Launchpad.net

CVE 2010-2598

LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPEG input."

Related bugs and status

CVE-2010-2598 (Candidate) is related to these bugs:

Bug #591605: eog crashed with SIGSEGV in TIFFRGBAImageGet()

		In	Importance	Status
591605	eog crashed with SIGSEGV in TIFFRGBAImageGet()	tiff (Ubuntu)	Medium	Fix Released
591605	eog crashed with SIGSEGV in TIFFRGBAImageGet()	tiff (Ubuntu Lucid)	Medium	Fix Released
591605	eog crashed with SIGSEGV in TIFFRGBAImageGet()	tiff (Ubuntu Maverick)	Medium	Fix Released
591605	eog crashed with SIGSEGV in TIFFRGBAImageGet()	LibTIFF	Medium	Fix Released
591605	eog crashed with SIGSEGV in TIFFRGBAImageGet()	tiff (Debian)	Unknown	Fix Released

Bug #593067: eog crashed with SIGSEGV in __memset_sse2()

Summary				In	Importance	Status
	593067	eog crashed with SIGSEGV in __memset_sse2()		tiff (Ubuntu)	Medium	Fix Released

Bug #597246: eog crashed with SIGSEGV in TIFFVGetField()

Summary				In	Importance	Status
	597246	eog crashed with SIGSEGV in TIFFVGetField()		tiff (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugzilla.redha...
REDHAT: RHSA-2010:0520
VUPEN: ADV-2010-1761
SECUNIA: 40536