CVE-2010-1411

Mac OS X 10.5.8 and 10.6 < 10.6.4 - Remote Code Execution via Crafted TIFF File

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-1411. PoCs published by MAVProxyUser.

AI-analyzed exploit summary This repository contains a functional fuzzer written in Ruby that targets CVE-2010-1411 by generating malformed HTTP requests with fuzzed image data. The tool is based on the 'Babysitting an Army of Monkeys' fuzzing paper and is designed to trigger vulnerabilities in HTTP servers or clients processing image files.

Description

Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file that triggers a heap-based buffer overflow.

Exploits (1)

nomisec WORKING POC

by MAVProxyUser · poc

https://github.com/MAVProxyUser/httpfuzz-robomiller

View Code ZIP pw:eip

This repository contains a functional fuzzer written in Ruby that targets CVE-2010-1411 by generating malformed HTTP requests with fuzzed image data. The tool is based on the 'Babysitting an Army of Monkeys' fuzzing paper and is designed to trigger vulnerabilities in HTTP servers or clients processing image files.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Theoretical

Target: HTTP servers/clients processing image files (specific software not explicitly mentioned)

No auth needed

Prerequisites: Ruby environment · Target HTTP server/client processing image files

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (32)

Core 32

Core References

Vendor Advisory vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html

Vendor Advisory x_refsource_confirm

http://support.apple.com/kb/HT4220

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043835.html

Various Sources x_refsource_confirm

http://www.remotesensing.org/libtiff/v3.9.3.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/40181

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/1481

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/1731

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/40527

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/40823

Mailing List mailing-list x_refsource_mlist

http://marc.info/?l=oss-security&m=127731610612908&w=2

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/1435

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/1638

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1024103

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/40196

Vendor Advisory vendor-advisory x_refsource_slackware

http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.596424

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-954-1

Patch, Vendor Advisory x_refsource_confirm

http://support.apple.com/kb/HT4188

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/1761

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/40220

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-201209-02.xml

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2010-0520.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/40536

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/1512

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043769.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2010-0519.html

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

Issue Tracking x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=592361

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/40478

Vendor Advisory x_refsource_confirm

http://support.apple.com/kb/HT4196

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/40381

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/50726

Scores

EPSS 0.0075

EPSS Percentile 73.2%

Details

CWE

CWE-189

Status published

Products (10)

apple/mac_os_x 10.5.8

apple/mac_os_x 10.6.0

apple/mac_os_x 10.6.1

apple/mac_os_x 10.6.2

apple/mac_os_x 10.6.3

apple/mac_os_x_server 10.5.8

apple/mac_os_x_server 10.6.0

apple/mac_os_x_server 10.6.1

apple/mac_os_x_server 10.6.2

apple/mac_os_x_server 10.6.3

Published Jun 17, 2010

Tracked Since Feb 18, 2026