CVE-2010-2595 Information

Feb 14, 2021 cve

Description

The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2 as used in ImageMagick does not properly handle invalid ReferenceBlackWhite values which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error related to \downsampled OJPEG input.\

Reference

http://blackberry.com/btsc/KB27244 http://bugzilla.maptools.org/show_bug.cgi?id=2208 http://marc.info/?l=oss-security&m=127731610612908&w=2 http://secunia.com/advisories/40422 http://secunia.com/advisories/40527 http://secunia.com/advisories/50726 http://security.gentoo.org/glsa/glsa-201209-02.xml http://www.debian.org/security/2012/dsa-2552 http://www.redhat.com/support/errata/RHSA-2010-0519.html http://www.vupen.com/english/advisories/2010/1761 https://bugzilla.redhat.com/show_bug.cgi?id=583081

Share on: