Bug 608010 (CVE-2010-2443, CVE-2010-2482)

Summary: CVE-2010-2443 CVE-2010-2482 libtiff: OJPEGReadBufferFill NULL deref crash
Product: [Other] Security Response Reporter: Tomas Hoger <thoger>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: tgl
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-06-25 12:09:03 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Tomas Hoger 2010-06-25 12:04:14 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-2443 to the following vulnerability:

Unspecified vulnerability in LibTIFF before 3.9.3 allows remote
attackers to cause a denial of service (application crash) via an
OJPEG image with undefined strip offsets.


Comment 1 Tomas Hoger 2010-06-25 12:09:03 UTC
This CVE refers to following entry in the upstream changelog:

  OJPEG: Report an error and avoid a crash if the input file is so broken
  that the strip offsets are not defined.

This problem is already tracked as bug #603024.  We are not handling this as security flaw, this NULL pointer dereference flaw with impact limited to application crash.


Not vulnerable. This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 3, 4, or 5.

Comment 2 Tomas Hoger 2010-07-01 08:27:13 UTC
CVE-2010-2482 was assigned to the related td_stripbytecount NULL deref issue.  Comment #1 apply to that issue as well.  Issue is not yet fixed upstream in 3.9.4.


Comment 3 Tomas Hoger 2010-07-06 19:39:39 UTC
These issues are addressed in libtiff-3.9.4-1 packages.