CVE-2010-2598
libtiff: crash when reading image with not configured compression
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPEG input."
La libreria LibTIFF de Red Hat Enterprise Linux (RHEL) v3 sobre las plataformas x86_64, tal y como se utiliza en tiff2rgba, intenta de procesar los datos de la imagen incluso cuando la funcionalidad de compresión solicitado no está configurada, lo que permite a atacantes remotos provocar una denegación de servicio a través de una imagen TIFF debidamente modificada. Se trata de una vulnerabilidad relacionada con "downsampled OJPEG input".
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-07-01 CVE Reserved
- 2010-07-01 CVE Published
- 2024-04-05 EPSS Updated
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.vupen.com/english/advisories/2010/1761 | Broken Link |
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=583081 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2010-0520.html | 2016-11-08 | |
| https://access.redhat.com/security/cve/CVE-2010-2598 | 2010-07-08 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=610786 | 2010-07-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 3 Search vendor "Redhat" for product "Enterprise Linux" and version "3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 3 Search vendor "Redhat" for product "Enterprise Linux" and version "3" | ga |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 3 Search vendor "Redhat" for product "Enterprise Linux" and version "3" | ga, as |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 3 Search vendor "Redhat" for product "Enterprise Linux" and version "3" | ga, desktop |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 3 Search vendor "Redhat" for product "Enterprise Linux" and version "3" | ga, es |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 3 Search vendor "Redhat" for product "Enterprise Linux" and version "3" | ga, ws |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 3.0 Search vendor "Redhat" for product "Enterprise Linux" and version "3.0" | - |
Affected
| ||||||