CVE-2010-2596

NameCVE-2010-2596
DescriptionThe OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2, as used in tiff2ps, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF image, related to "downsampled OJPEG input."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-610-1
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
tiff (PTS)wheezy4.0.2-6+deb7u5vulnerable
wheezy (security)4.0.2-6+deb7u16vulnerable
jessie (security), jessie4.0.3-12.3+deb8u4vulnerable
stretch (security), stretch4.0.8-2+deb9u1fixed
buster, sid4.0.8-5fixed
tiff3 (PTS)wheezy3.9.6-11vulnerable
wheezy (security)3.9.6-11+deb7u8fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
tiffsource(unstable)4.0.6-1unimportant
tiff3source(unstable)(unfixed)unimportant
tiff3sourcewheezy3.9.6-11+deb7u1mediumDLA-610-1

Notes

fixed by http://bugzilla.maptools.org/show_bug.cgi?id=2209
according to upstream http://bugzilla.maptools.org/show_bug.cgi?id=2209#c6
unreproducible in VCS. Confirmed for version 4.0.6 in Stretch by verifying
that the reproducer does not trigger the crash anymore.
Tom Lane's patch should be applied for tiff in Wheezy too.
Not confirmed which exact version should fix the issue.

Search for package or bug name: Reporting problems