CVE-2010-2596

NameCVE-2010-2596
DescriptionThe OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2, as used in tiff2ps, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF image, related to "downsampled OJPEG input."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-610-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
tiff (PTS)jessie, jessie (lts)4.0.3-12.3+deb8u17vulnerable
stretch (security)4.0.8-2+deb9u8fixed
stretch (lts), stretch4.0.8-2+deb9u12fixed
buster (security), buster, buster (lts)4.1.0+git191117-2~deb10u9fixed
bullseye (security), bullseye4.2.0-1+deb11u5fixed
bookworm (security), bookworm4.5.0-6+deb12u1fixed
sid, trixie4.5.1+git230720-5fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
tiffsource(unstable)4.0.6-1unimportant
tiff3sourcewheezy3.9.6-11+deb7u1DLA-610-1
tiff3source(unstable)(unfixed)unimportant

Notes

fixed by http://bugzilla.maptools.org/show_bug.cgi?id=2209
according to upstream http://bugzilla.maptools.org/show_bug.cgi?id=2209#c6
unreproducible in VCS. Confirmed for version 4.0.6 in Stretch by verifying
that the reproducer does not trigger the crash anymore.
Tom Lane's patch should be applied for tiff in Wheezy too.
Not confirmed which exact version should fix the issue.

Search for package or bug name: Reporting problems