Upstream information
Description
Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
National Vulnerability Database | |
---|---|
Base Score | 6.8 |
Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Access Vector | Network |
Access Complexity | Medium |
Authentication | None |
Confidentiality Impact | Partial |
Integrity Impact | Partial |
Availability Impact | Partial |
- SUSE-SR:2010:014, published Mon, 02 Aug 2010 15:00:00 +0000
- openSUSE-SU-2010:0387-1, published Fri, 16 Jul 2010 15:08:09 +0200 (CEST)
- openSUSE-SU-2010:0420-1, published Thu, 22 Jul 2010 19:08:18 +0200 (CEST)
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
SUSE Linux Enterprise Desktop 12 SP1 |
| |
SUSE Linux Enterprise Desktop 12 SP2 |
| |
SUSE Linux Enterprise Desktop 12 SP3 |
| |
SUSE Linux Enterprise Desktop 12 SP4 |
| |
SUSE Linux Enterprise Desktop 12 |
| |
SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Server 12 SP5 |
| |
SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Basesystem 15 SP2 |
| |
SUSE Linux Enterprise Module for Basesystem 15 |
| |
SUSE Linux Enterprise Module for Desktop Applications 15 SP1 SUSE Linux Enterprise Module for Desktop Applications 15 SP2 |
| |
SUSE Linux Enterprise Module for Desktop Applications 15 |
| |
SUSE Linux Enterprise Server 12 SP1 |
| |
SUSE Linux Enterprise Server 12 SP2 |
| |
SUSE Linux Enterprise Server 12 SP3 |
| |
SUSE Linux Enterprise Server 12 SP4 |
| |
SUSE Linux Enterprise Server 12 |
| |
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 |
| |
SUSE Linux Enterprise Software Development Kit 12 SP1 |
| |
SUSE Linux Enterprise Software Development Kit 12 SP2 |
| |
SUSE Linux Enterprise Software Development Kit 12 SP3 |
| |
SUSE Linux Enterprise Software Development Kit 12 SP4 |
| |
SUSE Linux Enterprise Software Development Kit 12 SP5 |
| |
SUSE Linux Enterprise Software Development Kit 12 |
| |
openSUSE Leap 15.0 |
| Patchnames: openSUSE Leap 15.0 GA libtiff5 |
openSUSE Leap 42.1 |
| Patchnames: openSUSE Leap 42.1 GA libtiff-devel |
openSUSE Leap 42.2 |
| Patchnames: openSUSE Leap 42.2 GA libtiff-devel |
openSUSE Leap 42.3 |
| Patchnames: openSUSE Leap 42.3 GA libtiff-devel |
openSUSE Tumbleweed |
| Patchnames: openSUSE Tumbleweed GA libtiff-devel-32bit |