Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-2631 — Improper Input Validation in Tiff

CWE-20 — Improper Input Validation7 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

5.4%

top 9.89%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Debian Tiff Libtiff

Timeline

PublishedJul 6

Latest updateMay 17

Description

LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during the second stage, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDlibtiff/libtiff3.9.0

▶debiandebian/tiff< tiff 3.9.4-1 (bookworm)

Patches

Patch: bugzilla.maptools.org ↗Patch: bugzilla.maptools.org ↗

🔴Vulnerability Details

GHSA

GHSA-6qwx-wr4q-r588: LibTIFF 3↗2022-05-17

▶

OSV

CVE-2010-2631: LibTIFF 3↗2010-07-06

▶

💥Exploits & PoCs

Exploit-DB

LibTIFF 3.9.4 - Unknown Tag Second Pass Processing Remote Denial of Service↗2010-06-14

▶

📋Vendor Advisories

Red Hat

libtiff: unknown tag handling assertion failure↗2010-06-22

▶

Debian

CVE-2010-2631: tiff - LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF ...↗2010

▶

💬Community

Bugzilla

CVE-2010-2631 libtiff: unknown tag handling assertion failure↗2010-07-06

▶