PublicDateAtUSN: 2010-06-13
Candidate: CVE-2010-1411
PublicDate: 2010-06-17 16:30:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1411
 https://ubuntu.com/security/notices/USN-954-1
Description:
 Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in
 the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac
 OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to
 execute arbitrary code or cause a denial of service (application crash) via
 a crafted TIFF file that triggers a heap-based buffer overflow.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: medium
Discovered-by: Kevin Finisterre
Assigned-to: kees
CVSS: 

Patches_tiff:
upstream_tiff: released (3.9.3)
dapper_tiff: released (3.7.4-1ubuntu3.8)
hardy_tiff: released (3.8.2-7ubuntu3.6)
jaunty_tiff: released (3.8.2-11ubuntu0.9.04.6)
karmic_tiff: released (3.8.2-13ubuntu0.3)
lucid_tiff: released (3.9.2-2ubuntu0.3)
devel_tiff: released (3.9.2-3ubuntu1)