1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
PublicDateAtUSN: 2010-07-02
Candidate: CVE-2010-2595
PublicDate: 2010-07-02
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2595
http://www.ubuntu.com/usn/usn-1085-1
Description:
The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in
ImageMagick, does not properly handle invalid ReferenceBlackWhite values,
which allows remote attackers to cause a denial of service (application
crash) via a crafted TIFF image that triggers an array index error, related
to "downsampled OJPEG input."
Ubuntu-Description:
Notes:
Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=583081
http://bugzilla.maptools.org/show_bug.cgi?id=2208
Priority: low
Discovered-by: Nicolae Ghimbovschi
Assigned-to:
Patches_tiff:
upstream: libtiff/tif_color.c r1.12.2.2
upstream_tiff: needs-triage
dapper_tiff: released (3.7.4-1ubuntu3.9)
hardy_tiff: released (3.8.2-7ubuntu3.7)
jaunty_tiff: ignored (reached end-of-life)
karmic_tiff: released (3.8.2-13ubuntu0.4)
lucid_tiff: released (3.9.2-2ubuntu0.4)
maverick_tiff: released (3.9.4-2ubuntu0.1)
devel_tiff: released (3.9.4-5ubuntu2)
|