CVE-2010-2630

Libtiff - Improper Input Validation

Title source: rule

Description

The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Tom Lane · textdoslinux

https://www.exploit-db.com/exploits/34278

View Code ZIP pw:eip

References (5)

Core 5

Core References

Patch x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=554371

Patch x_refsource_confirm

http://bugzilla.maptools.org/show_bug.cgi?id=2210

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2012/dsa-2552

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-201209-02.xml

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/50726

Scores

EPSS 0.0394

EPSS Percentile 88.4%

Details

CWE

CWE-20

Status published

Products (1)

libtiff/libtiff 3.9.0

Published Jul 06, 2010

Tracked Since Feb 18, 2026