headers
Ware, Ryan R | 20 Jan 2011 19:30
Picon
Favicon

[MeeGo-SA-10:34.libtiff] Invalid ReferenceBlackWhite Values Allows DoS


=============================================================================
MeeGo-SA-10:34.libtiff                                      Security Advisory
                                                                MeeGo Project

Topic:          Invalid ReferenceBlackWhite Values Allows DoS

Category:       Graphics
Module:         libtiff
Announced:      October 9, 2010
Affects:        MeeGo 1.0
Corrected:      October 9, 2010
MeeGo BID:      6500
CVE:            CVE-2010-2595

For general information regarding MeeGo Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://www.MeeGo.com/>.

I.   Background

The libtiff package contains a library of functions for manipulating
TIFF (Tagged Image File Format) image format files.  TIFF is a widely
used file format for bitmapped images.  TIFF files usually end in the
.tif extension and they are often quite large.

II.  Problem Description

CVE-2010-2595: The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2,
as used in ImageMagick, does not properly handle invalid
(Continue reading)

Permalink | Reply |

Gmane