PublicDateAtUSN: 2011-05-03
Candidate: CVE-2010-4665
PublicDate: 2011-05-03 20:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4665
 https://ubuntu.com/security/notices/USN-1416-1
Description:
 Integer overflow in the ReadDirectory function in tiffdump.c in tiffdump in
 LibTIFF before 3.9.5 allows remote attackers to cause a denial of service
 (application crash) or possibly have unspecified other impact via a crafted
 TIFF file containing a directory data structure with many directory
 entries.
Ubuntu-Description:
Notes:
 mdeslaur> only affects tiffdump tool
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=695887
 http://bugzilla.maptools.org/show_bug.cgi?id=2218
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_tiff:
upstream_tiff: released (3.9.5)
dapper_tiff: ignored (reached end-of-life)
hardy_tiff: released (3.8.2-7ubuntu3.10)
lucid_tiff: released (3.9.2-2ubuntu0.8)
maverick_tiff: released (3.9.4-2ubuntu0.5)
natty_tiff: released (3.9.4-5ubuntu6.1)
oneiric_tiff: not-affected (3.9.5-1ubuntu1)
devel_tiff: not-affected (3.9.5-1ubuntu1)