CVE-2010-2596

Name of the Vulnerable Software and Affected Versions LibTIFF versions 3.9.0 through 3.9.4 tiff versions prior to 4.0.2-r1

Description The issue concerns multiple vulnerabilities in the LibTIFF package, which can lead to disruptions in confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The OJPEGPostDecode function in tif ojpeg.c is specifically mentioned as allowing remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPEG input."

Recommendations For LibTIFF versions 3.9.0 through 3.9.4, update to a version later than 3.9.4 to resolve the issue. For tiff versions prior to 4.0.2-r1, update to version 4.0.2-r1 or later to resolve the issue. As a temporary workaround, consider restricting access to TIFF images from untrusted sources until a patch is available.