CVE-2010-2595
published 2010-07-02CVE-2010-2595: The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows…
PriorityP414medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
2.75%
84.4th percentile
The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to "downsampled OJPEG input."
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tiff | < tiff 3.9.6-1 (bookworm) | tiff 3.9.6-1 (bookworm) |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
tiff regression
vendor_ubuntu·2011-03-15·CVSS 4.3
[MEDIUM] tiff regression
Title: tiff regression
Summary: Fix regression in CCITTFAX4 processing.
USN-1085-1 fixed vulnerabilities in the system TIFF library. The upstream
fixes were incomplete and created problems for certain CCITTFAX4 files.
This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Sauli Pahlman discovered that the TIFF library incorrectly handled invalid
td_stripbytecount fields. If a user or automated system were tricked into
opening a specially crafted TIFF image, a remote attacker could crash the
application, leading to a denial of service. This issue only affected
Ubuntu 10.04 LTS and 10.10. (CVE-2010-2482)
Sauli Pahlman discovered that the TIFF library incorrectly handled TIFF
files with an invalid combination of SamplesPerPixel and Photometric
valu
Ubuntu
tiff vulnerabilities
vendor_ubuntu·2011-03-07·CVSS 4.3
CVE-2010-3087 [MEDIUM] tiff vulnerabilities
Title: tiff vulnerabilities
Summary: Certain applications could be made to run programs as your login if they
opened a specially crafted TIFF file.
Sauli Pahlman discovered that the TIFF library incorrectly handled invalid
td_stripbytecount fields. If a user or automated system were tricked into
opening a specially crafted TIFF image, a remote attacker could crash the
application, leading to a denial of service. This issue only affected
Ubuntu 10.04 LTS and 10.10. (CVE-2010-2482)
Sauli Pahlman discovered that the TIFF library incorrectly handled TIFF
files with an invalid combination of SamplesPerPixel and Photometric
values. If a user or automated system were tricked into opening a specially
crafted TIFF image, a remote attacker could crash the application, leading
to a denial of servi
Red Hat
libtiff: Array index error due improper handling of invalid ReferenceBlackWhite values
vendor_redhat·2010-04-16·CVSS 4.3
CVE-2010-2595 [MEDIUM] libtiff: Array index error due improper handling of invalid ReferenceBlackWhite values
libtiff: Array index error due improper handling of invalid ReferenceBlackWhite values
The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to "downsampled OJPEG input."
Package: libtiff (Red Hat Enterprise Linux 6) - Affected
Debian
CVE-2010-2595: tiff - The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, ...
vendor_debian·2010·CVSS 4.3
CVE-2010-2595 [MEDIUM] CVE-2010-2595: tiff - The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, ...
The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to "downsampled OJPEG input."
Scope: local
bookworm: resolved (fixed in 3.9.6-1)
bullseye: resolved (fixed in 3.9.6-1)
forky: resolved (fixed in 3.9.6-1)
sid: resolved (fixed in 3.9.6-1)
trixie: resolved (fixed in 3.9.6-1)
GHSA
GHSA-wvcx-9365-9p2w: The TIFFYCbCrtoRGB function in LibTIFF 3
ghsa_unreviewed·2022-05-17
CVE-2010-2595 [MEDIUM] CWE-20 GHSA-wvcx-9365-9p2w: The TIFFYCbCrtoRGB function in LibTIFF 3
The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to "downsampled OJPEG input."
OSV
CVE-2010-2595: The TIFFYCbCrtoRGB function in LibTIFF 3
osv·2010-07-02·CVSS 4.3
CVE-2010-2595 [MEDIUM] CVE-2010-2595: The TIFFYCbCrtoRGB function in LibTIFF 3
The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to "downsampled OJPEG input."
No detection rules found.
No public exploits indexed.
http://blackberry.com/btsc/KB27244http://bugzilla.maptools.org/show_bug.cgi?id=2208http://marc.info/?l=oss-security&m=127731610612908&w=2http://secunia.com/advisories/40422http://secunia.com/advisories/40527http://secunia.com/advisories/50726http://security.gentoo.org/glsa/glsa-201209-02.xmlhttp://www.debian.org/security/2012/dsa-2552http://www.redhat.com/support/errata/RHSA-2010-0519.htmlhttp://www.vupen.com/english/advisories/2010/1761https://bugzilla.redhat.com/show_bug.cgi?id=583081http://blackberry.com/btsc/KB27244http://bugzilla.maptools.org/show_bug.cgi?id=2208http://marc.info/?l=oss-security&m=127731610612908&w=2http://secunia.com/advisories/40422http://secunia.com/advisories/40527http://secunia.com/advisories/50726http://security.gentoo.org/glsa/glsa-201209-02.xmlhttp://www.debian.org/security/2012/dsa-2552http://www.redhat.com/support/errata/RHSA-2010-0519.htmlhttp://www.vupen.com/english/advisories/2010/1761https://bugzilla.redhat.com/show_bug.cgi?id=583081
2010-07-02
Published