Description
LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during the second stage, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.
Exploits (1)
References (3)
Core 3
Core References
Exploit, Patch x_refsource_confirm
http://bugzilla.maptools.org/show_bug.cgi?id=2210
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201209-02.xml
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/50726
Scores
EPSS
0.0537
EPSS Percentile
90.2%
Details
CWE
CWE-20
Status
published
Products (1)
libtiff/libtiff
3.9.0
Published
Jul 06, 2010
Tracked Since
Feb 18, 2026