DescriptionThe OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an OJPEG image with undefined strip offsets, related to the TIFFVGetField function.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
Note from the SUSE Security TeamThis issue only affected the libtiff 3.9 series before 3.9.3. It does not affect SUSE Linux Enterprise 11 or older, as they have older libtiff versions. SUSE Bugzilla entry: 612879 [RESOLVED / FIXED] No SUSE Security Announcements cross referenced.
SUSE Timeline for this CVECVE page created: Tue Jul 9 17:21:06 2013
CVE page last modified: Fri Oct 7 12:45:56 2022