CVE-2010-2596
Publication date 2 July 2010
Last updated 24 July 2024
Ubuntu priority
The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2, as used in tiff2ps, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF image, related to "downsampled OJPEG input."
Status
Package | Ubuntu Release | Status |
---|---|---|
tiff | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty |
Not affected
|
|
Notes
mdeslaur
RedHat claims this is fixed by RHSA-2014-0222, no specific patch though, so one of the patches for other CVEs must have fixed it at the same time. cannot reproduce on quantal+ also check for missing parts of CVE-2014-8127 and CVE-2014-8128 this will not be fixed in precise/esm