CVE-2010-2631

2010-07-0617:17:20

Debian Security Bug Tracker

security-tracker.debian.org

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.019 Low

EPSS

Percentile

88.5%

JSON

LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during the second stage, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.

OSVersionArchitecturePackageVersionFilename
Debian12alltiff< 3.9.4-1tiff_3.9.4-1_all.deb
Debian11alltiff< 3.9.4-1tiff_3.9.4-1_all.deb
Debian999alltiff< 3.9.4-1tiff_3.9.4-1_all.deb
Debian13alltiff< 3.9.4-1tiff_3.9.4-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	tiff	< 3.9.4-1	tiff_3.9.4-1_all.deb
Debian	11	all	tiff	< 3.9.4-1	tiff_3.9.4-1_all.deb
Debian	999	all	tiff	< 3.9.4-1	tiff_3.9.4-1_all.deb
Debian	13	all	tiff	< 3.9.4-1	tiff_3.9.4-1_all.deb