CVE-2010-2630
published 2010-07-06CVE-2010-2630: The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF…
PriorityP422medium4.3CVSS 2.0
AVNACMAuNCNINAP
EXPLOIT
EPSS
4.95%
91.1th percentile
The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tiff | < tiff 3.9.6-1 (bookworm) | tiff 3.9.6-1 (bookworm) |
| libtiff | libtiff | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
vendor_ubuntu4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
tiff regression
vendor_ubuntu·2011-03-15·CVSS 4.3
[MEDIUM] tiff regression
Title: tiff regression
Summary: Fix regression in CCITTFAX4 processing.
USN-1085-1 fixed vulnerabilities in the system TIFF library. The upstream
fixes were incomplete and created problems for certain CCITTFAX4 files.
This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Sauli Pahlman discovered that the TIFF library incorrectly handled invalid
td_stripbytecount fields. If a user or automated system were tricked into
opening a specially crafted TIFF image, a remote attacker could crash the
application, leading to a denial of service. This issue only affected
Ubuntu 10.04 LTS and 10.10. (CVE-2010-2482)
Sauli Pahlman discovered that the TIFF library incorrectly handled TIFF
files with an invalid combination of SamplesPerPixel and Photometric
valu
Ubuntu
tiff vulnerabilities
vendor_ubuntu·2011-03-07·CVSS 4.3
CVE-2010-3087 [MEDIUM] tiff vulnerabilities
Title: tiff vulnerabilities
Summary: Certain applications could be made to run programs as your login if they
opened a specially crafted TIFF file.
Sauli Pahlman discovered that the TIFF library incorrectly handled invalid
td_stripbytecount fields. If a user or automated system were tricked into
opening a specially crafted TIFF image, a remote attacker could crash the
application, leading to a denial of service. This issue only affected
Ubuntu 10.04 LTS and 10.10. (CVE-2010-2482)
Sauli Pahlman discovered that the TIFF library incorrectly handled TIFF
files with an invalid combination of SamplesPerPixel and Photometric
values. If a user or automated system were tricked into opening a specially
crafted TIFF image, a remote attacker could crash the application, leading
to a denial of servi
Red Hat
libtiff: crash on out-of-order codec-specific tags
vendor_redhat·2010-01-11·CVSS 4.3
CVE-2010-2630 [MEDIUM] libtiff: crash on out-of-order codec-specific tags
libtiff: crash on out-of-order codec-specific tags
The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.
Statement: Not vulnerable. This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Debian
CVE-2010-2630: tiff - The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the d...
vendor_debian·2010·CVSS 4.3
CVE-2010-2630 [MEDIUM] CVE-2010-2630: tiff - The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the d...
The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.
Scope: local
bookworm: resolved (fixed in 3.9.6-1)
bullseye: resolved (fixed in 3.9.6-1)
forky: resolved (fixed in 3.9.6-1)
sid: resolved (fixed in 3.9.6-1)
trixie: resolved (fixed in 3.9.6-1)
GHSA
GHSA-r4v9-3hv9-pr4f: The TIFFReadDirectory function in LibTIFF 3
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2010-2630 [MEDIUM] CWE-20 GHSA-r4v9-3hv9-pr4f: The TIFFReadDirectory function in LibTIFF 3
The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.
OSV
CVE-2010-2630: The TIFFReadDirectory function in LibTIFF 3
osv·2010-07-06·CVSS 4.3
CVE-2010-2630 [MEDIUM] CVE-2010-2630: The TIFFReadDirectory function in LibTIFF 3
The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.
No detection rules found.
Exploit-DB
LibTIFF 3.9.4 - Out-Of-Order Tag Type Mismatch Remote Denial of Service
exploitdb·2010-07-12
CVE-2010-2630 LibTIFF 3.9.4 - Out-Of-Order Tag Type Mismatch Remote Denial of Service
LibTIFF 3.9.4 - Out-Of-Order Tag Type Mismatch Remote Denial of Service
---
source: https://www.securityfocus.com/bid/41475/info
LibTIFF is prone to a denial-of-service vulnerability because it fails to properly validate user-supplied input.
An attacker can exploit this issue to crash an application that uses the vulnerable library, denying service to legitimate users.
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/34279.tif
Exploit-DB
Symantec Remote Management - Remote Buffer Overflow (Metasploit)
exploitdb·2010-05-09
CVE-2006-2630 Symantec Remote Management - Remote Buffer Overflow (Metasploit)
Symantec Remote Management - Remote Buffer Overflow (Metasploit)
---
##
# $Id: symantec_rtvscan.rb 9262 2010-05-09 17:45:00Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Symantec Remote Management Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in Symantec Client Security 3.0.x.
This module has only been tested against Symantec Client Security 3.0.2
build 10.0.2.2000.
},
'Author' => [ 'MC' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: 9262 $',
'References' =>
[
['CVE', '2006-2630'],
['O
Bugzilla
CVE-2010-2631 libtiff: unknown tag handling assertion failure
bugzilla·2010-07-06·CVSS 4.3
CVE-2010-2631 [MEDIUM] CVE-2010-2631 libtiff: unknown tag handling assertion failure
CVE-2010-2631 libtiff: unknown tag handling assertion failure
LibTIFF 3.9.0 ignores tags in certain situations during the first
stage of TIFF file processing and does not properly handle this during
the second stage, which allows remote attackers to cause a denial of
service (application crash) via a crafted file, a different
vulnerability than CVE-2010-2481.
References:
http://bugzilla.maptools.org/show_bug.cgi?id=2210
Discussion:
It seems this CVE was assigned based on the following comment in the upstream bug report:
http://bugzilla.maptools.org/show_bug.cgi?id=2210#c3
It was added in response to the Red Hat bug:
https://bugzilla.redhat.com/show_bug.cgi?id=603699
Upstream bug report #2210 contains patch to address issues related to handling of unknown tags, which could lead to var
Bugzilla
CVE-2010-2630 libtiff: crash on out-of-order codec-specific tags
bugzilla·2010-07-06·CVSS 4.3
CVE-2010-2630 [MEDIUM] CVE-2010-2630 libtiff: crash on out-of-order codec-specific tags
CVE-2010-2630 libtiff: crash on out-of-order codec-specific tags
The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly
validate the data types of codec-specific tags that have an
out-of-order position in a TIFF file, which allows remote attackers to
cause a denial of service (application crash) via a crafted file, a
different vulnerability than CVE-2010-2481.
References:
https://bugzilla.redhat.com/show_bug.cgi?id=554371
http://bugzilla.maptools.org/show_bug.cgi?id=2210
Discussion:
This particular symptom of unknown / out-of-order tag handling issues did not affect current libtiff packages in Red Hat Enterprise Linux 3, 4 and 5 due to previously applied patch (libtiff-*-ormandy.patch). Future libtiff updates will improve that patch to use approach from patch submitted in th
http://bugzilla.maptools.org/show_bug.cgi?id=2210http://secunia.com/advisories/50726http://security.gentoo.org/glsa/glsa-201209-02.xmlhttp://www.debian.org/security/2012/dsa-2552https://bugzilla.redhat.com/show_bug.cgi?id=554371http://bugzilla.maptools.org/show_bug.cgi?id=2210http://secunia.com/advisories/50726http://security.gentoo.org/glsa/glsa-201209-02.xmlhttp://www.debian.org/security/2012/dsa-2552https://bugzilla.redhat.com/show_bug.cgi?id=554371
2010-07-06
Published