:043

http://www.vupen.com/english/advisories/2011/0621

http://marc.info/?l=oss-security&m=127731610612908&w=2

http://secunia.com/advisories/40181

Vendor Advisory

http://secunia.com/advisories/40381

http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.596424

http://www.remotesensing.org/libtiff/v3.9.3.html

http://www.ubuntu.com/usn/USN-954-1

http://www.vupen.com/english/advisories/2010/1638

http://blogs.sun.com/security/entry/cve_2010_2065_cve_2010

http://www.vupen.com/english/advisories/2011/0204

https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/589565

https://bugzilla.redhat.com/show_bug.cgi?id=601274

https://nvd.nist.gov/vuln/detail/CVE-2010-2065

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-2065

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-2065

EUVD