Upstream information
Description
LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 4.3 |
| Vector | AV:N/AC:M/Au:N/C:N/I:N/A:P |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Partial |
Note from the SUSE Security Team
This issue only affected the libtiff 3.9 series before 3.9.5. It does not affect SUSE Linux Enterprise 11 or older, as they have older libtiff versions. SUSE Bugzilla entry: 612879 [RESOLVED / FIXED] No SUSE Security Announcements cross referenced.SUSE Timeline for this CVE
CVE page created: Tue Jul 9 17:21:48 2013CVE page last modified: Mon Feb 13 11:29:03 2023