CVE-2010-2067

Name of the Vulnerable Software and Affected Versions LibTIFF versions prior to 3.9.4 tiff package versions prior to 4.0.2-r1

Description The issue is related to a stack-based buffer overflow in the TIFFFetchSubjectDistance function, which can be triggered by a long EXIF SubjectDistance field in a TIFF file. This can cause a denial of service, resulting in an application crash, or possibly allow the execution of arbitrary code. The vulnerability can be exploited remotely and may lead to breaches of confidentiality, integrity, and availability of protected information.

Recommendations For LibTIFF versions prior to 3.9.4, update to version 3.9.4 or later to resolve the issue. For tiff package versions prior to 4.0.2-r1, update to version 4.0.2-r1 or later to resolve the issue. As a temporary workaround, consider restricting the use of TIFF files from untrusted sources until a patch is available.