CVE-2010-2598
published 2010-07-02CVE-2010-2598: LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
1.99%
78.2th percentile
LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPEG input."
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tiff | < tiff 3.9.4-1 (bookworm) | tiff 3.9.4-1 (bookworm) |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x8mf-r5p2-qm59: LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compress
ghsa_unreviewed·2022-05-17
CVE-2010-2598 [MEDIUM] CWE-20 GHSA-x8mf-r5p2-qm59: LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compress
LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPEG input."
OSV
CVE-2010-2598: LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compress
osv·2010-07-02·CVSS 4.3
CVE-2010-2598 [MEDIUM] CVE-2010-2598: LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compress
LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPEG input."
Ubuntu
tiff regression
vendor_ubuntu·2011-03-15·CVSS 4.3
[MEDIUM] tiff regression
Title: tiff regression
Summary: Fix regression in CCITTFAX4 processing.
USN-1085-1 fixed vulnerabilities in the system TIFF library. The upstream
fixes were incomplete and created problems for certain CCITTFAX4 files.
This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Sauli Pahlman discovered that the TIFF library incorrectly handled invalid
td_stripbytecount fields. If a user or automated system were tricked into
opening a specially crafted TIFF image, a remote attacker could crash the
application, leading to a denial of service. This issue only affected
Ubuntu 10.04 LTS and 10.10. (CVE-2010-2482)
Sauli Pahlman discovered that the TIFF library incorrectly handled TIFF
files with an invalid combination of SamplesPerPixel and Photometric
valu
Ubuntu
tiff vulnerabilities
vendor_ubuntu·2011-03-07·CVSS 4.3
CVE-2010-3087 [MEDIUM] tiff vulnerabilities
Title: tiff vulnerabilities
Summary: Certain applications could be made to run programs as your login if they
opened a specially crafted TIFF file.
Sauli Pahlman discovered that the TIFF library incorrectly handled invalid
td_stripbytecount fields. If a user or automated system were tricked into
opening a specially crafted TIFF image, a remote attacker could crash the
application, leading to a denial of service. This issue only affected
Ubuntu 10.04 LTS and 10.10. (CVE-2010-2482)
Sauli Pahlman discovered that the TIFF library incorrectly handled TIFF
files with an invalid combination of SamplesPerPixel and Photometric
values. If a user or automated system were tricked into opening a specially
crafted TIFF image, a remote attacker could crash the application, leading
to a denial of servi
Red Hat
libtiff: crash when reading image with not configured compression
vendor_redhat·2010-06-10·CVSS 4.3
CVE-2010-2598 [MEDIUM] libtiff: crash when reading image with not configured compression
libtiff: crash when reading image with not configured compression
LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPEG input."
Package: libtiff (Red Hat Enterprise Linux 4) - Not affected
Package: libtiff (Red Hat Enterprise Linux 5) - Not affected
Package: libtiff (Red Hat Enterprise Linux 6) - Not affected
Debian
CVE-2010-2598: tiff - LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tif...
vendor_debian·2010·CVSS 4.3
CVE-2010-2598 [MEDIUM] CVE-2010-2598: tiff - LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tif...
LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPEG input."
Scope: local
bookworm: resolved (fixed in 3.9.4-1)
bullseye: resolved (fixed in 3.9.4-1)
forky: resolved (fixed in 3.9.4-1)
sid: resolved (fixed in 3.9.4-1)
trixie: resolved (fixed in 3.9.4-1)
No detection rules found.
No public exploits indexed.
http://secunia.com/advisories/40536http://www.redhat.com/support/errata/RHSA-2010-0520.htmlhttp://www.vupen.com/english/advisories/2010/1761https://bugzilla.redhat.com/show_bug.cgi?id=583081http://secunia.com/advisories/40536http://www.redhat.com/support/errata/RHSA-2010-0520.htmlhttp://www.vupen.com/english/advisories/2010/1761https://bugzilla.redhat.com/show_bug.cgi?id=583081
2010-07-02
Published