CVE-2010-2598

libtiff: crash when reading image with not configured compression

Severity Score

6.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPEG input."

La libreria LibTIFF de Red Hat Enterprise Linux (RHEL) v3 sobre las plataformas x86_64, tal y como se utiliza en tiff2rgba, intenta de procesar los datos de la imagen incluso cuando la funcionalidad de compresión solicitado no está configurada, lo que permite a atacantes remotos provocar una denegación de servicio a través de una imagen TIFF debidamente modificada. Se trata de una vulnerabilidad relacionada con "downsampled OJPEG input".

USN-1085-1 fixed vulnerabilities in the system TIFF library. The upstream fixes were incomplete and created problems for certain CCITTFAX4 files. This update fixes the problem. Multiple vulnerabilities related to tiff have been discovered and addressed. Sauli Pahlman discovered that the TIFF library incorrectly handled invalid td_stripbytecount fields. Sauli Pahlman discovered that the TIFF library incorrectly handled TIFF files with an invalid combination of SamplesPerPixel and Photometric values. Nicolae Ghimbovschi discovered that the TIFF library incorrectly handled invalid ReferenceBlackWhite values. Sauli Pahlman discovered that the TIFF library incorrectly handled certain default fields. It was discovered that the TIFF library incorrectly validated certain data types. It was discovered that the TIFF library incorrectly handled downsampled JPEG data. Various other issues were also addressed.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-07-01 CVE Reserved
2010-07-01 CVE Published
2024-08-07 CVE Updated
2024-08-07 First Exploit
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-20: Improper Input Validation

CAPEC

References (5)

URL	Tag	Source
http://www.vupen.com/english/advisories/2010/1761	Broken Link

URL	Date	SRC
https://bugzilla.redhat.com/show_bug.cgi?id=583081	2024-08-07

URL	Date	SRC

URL	Date	SRC
http://www.redhat.com/support/errata/RHSA-2010-0520.html	2016-11-08
https://access.redhat.com/security/cve/CVE-2010-2598	2010-07-08
https://bugzilla.redhat.com/show_bug.cgi?id=610786	2010-07-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				3 Search vendor "Redhat" for product "Enterprise Linux" and version "3"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				3 Search vendor "Redhat" for product "Enterprise Linux" and version "3"		ga		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				3 Search vendor "Redhat" for product "Enterprise Linux" and version "3"		ga, as		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				3 Search vendor "Redhat" for product "Enterprise Linux" and version "3"		ga, desktop		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				3 Search vendor "Redhat" for product "Enterprise Linux" and version "3"		ga, es		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				3 Search vendor "Redhat" for product "Enterprise Linux" and version "3"		ga, ws		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				3.0 Search vendor "Redhat" for product "Enterprise Linux" and version "3.0"		-		Affected