CVE-2010-2482

Publication date 6 July 2010

Last updated 24 July 2024

LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
tiff	10.10 maverick	Fixed 3.9.4-2ubuntu0.1
	10.04 LTS lucid	Fixed 3.9.2-2ubuntu0.4
	9.10 karmic	Not affected
	9.04 jaunty	Ignored
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

does not reproduce on karmic and older, and code is different

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1085-1
tiff vulnerabilities
7 March 2011

Other references

https://www.cve.org/CVERecord?id=CVE-2010-2482