CVE-2010-2598

Exploit

EPSS 0.58%
Published 02.07.2010 12:43:53
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPEG input."

Affected products Warnungen 0 Metrics 2 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Enterprise Linux Version3

Redhat ≫ Enterprise Linux Version3 Updatega

Redhat ≫ Enterprise Linux Version3 Updatega Editionas

Redhat ≫ Enterprise Linux Version3 Updatega Editiondesktop

Redhat ≫ Enterprise Linux Version3 Updatega Editiones

Redhat ≫ Enterprise Linux Version3 Updatega Editionws

Redhat ≫ Enterprise Linux Version3.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.58%	0.664

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/40536

Third Party Advisory

Permissions Required

http://www.redhat.com/support/errata/RHSA-2010-0520.html

Not Applicable

http://www.vupen.com/english/advisories/2010/1761

Broken Link

https://bugzilla.redhat.com/show_bug.cgi?id=583081

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2010-2598

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-2598

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-2598

EUVD