Bug 608010 (CVE-2010-2443, CVE-2010-2482) - CVE-2010-2443 CVE-2010-2482 libtiff: OJPEGReadBufferFill NULL deref crash
Summary: CVE-2010-2443 CVE-2010-2482 libtiff: OJPEGReadBufferFill NULL deref crash
Alias: CVE-2010-2443, CVE-2010-2482
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Whiteboard: impact=low,source=cert,reported=20100...
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2010-06-25 12:04 UTC by Tomas Hoger
Modified: 2019-06-08 13:02 UTC (History)
1 user (show)

Clone Of:
Last Closed: 2010-06-25 12:09:03 UTC

Attachments (Terms of Use)

Description Tomas Hoger 2010-06-25 12:04:14 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-2443 to the following vulnerability:

Unspecified vulnerability in LibTIFF before 3.9.3 allows remote
attackers to cause a denial of service (application crash) via an
OJPEG image with undefined strip offsets.


Comment 1 Tomas Hoger 2010-06-25 12:09:03 UTC
This CVE refers to following entry in the upstream changelog:

  OJPEG: Report an error and avoid a crash if the input file is so broken
  that the strip offsets are not defined.

This problem is already tracked as bug #603024.  We are not handling this as security flaw, this NULL pointer dereference flaw with impact limited to application crash.


Not vulnerable. This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 3, 4, or 5.

Comment 2 Tomas Hoger 2010-07-01 08:27:13 UTC
CVE-2010-2482 was assigned to the related td_stripbytecount NULL deref issue.  Comment #1 apply to that issue as well.  Issue is not yet fixed upstream in 3.9.4.


Comment 3 Tomas Hoger 2010-07-06 19:39:39 UTC
These issues are addressed in libtiff-3.9.4-1 packages.

Note You need to log in before you can comment on or make changes to this bug.