Lucene search

[email protected]CVE-2010-2598

HistoryJul 02, 2010 - 12:43 p.m.

CVE-2010-2598

2010-07-0212:43:53

CWE-20

[email protected]

web.nvd.nist.gov

cve-2010-2598

libtiff

red hat enterprise linux

rhel 3

x86_64

denial of service

crafted tiff

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.2 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.1%

JSON

LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to “downsampled OJPEG input.”

Affected configurations

NVD

Node

redhatenterprise_linuxMatch3

redhatenterprise_linuxMatch3ga

redhatenterprise_linuxMatch3gaas

redhatenterprise_linuxMatch3gadesktop

redhatenterprise_linuxMatch3gaes

redhatenterprise_linuxMatch3gaws

redhatenterprise_linuxMatch3.0

CPENameOperatorVersion
redhat:enterprise_linuxredhat enterprise linuxeq3
redhat:enterprise_linuxredhat enterprise linuxeq3.0

CPE	Name	Operator	Version
redhat:enterprise_linux	redhat enterprise linux	eq	3
redhat:enterprise_linux	redhat enterprise linux	eq	3.0

References

secunia.com/advisories/40536

www.redhat.com/support/errata/RHSA-2010-0520.html

www.vupen.com/english/advisories/2010/1761

bugzilla.redhat.com/show_bug.cgi?id=583081

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.2 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.1%

JSON

Related for CVE-2010-2598

veracode1 debiancve1 cvelist1 nvd1 prion1 openvas8 nessus6 ubuntucve1 redhat1 centos1 ubuntu2