CVE-2010-2631

LibTIFF 3.9.0 - Denial of Service via Crafted TIFF File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2631. PoCs published by Tom Lane.

AI-analyzed exploit summary The provided entry describes a denial-of-service vulnerability in LibTIFF due to improper input validation. The exploit is referenced as a malicious TIFF file that can crash applications using the library.

Description

LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during the second stage, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Tom Lane · textdoslinux

https://www.exploit-db.com/exploits/34279

View Code ZIP pw:eip

The provided entry describes a denial-of-service vulnerability in LibTIFF due to improper input validation. The exploit is referenced as a malicious TIFF file that can crash applications using the library.

Classification

Writeup 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: LibTIFF (version not specified)

No auth needed

Prerequisites: A vulnerable version of LibTIFF · Ability to deliver a malicious TIFF file to the target application

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Patch x_refsource_confirm

http://bugzilla.maptools.org/show_bug.cgi?id=2210

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-201209-02.xml

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/50726

Scores

EPSS 0.0288

EPSS Percentile 85.1%

Details

CWE

CWE-20

Status published

Products (1)

libtiff/libtiff 3.9.0

Published Jul 06, 2010

Tracked Since Feb 18, 2026