CVE-2010-2598

Exploit

EPSS 0.58%
Veröffentlicht 02.07.2010 12:43:53
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPEG input."

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Enterprise Linux Version3

Redhat ≫ Enterprise Linux Version3 Updatega

Redhat ≫ Enterprise Linux Version3 Updatega Editionas

Redhat ≫ Enterprise Linux Version3 Updatega Editiondesktop

Redhat ≫ Enterprise Linux Version3 Updatega Editiones

Redhat ≫ Enterprise Linux Version3 Updatega Editionws

Redhat ≫ Enterprise Linux Version3.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.58%	0.664

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/40536

Third Party Advisory

Permissions Required

http://www.redhat.com/support/errata/RHSA-2010-0520.html

Not Applicable

http://www.vupen.com/english/advisories/2010/1761

Broken Link

https://bugzilla.redhat.com/show_bug.cgi?id=583081

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2010-2598

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-2598

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-2598

EUVD