CVE-2010-2630

Name of the Vulnerable Software and Affected Versions LibTIFF versions 3.9.0 through 4.0.1 tiff package versions prior to 4.0.2-r1

Description The issue is related to the improper validation of data types of codec-specific tags in TIFF files, which can lead to a denial of service (application crash) when a crafted file is processed. Additionally, there are multiple vulnerabilities in the tiff package that can compromise the confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely.

Recommendations For LibTIFF versions 3.9.0 through 4.0.1, update to version 4.0.2 or later. For tiff package versions prior to 4.0.2-r1, update to version 4.0.2-r1 or later. As a temporary workaround, consider restricting access to TIFF files from untrusted sources until a patch is available.