CVE-2010-2483
published 2010-07-06CVE-2010-2483: The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a TIFF file…
PriorityP414medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
1.97%
78.0th percentile
The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tiff | < tiff 3.9.4-4 (bookworm) | tiff 3.9.4-4 (bookworm) |
| libtiff | libtiff | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3LOW
vendor_redhat4.3MEDIUM
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-47hf-9252-738h: The TIFFRGBAImageGet function in LibTIFF 3
ghsa_unreviewed·2022-05-17
CVE-2010-2483 [MEDIUM] CWE-119 GHSA-47hf-9252-738h: The TIFFRGBAImageGet function in LibTIFF 3
The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values.
OSV
CVE-2010-2483: The TIFFRGBAImageGet function in LibTIFF 3
osv·2010-07-06·CVSS 4.3
CVE-2010-2483 [MEDIUM] CVE-2010-2483: The TIFFRGBAImageGet function in LibTIFF 3
The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values.
Ubuntu
tiff vulnerabilities
vendor_ubuntu·2011-03-07·CVSS 4.3
CVE-2010-3087 [MEDIUM] tiff vulnerabilities
Title: tiff vulnerabilities
Summary: Certain applications could be made to run programs as your login if they
opened a specially crafted TIFF file.
Sauli Pahlman discovered that the TIFF library incorrectly handled invalid
td_stripbytecount fields. If a user or automated system were tricked into
opening a specially crafted TIFF image, a remote attacker could crash the
application, leading to a denial of service. This issue only affected
Ubuntu 10.04 LTS and 10.10. (CVE-2010-2482)
Sauli Pahlman discovered that the TIFF library incorrectly handled TIFF
files with an invalid combination of SamplesPerPixel and Photometric
values. If a user or automated system were tricked into opening a specially
crafted TIFF image, a remote attacker could crash the application, leading
to a denial of servi
Red Hat
libtiff: out-of-bounds read crash on images with invalid SamplesPerPixel values
vendor_redhat·2010-06-16·CVSS 4.3
CVE-2010-2483 [MEDIUM] CWE-125 libtiff: out-of-bounds read crash on images with invalid SamplesPerPixel values
libtiff: out-of-bounds read crash on images with invalid SamplesPerPixel values
The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values.
Debian
CVE-2010-2483: tiff - The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause ...
vendor_debian·2010·CVSS 4.3
CVE-2010-2483 [MEDIUM] CVE-2010-2483: tiff - The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause ...
The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values.
Scope: local
bookworm: resolved (fixed in 3.9.4-4)
bullseye: resolved (fixed in 3.9.4-4)
forky: resolved (fixed in 3.9.4-4)
sid: resolved (fixed in 3.9.4-4)
trixie: resolved (fixed in 3.9.4-4)
No detection rules found.
No public exploits indexed.
http://bugzilla.maptools.org/show_bug.cgi?id=2216http://marc.info/?l=oss-security&m=127731610612908&w=2http://marc.info/?l=oss-security&m=127736307002102&w=2http://marc.info/?l=oss-security&m=127738540902757&w=2http://marc.info/?l=oss-security&m=127781315415896&w=2http://marc.info/?l=oss-security&m=127797353202873&w=2http://secunia.com/advisories/40422http://secunia.com/advisories/40527http://secunia.com/advisories/50726http://security.gentoo.org/glsa/glsa-201209-02.xmlhttp://www.openwall.com/lists/oss-security/2010/06/30/22http://www.redhat.com/support/errata/RHSA-2010-0519.htmlhttp://www.vupen.com/english/advisories/2010/1761https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/591605https://bugzilla.redhat.com/show_bug.cgi?id=603081http://bugzilla.maptools.org/show_bug.cgi?id=2216http://marc.info/?l=oss-security&m=127731610612908&w=2http://marc.info/?l=oss-security&m=127736307002102&w=2http://marc.info/?l=oss-security&m=127738540902757&w=2http://marc.info/?l=oss-security&m=127781315415896&w=2http://marc.info/?l=oss-security&m=127797353202873&w=2http://secunia.com/advisories/40422http://secunia.com/advisories/40527http://secunia.com/advisories/50726http://security.gentoo.org/glsa/glsa-201209-02.xmlhttp://www.openwall.com/lists/oss-security/2010/06/30/22http://www.redhat.com/support/errata/RHSA-2010-0519.htmlhttp://www.vupen.com/english/advisories/2010/1761https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/591605https://bugzilla.redhat.com/show_bug.cgi?id=603081
2010-07-06
Published