Red Hat Bugzilla – Bug 611886
CVE-2010-2630 libtiff: crash on out-of-order codec-specific tags
Last modified: 2015-07-31 08:04:57 EDT
The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly
validate the data types of codec-specific tags that have an
out-of-order position in a TIFF file, which allows remote attackers to
cause a denial of service (application crash) via a crafted file, a
different vulnerability than CVE-2010-2481.
This particular symptom of unknown / out-of-order tag handling issues did not affect current libtiff packages in Red Hat Enterprise Linux 3, 4 and 5 due to previously applied patch (libtiff-*-ormandy.patch). Future libtiff updates will improve that patch to use approach from patch submitted in the upstream bug report #2210. The fix is already included in Fedora 3.9.4-1 packages.
Not vulnerable. This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 3, 4, or 5.