CVE-2010-2595

Published: 02 July 2010

The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to "downsampled OJPEG input."

Priority

Low

Status

Package Release Status
tiff
Launchpad, Ubuntu, Debian
Upstream Needs triage

Patches:
upstream: libtiff/tif_color.c r1.12.2.2