CVE-2010-4665

libtiff < 3.9.5 - Integer Overflow in ReadDirectory Function

Title source: llm
STIX 2.1

Description

Integer overflow in the ReadDirectory function in tiffdump.c in tiffdump in LibTIFF before 3.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF file containing a directory data structure with many directory entries.

References (12)

Core 12
Core References
Patch mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2011/04/12/10
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/44271
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2012/dsa-2552
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201209-02.xml
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058478.html
Various Sources vendor-advisory x_refsource_ubuntu
http://ubuntu.com/usn/usn-1416-1
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/47338
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/50726

Scores

EPSS 0.0231
EPSS Percentile 85.0%

Details

CWE
CWE-189
Status published
Products (25)
libtiff/libtiff 3.4 (11 CPE variants)
libtiff/libtiff 3.5.1
libtiff/libtiff 3.5.2
libtiff/libtiff 3.5.3
libtiff/libtiff 3.5.4
libtiff/libtiff 3.5.5
libtiff/libtiff 3.5.6 (2 CPE variants)
libtiff/libtiff 3.5.7 (6 CPE variants)
libtiff/libtiff 3.6.0 (3 CPE variants)
libtiff/libtiff 3.6.1
... and 15 more
Published May 03, 2011
Tracked Since Feb 18, 2026