CVE-2010-2598Improper Input Validation in Tiff

CWE-20Improper Input Validation8 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
0.6%
top 30.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian TiffRedhat Enterprise Linux
Timeline
PublishedJul 2
Latest updateMay 17

Description

LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPEG input."

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

debiandebian/tiff< tiff 3.9.4-1 (bookworm)

Also affects: Enterprise Linux 3, 3.0

🔴Vulnerability Details

2
GHSA
GHSA-x8mf-r5p2-qm59: LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compress2022-05-17
OSV
CVE-2010-2598: LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compress2010-07-02

📋Vendor Advisories

4
Ubuntu
tiff regression2011-03-15
Ubuntu
tiff vulnerabilities2011-03-07
Red Hat
libtiff: crash when reading image with not configured compression2010-06-10
Debian
CVE-2010-2598: tiff - LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tif...2010

💬Community

1
Bugzilla
CVE-2010-2598 libtiff: crash when reading image with not configured compression2010-07-02