CVE-2010-1411

Name of the Vulnerable Software and Affected Versions libtiff-devel-3.5.7 tiff versions prior to 4.0.2-r1 libtiff4 (affected versions not specified) libtiff4-dev (affected versions not specified) libtiff-opengl (affected versions not specified) libtiff-doc (affected versions not specified) libtiffxx0c2 (affected versions not specified) libtiff-tools (affected versions not specified)

Description The issue involves multiple vulnerabilities in the libtiff package, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The Fax3SetupState function in tif fax3.c in the FAX3 decoder in LibTIFF is affected by multiple integer overflows, allowing remote attackers to execute arbitrary code or cause a denial of service via a crafted TIFF file.

Recommendations For libtiff-devel-3.5.7, update to a version that contains a fix for this issue. For tiff versions prior to 4.0.2-r1, update to version 4.0.2-r1 or later. For libtiff4, libtiff4-dev, libtiff-opengl, libtiff-doc, libtiffxx0c2, and libtiff-tools, at the moment, there is no information about a newer version that contains a fix for this vulnerability.