CVE-2005-2452 Information

Description

libtiff up to 3.7.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image header with a zero \YCbCr subsampling\ value which causes a divide-by-zero error in (1) tif_strip.c and (2) tif_tile.c a different vulnerability than CVE-2004-0804.

Reference

http://secunia.com/advisories/16266 http://secunia.com/advisories/16486 http://www.mandriva.com/security/advisories?name=MDKSA-2005:142 http://www.mandriva.com/security/advisories?name=MDKSA-2005:143 http://www.mandriva.com/security/advisories?name=MDKSA-2005:144 http://www.securityfocus.com/bid/14417 https://bugzilla.ubuntu.com/show_bug.cgi?id=12008 https://usn.ubuntu.com/156-1/