You are here

CVE-2010-2482

Vincent (CVE) Danen's picture
LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443.

Details Source

Mitre

Statement

Not vulnerable. This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 3, 4, or 5.

Public Date

2010-06-15 00:00:00

Impact

Low

Bugzilla

CVE-2010-2443 CVE-2010-2482 libtiff: OJPEGReadBufferFill NULL deref crash

Bugzilla ID

608 010

CVSS Status

draft

Base Score

4.30

Base Metrics

AV:N/AC:M/Au:N/C:N/I:N/A:P