CVE-2010-2597 — Vulnetix

Try Vulnetix Request Demo

CVE-2010-2597 PUBLISHED CVSS 4.300000190734863 MEDIUM

The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image, related to "downsampled OJPEG input" and possibly related to a compiler optimization that triggers a divide-by-zero error.

EPSS 1.44% · 80.6th percentile

Risk Scores

CVSS v2.0

4.300000190734863

EPSS Score

1.44%

80.6th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
libtiff	libtiff	3.9.0, 3.9.2

Timeline

Jul 1, 2010 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score
Aug 31, 2023 EPSS Score
Oct 22, 2023 EPSS Score

References

https://bugzilla.redhat.com/show_bug.cgi?id=603703 url
40527 third-party-advisory
http://bugzilla.maptools.org/show_bug.cgi?id=2215 url
DSA-2552 vendor-advisory
https://bugs.launchpad.net/bugs/593067 url
ADV-2010-1761 vdb
GLSA-201209-02 vendor-advisory
RHSA-2010:0519 vendor-advisory
40422 third-party-advisory
50726 third-party-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=583081 url
https://nvd.nist.gov/vuln/detail/CVE-2010-2597 advisory

Open in Interactive Console →