CVE-2010-2597

Name of the Vulnerable Software and Affected Versions LibTIFF versions prior to 4.0.2

Description The issue is related to multiple vulnerabilities in the tiff package, which can lead to breaches of confidentiality, integrity, and availability of protected information. Exploitation can be done remotely. Specifically, the TIFFVStripSize function in tif strip.c makes incorrect calls to the TIFFGetField function, allowing remote attackers to cause a denial of service via a crafted TIFF image, possibly related to "downsampled OJPEG input" and a compiler optimization that triggers a divide-by-zero error.

Recommendations For versions prior to 4.0.2, update to version 4.0.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the TIFFVStripSize function in tif strip.c until a patch is available. Avoid using the TIFFGetField function with untrusted input in the affected API endpoints until the issue is resolved.