CVE-2010-2481Improper Restriction of Operations within the Bounds of a Memory Buffer in Tiff

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-20Improper Input ValidationCWE-125Out-of-bounds Read18 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
1.6%
top 18.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian TiffLibtiff
Timeline
PublishedJul 6
Latest updateMay 17

Description

The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDlibtiff/libtiff3.9.3+22
debiandebian/tiff< tiff 3.9.4-1 (bookworm)+1

Patches

Patch: bugzilla.maptools.orgPatch: bugzilla.maptools.org

🔴Vulnerability Details

6
GHSA
GHSA-h44f-q2w8-95fm: The TIFFExtractData macro in LibTIFF before 32022-05-17
GHSA
GHSA-6qwx-wr4q-r588: LibTIFF 32022-05-17
GHSA
GHSA-r4v9-3hv9-pr4f: The TIFFReadDirectory function in LibTIFF 32022-05-17
OSV
CVE-2010-2630: The TIFFReadDirectory function in LibTIFF 32010-07-06
OSV
CVE-2010-2481: The TIFFExtractData macro in LibTIFF before 32010-07-06

📋Vendor Advisories

6
Red Hat
libtiff: TIFFExtractData out-of-bounds read crash2010-06-23
Red Hat
libtiff: unknown tag handling assertion failure2010-06-22
Red Hat
libtiff: crash on out-of-order codec-specific tags2010-01-11
Debian
CVE-2010-2481: tiff - The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unkno...2010
Debian
CVE-2010-2630: tiff - The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the d...2010

💬Community

3
Bugzilla
CVE-2010-2631 libtiff: unknown tag handling assertion failure2010-07-06
Bugzilla
CVE-2010-2630 libtiff: crash on out-of-order codec-specific tags2010-07-06
Bugzilla
CVE-2010-2481 libtiff: TIFFExtractData out-of-bounds read crash2010-07-06