Candidate: CVE-2010-2481
PublicDate: 2010-07-06 17:17:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2481
Description:
 The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle
 unknown tag types in TIFF directory entries, which allows remote attackers
 to cause a denial of service (out-of-bounds read and application crash) via
 a crafted TIFF file.
Ubuntu-Description:
Notes:
 mdeslaur> see CVE-2010-2630 for second commit to fix regression
 mdeslaur> in lucid, this is the fix-unknown-tags.patch patch
Bugs:
 http://bugzilla.maptools.org/show_bug.cgi?id=2210
 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2481
Priority: low
Discovered-by: Dan Rosenberg
Assigned-to:
CVSS: 

Patches_tiff:
 upstream: r1.92.2.9
upstream_tiff: released (3.9.4)
dapper_tiff: released (3.7.4-1ubuntu3.8)
hardy_tiff: released (3.8.2-7ubuntu3.6)
jaunty_tiff: ignored (reached end-of-life)
karmic_tiff: released (3.8.2-13ubuntu0.3)
lucid_tiff: released (3.9.2-2ubuntu0.3)
maverick_tiff: not-affected (3.9.4-1)
devel_tiff: not-affected (3.9.4-1)