CVE-2010-2233

Published: 2 July 2010

tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to "downsampled OJPEG input."

Priority

Status

Package	Release	Status
tiff Launchpad, Ubuntu, Debian	dapper	Not vulnerable
	hardy	Not vulnerable
	jaunty	Not vulnerable
	karmic	Not vulnerable
	lucid	Released (3.9.2-2ubuntu0.3)
	upstream	Released (3.9.3)

References

https://ubuntu.com/security/notices/USN-954-1
https://www.cve.org/CVERecord?id=CVE-2010-2233
NVD
Launchpad
Debian

Bugs

http://bugzilla.maptools.org/show_bug.cgi?id=2207

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›