| Name | CVE-2010-2596 |
| Description | The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2, as used in tiff2ps, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF image, related to "downsampled OJPEG input." |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-610-1 |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| tiff (PTS) | bullseye (security), bullseye | 4.2.0-1+deb11u5 | fixed |
| bookworm, bookworm (security) | 4.5.0-6+deb12u1 | fixed |
| sid, trixie | 4.5.1+git230720-5 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| tiff | source | (unstable) | 4.0.6-1 | unimportant | | |
| tiff3 | source | wheezy | 3.9.6-11+deb7u1 | | DLA-610-1 | |
| tiff3 | source | (unstable) | (unfixed) | unimportant | | |
Notes
fixed by http://bugzilla.maptools.org/show_bug.cgi?id=2209
according to upstream http://bugzilla.maptools.org/show_bug.cgi?id=2209#c6
unreproducible in VCS. Confirmed for version 4.0.6 in Stretch by verifying
that the reproducer does not trigger the crash anymore.
Tom Lane's patch should be applied for tiff in Wheezy too.
Not confirmed which exact version should fix the issue.