CVE-2010-2630

libtiff - Denial of Service via Malformed TIFF File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2630. PoCs published by Tom Lane.

AI-analyzed exploit summary The provided text describes a denial-of-service vulnerability in LibTIFF due to improper input validation. It references an external source (SecurityFocus) and a binary exploit file (34279.tif) but does not contain executable code.

Description

The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Tom Lane · textdoslinux
https://www.exploit-db.com/exploits/34278

The provided text describes a denial-of-service vulnerability in LibTIFF due to improper input validation. It references an external source (SecurityFocus) and a binary exploit file (34279.tif) but does not contain executable code.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Theoretical
Target: LibTIFF (version not specified)
No auth needed
Prerequisites: A vulnerable version of LibTIFF · Ability to deliver a malformed TIFF file to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2012/dsa-2552
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201209-02.xml
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/50726

Scores

EPSS 0.0495
EPSS Percentile 91.1%

Details

CWE
CWE-20
Status published
Products (1)
libtiff/libtiff 3.9.0
Published Jul 06, 2010
Tracked Since Feb 18, 2026