Lucene search

[email protected]CVE-2010-2598

HistoryJul 02, 2010 - 12:43 p.m.

CVE-2010-2598

2010-07-0212:43:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2010-2598

libtiff

red hat enterprise linux

rhel 3

x86_64

denial of service

crafted tiff

nvd

6.1 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

75.9%

JSON

LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to “downsampled OJPEG input.”

CPENameOperatorVersion
redhat:enterprise_linuxredhat enterprise linuxeq3
redhat:enterprise_linuxredhat enterprise linuxeq3.0

CPE	Name	Operator	Version
redhat:enterprise_linux	redhat enterprise linux	eq	3
redhat:enterprise_linux	redhat enterprise linux	eq	3.0

References

secunia.com/advisories/40536

www.redhat.com/support/errata/RHSA-2010-0520.html

www.vupen.com/english/advisories/2010/1761

bugzilla.redhat.com/show_bug.cgi?id=583081

6.1 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

75.9%

JSON

Related for CVE-2010-2598

veracode1 debiancve1 prion1 ubuntucve1 nessus6 openvas8 centos1 redhat1 ubuntu2