CVE-2010-3087

Publication date 28 September 2010

Last updated 24 July 2024

Ubuntu priority

LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF image.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
tiff	10.10 maverick	Fixed 3.9.4-2ubuntu0.1
	10.04 LTS lucid	Fixed 3.9.2-2ubuntu0.4
	9.10 karmic	Not affected
	9.04 jaunty	Ignored
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

this is patch libtiff-scanlinesize.patch in natty upstream bug says 3.8.x is not affected, and I couldn't reproduce on karmic and earlier.

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1085-1
tiff vulnerabilities
7 March 2011

Other references

http://support.novell.com/security/cve/CVE-2010-3087.html
https://www.cve.org/CVERecord?id=CVE-2010-3087