CVE-2010-2443 — NULL Pointer Dereference in Libtiff

CWE-476 — NULL Pointer Dereference11 documents6 sources

Severity

5.0MEDIUMNVD

NVD4.3

EPSS

2.7%

top 14.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Tiff Libtiff

Timeline

PublishedJun 24

Latest updateMay 17

Description

The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an OJPEG image with undefined strip offsets, related to the TIFFVGetField function.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDlibtiff/libtiff3.9.2+24

▶debiandebian/tiff< tiff 3.9.4-1 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-mr66-pfm6-xmq6: LibTIFF 3↗2022-05-17

▶

GHSA

GHSA-mm62-chgv-w7jc: The OJPEGReadBufferFill function in tif_ojpeg↗2022-05-17

▶

OSV

CVE-2010-2482: LibTIFF 3↗2010-07-06

▶

OSV

CVE-2010-2443: The OJPEGReadBufferFill function in tif_ojpeg↗2010-06-24

▶

📋Vendor Advisories

Red Hat

libtiff: OJPEGReadBufferFill NULL deref crash↗2010-06-15

▶

Red Hat

libtiff: OJPEGReadBufferFill NULL deref crash↗2010-06-15

▶

Debian

CVE-2010-2443: tiff - The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9.3 allows r...↗2010

▶

Debian

CVE-2010-2482: tiff - LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount ...↗2010

▶

💬Community

Bugzilla

CVE-2010-2443 CVE-2010-2482 libtiff: OJPEGReadBufferFill NULL deref crash↗2010-06-25

▶