CVE-2010-2481

Publication date 6 July 2010

Last updated 24 July 2024

The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
tiff	10.10 maverick	Not affected
	10.04 LTS lucid	Fixed 3.9.2-2ubuntu0.3
	9.10 karmic	Fixed 3.8.2-13ubuntu0.3
	9.04 jaunty	Ignored
	8.04 LTS hardy	Fixed 3.8.2-7ubuntu3.6
	6.06 LTS dapper	Fixed 3.7.4-1ubuntu3.8

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

see CVE-2010-2630 for second commit to fix regression in lucid, this is the fix-unknown-tags.patch patch

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2010-2481