CVE-2010-2597

Sažetak

The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image, related to "downsampled OJPEG input" and possibly related to a compiler optimization that triggers a divide-by-zero error.

Reference

http://bugzilla.maptools.org/show_bug.cgi?id=2215
http://secunia.com/advisories/40422
http://secunia.com/advisories/40527
http://secunia.com/advisories/50726
http://security.gentoo.org/glsa/glsa-201209-02.xml
http://www.debian.org/security/2012/dsa-2552
http://www.redhat.com/support/errata/RHSA-2010-0519.html
http://www.vupen.com/english/advisories/2010/1761
https://bugs.launchpad.net/bugs/593067
https://bugzilla.redhat.com/show_bug.cgi?id=583081
https://bugzilla.redhat.com/show_bug.cgi?id=603703

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:N/A:P

Zadnje važnije ažuriranje

15-05-2013 - 03:10

Objavljeno

02-07-2010 - 12:43