Launchpad CVE tracker

CVE 2010-2595

The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to "downsampled OJPEG input."

Related bugs and status

CVE-2010-2595 (Candidate) is related to these bugs:

Bug #591605: eog crashed with SIGSEGV in TIFFRGBAImageGet()

		In	Importance	Status
591605	eog crashed with SIGSEGV in TIFFRGBAImageGet()	tiff (Ubuntu)	Medium	Fix Released
591605	eog crashed with SIGSEGV in TIFFRGBAImageGet()	tiff (Ubuntu Lucid)	Medium	Fix Released
591605	eog crashed with SIGSEGV in TIFFRGBAImageGet()	tiff (Ubuntu Maverick)	Medium	Fix Released
591605	eog crashed with SIGSEGV in TIFFRGBAImageGet()	LibTIFF	Medium	Fix Released
591605	eog crashed with SIGSEGV in TIFFRGBAImageGet()	tiff (Debian)	Unknown	Fix Released

Bug #593067: eog crashed with SIGSEGV in __memset_sse2()

Summary				In	Importance	Status
	593067	eog crashed with SIGSEGV in __memset_sse2()		tiff (Ubuntu)	Medium	Fix Released

Bug #597246: eog crashed with SIGSEGV in TIFFVGetField()

Summary				In	Importance	Status
	597246	eog crashed with SIGSEGV in TIFFVGetField()		tiff (Ubuntu)	Undecided	Fix Released

Bug #898825: freeimage: multiple vulnerabilities in embedded code copies

Summary				In	Importance	Status
	898825	freeimage: multiple vulnerabilities in embedded code copies		freeimage (Ubuntu)	Undecided	Fix Released

Bug #898845: New upstream release: FreeImage 3.15.1

Summary				In	Importance	Status
	898845	New upstream release: FreeImage 3.15.1		freeimage (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2010-2595

References