Upstream information
Description
The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an OJPEG image with undefined strip offsets, related to the TIFFVGetField function.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 5 |
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Partial |
Note from the SUSE Security Team
This issue only affected the libtiff 3.9 series before 3.9.3. It does not affect SUSE Linux Enterprise 11 or older, as they have older libtiff versions. SUSE Bugzilla entry: 612879 [RESOLVED / FIXED] No SUSE Security Announcements cross referenced.SUSE Timeline for this CVE
CVE page created: Tue Jul 9 17:21:06 2013CVE page last modified: Fri Oct 7 12:45:56 2022