CVE-2010-2597

Priority
Description
The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes
incorrect calls to the TIFFGetField function, which allows remote attackers
to cause a denial of service (application crash) via a crafted TIFF image,
related to "downsampled OJPEG input" and possibly related to a compiler
optimization that triggers a divide-by-zero error.
Notes
Package
Source: tiff (LP Ubuntu Debian)
Upstream:needs-triage
Patches:
Upstream:r1.19.2.3
More Information

Updated: 2020-03-18 22:03:32 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)