CVE-2010-2481
published 2010-07-06CVE-2010-2481: The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause…
PriorityP416medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
2.95%
85.5th percentile
The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tiff | < tiff 3.9.4-1 (bookworm) | tiff 3.9.4-1 (bookworm) |
| debian | tiff | < tiff 3.9.6-1 (bookworm) | tiff 3.9.6-1 (bookworm) |
| libtiff | libtiff | <= 3.9.3 | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
libtiff: TIFFExtractData out-of-bounds read crash
vendor_redhat·2010-06-23·CVSS 4.3
CVE-2010-2481 [MEDIUM] CWE-125 libtiff: TIFFExtractData out-of-bounds read crash
libtiff: TIFFExtractData out-of-bounds read crash
The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file.
Red Hat
libtiff: unknown tag handling assertion failure
vendor_redhat·2010-06-22·CVSS 4.3
CVE-2010-2631 [MEDIUM] libtiff: unknown tag handling assertion failure
libtiff: unknown tag handling assertion failure
LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during the second stage, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.
Statement: Not vulnerable. This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Red Hat
libtiff: crash on out-of-order codec-specific tags
vendor_redhat·2010-01-11·CVSS 4.3
CVE-2010-2630 [MEDIUM] libtiff: crash on out-of-order codec-specific tags
libtiff: crash on out-of-order codec-specific tags
The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.
Statement: Not vulnerable. This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Debian
CVE-2010-2481: tiff - The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unkno...
vendor_debian·2010·CVSS 4.3
CVE-2010-2481 [MEDIUM] CVE-2010-2481: tiff - The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unkno...
The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file.
Scope: local
bookworm: resolved (fixed in 3.9.4-1)
bullseye: resolved (fixed in 3.9.4-1)
forky: resolved (fixed in 3.9.4-1)
sid: resolved (fixed in 3.9.4-1)
trixie: resolved (fixed in 3.9.4-1)
Debian
CVE-2010-2630: tiff - The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the d...
vendor_debian·2010·CVSS 4.3
CVE-2010-2630 [MEDIUM] CVE-2010-2630: tiff - The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the d...
The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.
Scope: local
bookworm: resolved (fixed in 3.9.6-1)
bullseye: resolved (fixed in 3.9.6-1)
forky: resolved (fixed in 3.9.6-1)
sid: resolved (fixed in 3.9.6-1)
trixie: resolved (fixed in 3.9.6-1)
Debian
CVE-2010-2631: tiff - LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF ...
vendor_debian·2010·CVSS 4.3
CVE-2010-2631 [MEDIUM] CVE-2010-2631: tiff - LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF ...
LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during the second stage, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.
Scope: local
bookworm: resolved (fixed in 3.9.4-1)
bullseye: resolved (fixed in 3.9.4-1)
forky: resolved (fixed in 3.9.4-1)
sid: resolved (fixed in 3.9.4-1)
trixie: resolved (fixed in 3.9.4-1)
GHSA
GHSA-h44f-q2w8-95fm: The TIFFExtractData macro in LibTIFF before 3
ghsa_unreviewed·2022-05-17
CVE-2010-2481 [MEDIUM] CWE-119 GHSA-h44f-q2w8-95fm: The TIFFExtractData macro in LibTIFF before 3
The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file.
GHSA
GHSA-6qwx-wr4q-r588: LibTIFF 3
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2010-2631 [MEDIUM] CWE-20 GHSA-6qwx-wr4q-r588: LibTIFF 3
LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during the second stage, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.
GHSA
GHSA-r4v9-3hv9-pr4f: The TIFFReadDirectory function in LibTIFF 3
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2010-2630 [MEDIUM] CWE-20 GHSA-r4v9-3hv9-pr4f: The TIFFReadDirectory function in LibTIFF 3
The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.
OSV
CVE-2010-2630: The TIFFReadDirectory function in LibTIFF 3
osv·2010-07-06·CVSS 4.3
CVE-2010-2630 [MEDIUM] CVE-2010-2630: The TIFFReadDirectory function in LibTIFF 3
The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.
OSV
CVE-2010-2481: The TIFFExtractData macro in LibTIFF before 3
osv·2010-07-06·CVSS 4.3
CVE-2010-2481 [MEDIUM] CVE-2010-2481: The TIFFExtractData macro in LibTIFF before 3
The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file.
