Bug 610759 (CVE-2010-2596)

Summary: CVE-2010-2596 libtiff: assertion failure on downsampled OJPEG file
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: erik-fedora, hhorak, ploujj
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: public=20100416,reported=20100701,source=cve,impact=low,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,rhel-3/libtiff=notaffected,rhel-4/libtiff=notaffected,rhel-5/libtiff=notaffected,rhel-6/libtiff=affected,fedora-all/libtiff=affected,fedora-all/mingw32-libtiff=affected
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-02-27 14:35:37 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 583081, 1063464, 1063465    
Bug Blocks: 994449    

Description Jan Lieskovsky 2010-07-02 07:56:11 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-2596 to
the following vulnerability:

The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and
3.9.2, as used in tiff2ps, allows remote attackers to cause a denial
of service (assertion failure and application exit) via a crafted TIFF
image, related to "downsampled OJPEG input."

References:
  [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2596
  [2] http://bugzilla.maptools.org/show_bug.cgi?id=2209
  [3] https://bugzilla.redhat.com/show_bug.cgi?id=583081
Comment 1 Jan Lieskovsky 2010-07-02 07:58:21 EDT
This issue did NOT affect the versions of the libtiff package,
as shipped with Red Hat Enterprise Linux 3, 4, or 5.

--

This issue affects the versions of the libtiff package,
as shipped with Fedora releases of 12 and 13.

This issue affects the versions of the mingw32-libtiff package,
as shipped with Fedora releases of 12 and 13.
Comment 3 Tom Lane 2010-07-02 09:50:17 EDT
Note that we still are vulnerable to this in Fedora and RHEL6 --- I didn't try to fix this bug since it's not clear what the code should do instead.
Comment 7 errata-xmlrpc 2014-02-27 13:35:21 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2014:0222 https://rhn.redhat.com/errata/RHSA-2014-0222.html
Comment 8 Vincent Danen 2014-02-27 14:35:37 EST
Statement:

Not vulnerable. This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 3, 4, or 5.