Common Vulnerabilities and Exposures assigned an identifier CVE-2010-3087 to the following vulnerability: Name: CVE-2010-3087 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3087 Assigned: 20100820 Reference: CONFIRM: http://support.novell.com/security/cve/CVE-2010-3087.html Reference: CONFIRM: https://bugzilla.novell.com/show_bug.cgi?id=624215 Reference: SUSE:SUSE-SR:2010:017 Reference: URL: http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF image. The upstream bug report is here: http://bugzilla.maptools.org/show_bug.cgi?id=2228
I concur with Josh Bressers' comment in the upstream bug report that this is the same problem reported in upstream report 2140. Which may mean that there's already a CVE for it ... weren't there CVEs for all the issues we fixed back in January?
This is fixed in our RHEL6 and Fedora packages via the libtiff-scanlinesize.patch patch from upstream bug 2140.