CVE-2010-2483

Name of the Vulnerable Software and Affected Versions LibTIFF version 3.9.0 tiff versions prior to 4.0.2-r1

Description The issue allows remote attackers to cause a denial of service, potentially leading to an out-of-bounds read and application crash, via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values. Multiple vulnerabilities in the tiff package may lead to breaches of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations For LibTIFF version 3.9.0, update to a version newer than 3.9.0 to resolve the issue. For tiff versions prior to 4.0.2-r1, update to version 4.0.2-r1 or newer to mitigate the risk. As a temporary workaround, consider restricting the use of the TIFFRGBAImageGet function until a patch is available.