CVE-2010-2233 — Improper Input Validation in Tiff

CWE-20 — Improper Input Validation CWE-681 — Incorrect Conversion between Numeric Types CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources

Severity

7.5HIGHNVD

EPSS

2.4%

top 15.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Tiff Libtiff

Timeline

PublishedJul 2

Latest updateMay 17

Description

tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to "downsampled OJPEG input."

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDlibtiff/libtiff3.9.0, 3.9.2+1

▶debiandebian/tiff< tiff 3.9.4-2 (bookworm)

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-hxrv-xxfr-vpw3: tif_getimage↗2022-05-17

▶

OSV

CVE-2010-2233: tif_getimage↗2010-07-02

▶

📋Vendor Advisories

Red Hat

libtiff: incorrect type extension for negative toskew values on 64bit platforms↗2010-06-10

▶

Debian

CVE-2010-2233: tiff - tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageM...↗2010

▶

💬Community

Bugzilla

CVE-2010-2233 libtiff: incorrect type extension for negative toskew values on 64bit platforms↗2010-06-23

▶