CVE-2010-2597

The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes
incorrect calls to the TIFFGetField function, which allows remote attackers
to cause a denial of service (application crash) via a crafted TIFF image,
related to “downsampled OJPEG input” and possibly related to a compiler
optimization that triggers a divide-by-zero error.

Bugs

• <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2597&gt;
• <https://bugzilla.redhat.com/show_bug.cgi?id=603703&gt;
• <https://bugs.launchpad.net/bugs/593067&gt;
• <http://bugzilla.maptools.org/show_bug.cgi?id=2215&gt;