CVE-2010-3087

Publication date 28 September 2010

Last updated 24 July 2024

Ubuntu priority

LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF image.

Read the notes from the security team

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
tiff	10.10 maverick	Fixed 3.9.4-2ubuntu0.1
	10.04 LTS lucid	Fixed 3.9.2-2ubuntu0.4
	9.10 karmic	Not affected
	9.04 jaunty	Ignored end of life
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

this is patch libtiff-scanlinesize.patch in natty upstream bug says 3.8.x is not affected, and I couldn’t reproduce on karmic and earlier.

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1085-1
tiff vulnerabilities
7 March 2011

Other references

http://support.novell.com/security/cve/CVE-2010-3087.html
https://www.cve.org/CVERecord?id=CVE-2010-3087