CVE-2010-2598 - OpenCVE

LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPEG input."

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:o:redhat:enterprise_linux:3:::::::*
	cpe:2.3:o:redhat:enterprise_linux:3:ga::::::
	cpe:2.3:o:redhat:enterprise_linux:3:ga:as:::::*
	cpe:2.3:o:redhat:enterprise_linux:3:ga:desktop:::::*
	cpe:2.3:o:redhat:enterprise_linux:3:ga:es:::::*
	cpe:2.3:o:redhat:enterprise_linux:3:ga:ws:::::*
	cpe:2.3:o:redhat:enterprise_linux:3.0:::::::*

References

Link	Resource
http://secunia.com/advisories/40536	Permissions Required Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0520.html	Not Applicable
http://www.vupen.com/english/advisories/2010/1761	Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=583081	Exploit

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2010-07-01T18:00:00

Updated: 2010-07-15T09:00:00

Reserved: 2010-07-01T00:00:00

Link: CVE-2010-2598

JSON object: View

NVD Information

Status : Analyzed

Published: 2010-07-02T12:43:53.080

Modified: 2016-11-08T14:56:50.803

Link: CVE-2010-2598

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-06-23T00:00:00", "descriptions": [{"lang": "en", "value": "LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to \"downsampled OJPEG input.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-07-15T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2010-1761", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/1761"}, {"name": "RHSA-2010:0520", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0520.html"}, {"name": "40536", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/40536"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=583081"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-2598", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to \"downsampled OJPEG input.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2010-1761", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1761"}, {"name": "RHSA-2010:0520", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2010-0520.html"}, {"name": "40536", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/40536"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=583081", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=583081"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-2598", "datePublished": "2010-07-01T18:00:00", "dateReserved": "2010-07-01T00:00:00", "dateUpdated": "2010-07-15T09:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:3:*:*:*:*:*:*:*", "matchCriteriaId": "444EBE64-D3C8-41E9-8E02-22C6BDA2876B", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:3:ga:*:*:*:*:*:*", "matchCriteriaId": "3CBD33CE-B3AE-44C6-9E0F-1AA0E72FD609", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:3:ga:as:*:*:*:*:*", "matchCriteriaId": "BFDF9897-AE74-4EEA-990A-EF029A317254", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:3:ga:desktop:*:*:*:*:*", "matchCriteriaId": "C98BB168-05EA-4801-95D6-7A4D14F3A309", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:3:ga:es:*:*:*:*:*", "matchCriteriaId": "5AF0549C-3415-4A3E-8D4D-54439FDA73E2", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:3:ga:ws:*:*:*:*:*", "matchCriteriaId": "56DDBFEB-72F7-478A-BEA2-80BBEC242B9C", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "40D8DAE0-8E75-435C-9BD6-FAEED2ACB47C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to \"downsampled OJPEG input.\""}, {"lang": "es", "value": "La libreria LibTIFF de Red Hat Enterprise Linux (RHEL) v3 sobre las plataformas x86_64, tal y como se utiliza en tiff2rgba, intenta de procesar los datos de la imagen incluso cuando la funcionalidad de compresi\u00f3n solicitado no est\u00e1 configurada, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio a trav\u00e9s de una imagen TIFF debidamente modificada. Se trata de una vulnerabilidad relacionada con \"downsampled OJPEG input\"."}], "id": "CVE-2010-2598", "lastModified": "2016-11-08T14:56:50.803", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-07-02T12:43:53.080", "references": [{"source": "cve@mitre.org", "tags": ["Permissions Required", "Third Party Advisory"], "url": "http://secunia.com/advisories/40536"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0520.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2010/1761"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=583081"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}