OSV
CVE-2010-2631: LibTIFF 3
osv·2010-07-06·CVSS 4.3
CVE-2010-2631 [MEDIUM] CVE-2010-2631: LibTIFF 3
LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during the second stage, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2010-2631 libtiff: unknown tag handling assertion failure
bugzilla·2010-07-06·CVSS 4.3
CVE-2010-2631 [MEDIUM] CVE-2010-2631 libtiff: unknown tag handling assertion failure
CVE-2010-2631 libtiff: unknown tag handling assertion failure
LibTIFF 3.9.0 ignores tags in certain situations during the first
stage of TIFF file processing and does not properly handle this during
the second stage, which allows remote attackers to cause a denial of
service (application crash) via a crafted file, a different
vulnerability than CVE-2010-2481.
References:
http://bugzilla.maptools.org/show_bug.cgi?id=2210
Discussion:
It seems this CVE was assigned based on the following comment in the upstream bug report:
http://bugzilla.maptools.org/show_bug.cgi?id=2210#c3
It was added in response to the Red Hat bug:
https://bugzilla.redhat.com/show_bug.cgi?id=603699
Upstream bug report #2210 contains patch to address issues related to handling of unknown tags, which could lead to var
Bugzilla
CVE-2010-2630 libtiff: crash on out-of-order codec-specific tags
bugzilla·2010-07-06·CVSS 4.3
CVE-2010-2630 [MEDIUM] CVE-2010-2630 libtiff: crash on out-of-order codec-specific tags
CVE-2010-2630 libtiff: crash on out-of-order codec-specific tags
The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly
validate the data types of codec-specific tags that have an
out-of-order position in a TIFF file, which allows remote attackers to
cause a denial of service (application crash) via a crafted file, a
different vulnerability than CVE-2010-2481.
References:
https://bugzilla.redhat.com/show_bug.cgi?id=554371
http://bugzilla.maptools.org/show_bug.cgi?id=2210
Discussion:
This particular symptom of unknown / out-of-order tag handling issues did not affect current libtiff packages in Red Hat Enterprise Linux 3, 4 and 5 due to previously applied patch (libtiff-*-ormandy.patch). Future libtiff updates will improve that patch to use approach from patch submitted in th
Bugzilla
CVE-2010-2481 libtiff: TIFFExtractData out-of-bounds read crash
bugzilla·2010-07-06·CVSS 4.3
CVE-2010-2481 [MEDIUM] CVE-2010-2481 libtiff: TIFFExtractData out-of-bounds read crash
CVE-2010-2481 libtiff: TIFFExtractData out-of-bounds read crash
The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly
handle unknown tag types in TIFF directory entries, which allows
remote attackers to cause a denial of service (out-of-bounds read and
application crash) via a crafted TIFF file.
References:
http://thread.gmane.org/gmane.comp.security.oss.general/3075/focus=3097
http://bugzilla.maptools.org/show_bug.cgi?id=2210
Discussion:
According to Dan Rosenberg's report, this was originally reported to iDefense. Dan did not publish too much details about this issue, as it's addressed by Tom's patch from upstream bug report #2210.
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Via RHSA-2010:0519 https:
http://bugzilla.maptools.org/show_bug.cgi?id=2210http://marc.info/?l=oss-security&m=127731610612908&w=2http://marc.info/?l=oss-security&m=127736307002102&w=2http://marc.info/?l=oss-security&m=127738540902757&w=2http://marc.info/?l=oss-security&m=127781315415896&w=2http://marc.info/?l=oss-security&m=127797353202873&w=2http://secunia.com/advisories/40527http://secunia.com/advisories/50726http://security.gentoo.org/glsa/glsa-201209-02.xmlhttp://www.openwall.com/lists/oss-security/2010/06/30/22http://www.redhat.com/support/errata/RHSA-2010-0519.htmlhttp://www.vupen.com/english/advisories/2010/1761http://bugzilla.maptools.org/show_bug.cgi?id=2210http://marc.info/?l=oss-security&m=127731610612908&w=2http://marc.info/?l=oss-security&m=127736307002102&w=2http://marc.info/?l=oss-security&m=127738540902757&w=2http://marc.info/?l=oss-security&m=127781315415896&w=2http://marc.info/?l=oss-security&m=127797353202873&w=2http://secunia.com/advisories/40527http://secunia.com/advisories/50726http://security.gentoo.org/glsa/glsa-201209-02.xmlhttp://www.openwall.com/lists/oss-security/2010/06/30/22http://www.redhat.com/support/errata/RHSA-2010-0519.htmlhttp://www.vupen.com/english/advisories/2010/1761
2010-07-06
Published