Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2010-2595
HistoryJul 02, 2010 - 12:43 p.m.

CVE-2010-2595

2010-07-0212:43:53
CWE-20
[email protected]
web.nvd.nist.gov
35
cve-2010-2595
libtiff
imagemagick
tiff
denial of service
nvd
vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.2 Medium

AI Score

Confidence

Low

0.034 Low

EPSS

Percentile

91.4%

JSON

The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to “downsampled OJPEG input.”

Affected configurations

NVD
Node
libtifflibtiffMatch3.9.0
OR
libtifflibtiffMatch3.9.2

Related

prion 1
nvd 1
debiancve 1
ubuntucve 1
cvelist 1
altlinux 3
openvas 17
nessus 11
oraclelinux 1
redhat 1
centos 1
ubuntu 2
debian 1
osv 1
gentoo 1
prion
prion
Input validation
2010-07-02 12:43:00
nvd
nvd
CVE-2010-2595
2010-07-02 12:43:53
debiancve
debiancve
CVE-2010-2595
2010-07-02 12:43:53
ubuntucve
ubuntucve
CVE-2010-2595
2010-07-02 00:00:00
cvelist
cvelist
CVE-2010-2595
2010-07-01 18:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package libtiff version 3.9.4-alt5
2011-03-09 00:00:00
Security fix for the ALT Linux 10 package libtiff version 3.9.4-alt5
2011-03-09 00:00:00
Security fix for the ALT Linux 5 package libtiff version 3.9.5-alt1.M50P.1
2011-09-29 00:00:00
openvas
openvas
RedHat Update for libtiff RHSA-2010:0519-01
2010-07-12 00:00:00
RedHat Update for libtiff RHSA-2010:0519-01
2010-07-12 00:00:00
CentOS Update for libtiff CESA-2010:0519 centos5 i386
2011-08-09 00:00:00
nessus
nessus
BlackBerry Enterprise Server PNG and TIFF Image Processing Vulnerabilities (KB27244)
2011-08-11 00:00:00
CentOS 4 / 5 : libtiff (CESA-2010:0519)
2010-07-16 00:00:00
Mandriva Linux Security Advisory : libtiff (MDVSA-2010:145)
2010-08-09 00:00:00
oraclelinux
oraclelinux
libtiff security update
2010-07-08 00:00:00
redhat
redhat
(RHSA-2010:0519) Important: libtiff security update
2010-07-08 00:00:00
centos
centos
libtiff security update
2010-07-14 22:28:07
ubuntu
ubuntu
tiff regression
2011-03-15 00:00:00
tiff vulnerabilities
2011-03-07 00:00:00
debian
debian
[SECURITY] [DSA 2552-1] tiff security update
2012-09-26 21:55:26
osv
osv
tiff - several
2012-09-26 00:00:00
gentoo
gentoo
libTIFF: Multiple vulnerabilities
2012-09-23 00:00:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.2 Medium

AI Score

Confidence

Low

0.034 Low

EPSS

Percentile

91.4%

JSON
Related for CVE-2010-2595
prion1nvd1debiancve1ubuntucve1cvelist1altlinux3openvas17nessus11oraclelinux1redhat1centos1ubuntu2debian1osv1gentoo1