CVE-2005-2452
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
03/08/2005
Last modified:
03/04/2025
Description
libtiff up to 3.7.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image header with a zero "YCbCr subsampling" value, which causes a divide-by-zero error in (1) tif_strip.c and (2) tif_tile.c, a different vulnerability than CVE-2004-0804.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/16266
- http://secunia.com/advisories/16486
- http://www.mandriva.com/security/advisories?name=MDKSA-2005%3A142
- http://www.mandriva.com/security/advisories?name=MDKSA-2005%3A143
- http://www.mandriva.com/security/advisories?name=MDKSA-2005%3A144
- http://www.securityfocus.com/bid/14417
- https://bugzilla.ubuntu.com/show_bug.cgi?id=12008
- https://usn.ubuntu.com/156-1/
- http://secunia.com/advisories/16266
- http://secunia.com/advisories/16486
- http://www.mandriva.com/security/advisories?name=MDKSA-2005%3A142
- http://www.mandriva.com/security/advisories?name=MDKSA-2005%3A143
- http://www.mandriva.com/security/advisories?name=MDKSA-2005%3A144
- http://www.securityfocus.com/bid/14417
- https://bugzilla.ubuntu.com/show_bug.cgi?id=12008
- https://usn.ubuntu.com/156-1/