CVE-2010-2595

Publication date 2 July 2010

Last updated 24 July 2024


Ubuntu priority

The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to "downsampled OJPEG input."

Status

Package Ubuntu Release Status
tiff 10.10 maverick
Fixed 3.9.4-2ubuntu0.1
10.04 LTS lucid
Fixed 3.9.2-2ubuntu0.4
9.10 karmic
Fixed 3.8.2-13ubuntu0.4
9.04 jaunty Ignored end of life
8.04 LTS hardy
Fixed 3.8.2-7ubuntu3.7
6.06 LTS dapper
Fixed 3.7.4-1ubuntu3.9

References

Related Ubuntu Security Notices (USN)

Other references