CVE-2005-2452

medium

Description

libtiff up to 3.7.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image header with a zero "YCbCr subsampling" value, which causes a divide-by-zero error in (1) tif_strip.c and (2) tif_tile.c, a different vulnerability than CVE-2004-0804.

References

https://usn.ubuntu.com/156-1/

https://bugzilla.ubuntu.com/show_bug.cgi?id=12008

http://www.securityfocus.com/bid/14417

http://www.mandriva.com/security/advisories?name=MDKSA-2005:144

http://www.mandriva.com/security/advisories?name=MDKSA-2005:143

http://www.mandriva.com/security/advisories?name=MDKSA-2005:142

http://secunia.com/advisories/16486

http://secunia.com/advisories/16266

Details

Source: Mitre, NVD

Published: 2005-08-03

Updated: 2018-10-03

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Severity: Medium