CVE-2010-2631

EUVD-2010-2635
LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during the second stage, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
Affected Products (NVD)
VendorProductVersion
libtifflibtiff
3.9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
tiff
bookworm
4.5.0-6+deb12u1
fixed
bookworm (security)
4.5.0-6+deb12u1
fixed
bullseye
4.2.0-1+deb11u5
fixed
bullseye (security)
4.2.0-1+deb11u5
fixed
sid
4.5.1+git230720-5
fixed
trixie
4.5.1+git230720-5
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
tiff
dapper
Fixed 3.7.4-1ubuntu3.8
released
hardy
Fixed 3.8.2-7ubuntu3.6
released
jaunty
ignored
karmic
Fixed 3.8.2-13ubuntu0.3
released
lucid
Fixed 3.9.2-2ubuntu0.3
released
maverick
not-affected
Common Weakness Enumeration
References
http://bugzilla.maptools.org/show_bug.cgi?id=2210
http://secunia.com/advisories/50726
http://security.gentoo.org/glsa/glsa-201209-02.xml
http://bugzilla.maptools.org/show_bug.cgi?id=2210
http://secunia.com/advisories/50726
http://security.gentoo.org/glsa/glsa-201209-02.xml