CVE-2010-2233 — Vulnetix

Try Vulnetix Request Demo

CVE-2010-2233 PUBLISHED CVSS 9.300000190734863 CRITICAL

tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to "downsampled OJPEG input."

EPSS 2.37% · 84.8th percentile

Risk Scores

CVSS v4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS Score

2.37%

84.8th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
libtiff	libtiff	3.9.0, 3.9.2

Timeline

Jul 1, 2010 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score

References

[oss-security] 20100623 CVE requests: LibTIFF mailing-list
1024150 vdb
https://bugzilla.redhat.com/show_bug.cgi?id=607198 url
GLSA-201209-02 vendor-advisory
40422 third-party-advisory
http://bugzilla.maptools.org/show_bug.cgi?id=2207 url
http://www.remotesensing.org/libtiff/v3.9.4.html url
50726 third-party-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=583081 url
https://nvd.nist.gov/vuln/detail/CVE-2010-2233 advisory
https://access.redhat.com/security/cve/CVE-2010-2233 url

Open in Interactive Console →