Launchpad.net

CVE 2010-2597

The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image, related to "downsampled OJPEG input" and possibly related to a compiler optimization that triggers a divide-by-zero error.

Related bugs and status

CVE-2010-2597 (Candidate) is related to these bugs:

Bug #591605: eog crashed with SIGSEGV in TIFFRGBAImageGet()

		In	Importance	Status
591605	eog crashed with SIGSEGV in TIFFRGBAImageGet()	tiff (Ubuntu)	Medium	Fix Released
591605	eog crashed with SIGSEGV in TIFFRGBAImageGet()	tiff (Ubuntu Lucid)	Medium	Fix Released
591605	eog crashed with SIGSEGV in TIFFRGBAImageGet()	tiff (Ubuntu Maverick)	Medium	Fix Released
591605	eog crashed with SIGSEGV in TIFFRGBAImageGet()	LibTIFF	Medium	Fix Released
591605	eog crashed with SIGSEGV in TIFFRGBAImageGet()	tiff (Debian)	Unknown	Fix Released

Bug #593067: eog crashed with SIGSEGV in __memset_sse2()

Summary				In	Importance	Status
	593067	eog crashed with SIGSEGV in __memset_sse2()		tiff (Ubuntu)	Medium	Fix Released

Bug #597246: eog crashed with SIGSEGV in TIFFVGetField()

Summary				In	Importance	Status
	597246	eog crashed with SIGSEGV in TIFFVGetField()		tiff (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://bugzilla.maptoo...
CONFIRM: https://bugs.launchpad...
CONFIRM: https://bugzilla.redha...
CONFIRM: https://bugzilla.redha...
SECUNIA: 40422
REDHAT: RHSA-2010:0519
SECUNIA: 40527
VUPEN: ADV-2010-1761
DEBIAN: DSA-2552
GENTOO: GLSA-201209-02
SECUNIA: 50726