Published: 06/07/2010 Updated: 13/02/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

LibTIFF 3.9.4 and previous versions does not properly handle an invalid td_stripbytecount field, which allows remote malicious users to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libtiff libtiff 3.4
libtiff libtiff 3.7.0
libtiff libtiff 3.6.0
libtiff libtiff 3.6.1
libtiff libtiff 3.8.0
libtiff libtiff 3.7.3
libtiff libtiff 3.8.1
libtiff libtiff 3.9.3
libtiff libtiff 3.5.7
libtiff libtiff 3.8.2
libtiff libtiff 3.7.2
libtiff libtiff 3.5.3
libtiff libtiff 3.7.1
libtiff libtiff 3.5.4
libtiff libtiff 3.5.2
libtiff libtiff
libtiff libtiff 3.9.2
libtiff libtiff 3.7.4
libtiff libtiff 3.5.5
libtiff libtiff 3.9.0
libtiff libtiff 3.5.6
libtiff libtiff 3.5.1
libtiff libtiff 3.9.1

Debian Bug report logs - #678140 Two tiff issues: CVE-2012-2113 / CVE-2012-2088 Package: tiff; Maintainer for tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Tue, 19 Jun 2012 14:09:03 UTC Severity: grave Tags: security Found in version 394-5+sque ...

Several vulnerabilities were discovered in TIFF, a library set and tools to support the Tag Image File Format (TIFF), allowing denial of service and potential privilege escalation These vulnerabilities can be exploited via a specially crafted TIFF image CVE-2012-2113 The tiff2pdf utility has an integer overflow error when parsing images CVE-2 ...

Certain applications could be made to run programs as your login if they opened a specially crafted TIFF file ...

Fix regression in CCITTFAX4 processing ...

From: wwwsecurityfocuscom/bid/41480/ LibTIFF is prone to a denial-of-service vulnerability because it fails to properly validate user-supplied input An attacker can exploit this issue to crash an application that uses the vulnerable library, denying service to legitimate users Due to the nature of this issue, attackers may be able to ex ...

NVD-CWE-Other http://secunia.com/advisories/40422 http://marc.info/?l=oss-security&m=127738540902757&w=2 http://marc.info/?l=oss-security&m=127797353202873&w=2 https://bugzilla.redhat.com/show_bug.cgi?id=608010 https://bugzilla.redhat.com/show_bug.cgi?id=603024 https://bugs.launchpad.net/bugs/597246 http://marc.info/?l=oss-security&m=127736307002102&w=2 http://www.openwall.com/lists/oss-security/2010/06/30/22 http://bugzilla.maptools.org/show_bug.cgi?id=1996 http://www.debian.org/security/2012/dsa-2552 http://secunia.com/advisories/50726 http://security.gentoo.org/glsa/glsa-201209-02.xml https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=678140 https://nvd.nist.gov https://usn.ubuntu.com/1085-1/https://www.exploit-db.com/exploits/14573/https://www.debian.org/security/./dsa-2552

CVE-2010-2482

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect