1
PublicDateAtUSN: 2010-06-16
2
Candidate: CVE-2010-2067
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2067
6
https://usn.ubuntu.com/usn/usn-954-1
8
Stack-based buffer overflow in the TIFFFetchSubjectDistance function in
9
tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a
10
denial of service (application crash) or possibly execute arbitrary code
11
via a long EXIF SubjectDistance field in a TIFF file.
14
kees> only 3.9.x is vulnerable
17
Discovered-by: Dan Rosenberg
21
upstream_tiff: released (3.9.3)
22
dapper_tiff: not-affected
23
hardy_tiff: not-affected
24
jaunty_tiff: not-affected
25
karmic_tiff: not-affected
26
lucid_tiff: released (3.9.2-2ubuntu0.3)
27
devel_tiff: released (3.9.2-3ubuntu1)