CVE-2010-2443
published 2010-06-24CVE-2010-2443: The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference and…
PriorityP420medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
3.19%
86.5th percentile
The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an OJPEG image with undefined strip offsets, related to the TIFFVGetField function.
Affected
26 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tiff | < tiff 3.9.4-1 (bookworm) | tiff 3.9.4-1 (bookworm) |
| libtiff | libtiff | <= 3.9.2 | — |
| libtiff | libtiff | <= 3.9.4 | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
libtiff: OJPEGReadBufferFill NULL deref crash
vendor_redhat·2010-06-15·CVSS 5.0
CVE-2010-2482 [MEDIUM] CWE-476 libtiff: OJPEGReadBufferFill NULL deref crash
libtiff: OJPEGReadBufferFill NULL deref crash
LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443.
Statement: Not vulnerable. This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Red Hat
libtiff: OJPEGReadBufferFill NULL deref crash
vendor_redhat·2010-06-15·CVSS 5.0
CVE-2010-2443 [MEDIUM] CWE-476 libtiff: OJPEGReadBufferFill NULL deref crash
libtiff: OJPEGReadBufferFill NULL deref crash
The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an OJPEG image with undefined strip offsets, related to the TIFFVGetField function.
Statement: Not vulnerable. This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Debian
CVE-2010-2443: tiff - The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9.3 allows r...
vendor_debian·2010·CVSS 5.0
CVE-2010-2443 [MEDIUM] CVE-2010-2443: tiff - The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9.3 allows r...
The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an OJPEG image with undefined strip offsets, related to the TIFFVGetField function.
Scope: local
bookworm: resolved (fixed in 3.9.4-1)
bullseye: resolved (fixed in 3.9.4-1)
forky: resolved (fixed in 3.9.4-1)
sid: resolved (fixed in 3.9.4-1)
trixie: resolved (fixed in 3.9.4-1)
Debian
CVE-2010-2482: tiff - LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount ...
vendor_debian·2010·CVSS 5.0
CVE-2010-2482 [MEDIUM] CVE-2010-2482: tiff - LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount ...
LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443.
Scope: local
bookworm: resolved (fixed in 3.9.4-1)
bullseye: resolved (fixed in 3.9.4-1)
forky: resolved (fixed in 3.9.4-1)
sid: resolved (fixed in 3.9.4-1)
trixie: resolved (fixed in 3.9.4-1)
GHSA
GHSA-mr66-pfm6-xmq6: LibTIFF 3
ghsa_unreviewed·2022-05-17·CVSS 5.0
CVE-2010-2482 [MEDIUM] GHSA-mr66-pfm6-xmq6: LibTIFF 3
LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443.
GHSA
GHSA-mm62-chgv-w7jc: The OJPEGReadBufferFill function in tif_ojpeg
ghsa_unreviewed·2022-05-17
CVE-2010-2443 [MEDIUM] GHSA-mm62-chgv-w7jc: The OJPEGReadBufferFill function in tif_ojpeg
The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an OJPEG image with undefined strip offsets, related to the TIFFVGetField function.
OSV
CVE-2010-2482: LibTIFF 3
osv·2010-07-06·CVSS 5.0
CVE-2010-2482 [MEDIUM] CVE-2010-2482: LibTIFF 3
LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443.
OSV
CVE-2010-2443: The OJPEGReadBufferFill function in tif_ojpeg
osv·2010-06-24·CVSS 5.0
CVE-2010-2443 [MEDIUM] CVE-2010-2443: The OJPEGReadBufferFill function in tif_ojpeg
The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an OJPEG image with undefined strip offsets, related to the TIFFVGetField function.
No detection rules found.
No public exploits indexed.
http://blogs.sun.com/security/entry/cve_2010_2065_cve_2010http://marc.info/?l=oss-security&m=127736307002102&w=2http://marc.info/?l=oss-security&m=127781315415896&w=2http://secunia.com/advisories/50726http://security.gentoo.org/glsa/glsa-201209-02.xmlhttp://www.remotesensing.org/libtiff/v3.9.3.htmlhttp://www.vupen.com/english/advisories/2011/0204https://bugs.launchpad.net/ubuntu/lucid/+source/tiff/+bug/589145http://blogs.sun.com/security/entry/cve_2010_2065_cve_2010http://marc.info/?l=oss-security&m=127736307002102&w=2http://marc.info/?l=oss-security&m=127781315415896&w=2http://secunia.com/advisories/50726http://security.gentoo.org/glsa/glsa-201209-02.xmlhttp://www.remotesensing.org/libtiff/v3.9.3.htmlhttp://www.vupen.com/english/advisories/2011/0204https://bugs.launchpad.net/ubuntu/lucid/+source/tiff/+bug/589145
2010-06-24
Published