Lucene search

[email protected]CVE-2010-2631

HistoryJul 06, 2010 - 5:17 p.m.

CVE-2010-2631

2010-07-0617:17:20

CWE-20

[email protected]

web.nvd.nist.gov

cve-2010-2631

libtiff

tiff file processing

denial of service

remote attackers

application crash

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.2 Medium

AI Score

Confidence

Low

0.019 Low

EPSS

Percentile

88.5%

JSON

LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during the second stage, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.

Affected configurations

NVD

Node

libtifflibtiffMatch3.9.0

CPENameOperatorVersion
libtiff:libtifflibtiffeq3.9.0

CPE	Name	Operator	Version
libtiff:libtiff	libtiff	eq	3.9.0

References

bugzilla.maptools.org/show_bug.cgi?id=2210

secunia.com/advisories/50726

security.gentoo.org/glsa/glsa-201209-02.xml

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.2 Medium

AI Score

Confidence

Low

0.019 Low

EPSS

Percentile

88.5%

JSON

Related for CVE-2010-2631

nvd3 ubuntucve3 cvelist3 prion3 debiancve3 cve2 openvas11 gentoo1 nessus7 oraclelinux1 centos1 redhat1