CVE-2010-2597
published 2010-07-02CVE-2010-2597: The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
2.79%
84.6th percentile
The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image, related to "downsampled OJPEG input" and possibly related to a compiler optimization that triggers a divide-by-zero error.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tiff | < tiff 3.9.6-1 (bookworm) | tiff 3.9.6-1 (bookworm) |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
tiff regression
vendor_ubuntu·2011-03-15·CVSS 4.3
[MEDIUM] tiff regression
Title: tiff regression
Summary: Fix regression in CCITTFAX4 processing.
USN-1085-1 fixed vulnerabilities in the system TIFF library. The upstream
fixes were incomplete and created problems for certain CCITTFAX4 files.
This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Sauli Pahlman discovered that the TIFF library incorrectly handled invalid
td_stripbytecount fields. If a user or automated system were tricked into
opening a specially crafted TIFF image, a remote attacker could crash the
application, leading to a denial of service. This issue only affected
Ubuntu 10.04 LTS and 10.10. (CVE-2010-2482)
Sauli Pahlman discovered that the TIFF library incorrectly handled TIFF
files with an invalid combination of SamplesPerPixel and Photometric
valu
Ubuntu
tiff vulnerabilities
vendor_ubuntu·2011-03-07·CVSS 4.3
CVE-2010-3087 [MEDIUM] tiff vulnerabilities
Title: tiff vulnerabilities
Summary: Certain applications could be made to run programs as your login if they
opened a specially crafted TIFF file.
Sauli Pahlman discovered that the TIFF library incorrectly handled invalid
td_stripbytecount fields. If a user or automated system were tricked into
opening a specially crafted TIFF image, a remote attacker could crash the
application, leading to a denial of service. This issue only affected
Ubuntu 10.04 LTS and 10.10. (CVE-2010-2482)
Sauli Pahlman discovered that the TIFF library incorrectly handled TIFF
files with an invalid combination of SamplesPerPixel and Photometric
values. If a user or automated system were tricked into opening a specially
crafted TIFF image, a remote attacker could crash the application, leading
to a denial of servi
Red Hat
libtiff: use of uninitialized values crash
vendor_redhat·2010-06-12·CVSS 4.3
CVE-2010-2597 [MEDIUM] libtiff: use of uninitialized values crash
libtiff: use of uninitialized values crash
The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image, related to "downsampled OJPEG input" and possibly related to a compiler optimization that triggers a divide-by-zero error.
Package: libtiff (Red Hat Enterprise Linux 6) - Not affected
Debian
CVE-2010-2597: tiff - The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes inco...
vendor_debian·2010·CVSS 4.3
CVE-2010-2597 [MEDIUM] CVE-2010-2597: tiff - The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes inco...
The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image, related to "downsampled OJPEG input" and possibly related to a compiler optimization that triggers a divide-by-zero error.
Scope: local
bookworm: resolved (fixed in 3.9.6-1)
bullseye: resolved (fixed in 3.9.6-1)
forky: resolved (fixed in 3.9.6-1)
sid: resolved (fixed in 3.9.6-1)
trixie: resolved (fixed in 3.9.6-1)
GHSA
GHSA-frcc-38j9-x9v8: The TIFFVStripSize function in tif_strip
ghsa_unreviewed·2022-05-17
CVE-2010-2597 [MEDIUM] CWE-20 GHSA-frcc-38j9-x9v8: The TIFFVStripSize function in tif_strip
The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image, related to "downsampled OJPEG input" and possibly related to a compiler optimization that triggers a divide-by-zero error.
OSV
CVE-2010-2597: The TIFFVStripSize function in tif_strip
osv·2010-07-02·CVSS 4.3
CVE-2010-2597 [MEDIUM] CVE-2010-2597: The TIFFVStripSize function in tif_strip
The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image, related to "downsampled OJPEG input" and possibly related to a compiler optimization that triggers a divide-by-zero error.
No detection rules found.
No public exploits indexed.
http://bugzilla.maptools.org/show_bug.cgi?id=2215http://secunia.com/advisories/40422http://secunia.com/advisories/40527http://secunia.com/advisories/50726http://security.gentoo.org/glsa/glsa-201209-02.xmlhttp://www.debian.org/security/2012/dsa-2552http://www.redhat.com/support/errata/RHSA-2010-0519.htmlhttp://www.vupen.com/english/advisories/2010/1761https://bugs.launchpad.net/bugs/593067https://bugzilla.redhat.com/show_bug.cgi?id=583081https://bugzilla.redhat.com/show_bug.cgi?id=603703http://bugzilla.maptools.org/show_bug.cgi?id=2215http://secunia.com/advisories/40422http://secunia.com/advisories/40527http://secunia.com/advisories/50726http://security.gentoo.org/glsa/glsa-201209-02.xmlhttp://www.debian.org/security/2012/dsa-2552http://www.redhat.com/support/errata/RHSA-2010-0519.htmlhttp://www.vupen.com/english/advisories/2010/1761https://bugs.launchpad.net/bugs/593067https://bugzilla.redhat.com/show_bug.cgi?id=583081https://bugzilla.redhat.com/show_bug.cgi?id=603703
2010-07-02
Published