Launchpad CVE tracker

CVE 2010-2482

LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443.

Related bugs and status

CVE-2010-2482 (Candidate) is related to these bugs:

Bug #591605: eog crashed with SIGSEGV in TIFFRGBAImageGet()

		In	Importance	Status
591605	eog crashed with SIGSEGV in TIFFRGBAImageGet()	tiff (Ubuntu)	Medium	Fix Released
591605	eog crashed with SIGSEGV in TIFFRGBAImageGet()	tiff (Ubuntu Lucid)	Medium	Fix Released
591605	eog crashed with SIGSEGV in TIFFRGBAImageGet()	tiff (Ubuntu Maverick)	Medium	Fix Released
591605	eog crashed with SIGSEGV in TIFFRGBAImageGet()	LibTIFF	Medium	Fix Released
591605	eog crashed with SIGSEGV in TIFFRGBAImageGet()	tiff (Debian)	Unknown	Fix Released

Bug #593067: eog crashed with SIGSEGV in __memset_sse2()

Summary				In	Importance	Status
	593067	eog crashed with SIGSEGV in __memset_sse2()		tiff (Ubuntu)	Medium	Fix Released

Bug #597246: eog crashed with SIGSEGV in TIFFVGetField()

Summary				In	Importance	Status
	597246	eog crashed with SIGSEGV in TIFFVGetField()		tiff (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2010-2482

References