CVE-2010-4665

Name of the Vulnerable Software and Affected Versions LibTIFF versions prior to 3.9.5 tiff package versions prior to 4.0.2-r1

Description The issue is related to an integer overflow in the ReadDirectory function in tiffdump.c in tiffdump, which can be triggered by a crafted TIFF file containing a directory data structure with many directory entries. This can cause a denial of service, such as an application crash, or possibly have other unspecified impacts. Additionally, there are multiple vulnerabilities in the tiff package that can lead to breaches of confidentiality, integrity, and availability of protected information, and these vulnerabilities can be exploited remotely.

Recommendations For LibTIFF versions prior to 3.9.5, update to version 3.9.5 or later to resolve the issue. For tiff package versions prior to 4.0.2-r1, update to version 4.0.2-r1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the ReadDirectory function in tiffdump.c until a patch is available.