Vulnerability Details : CVE-2010-2598
LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPEG input."
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2010-2598
Probability of exploitation activity in the next 30 days: 0.49%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 76 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-2598
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2010-2598
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-2598
-
https://bugzilla.redhat.com/show_bug.cgi?id=583081
583081 – Assorted libtiff failures on downsampled OJPEG inputExploit
-
http://www.redhat.com/support/errata/RHSA-2010-0520.html
SupportNot Applicable
-
http://www.vupen.com/english/advisories/2010/1761
Webmail | OVH- OVHBroken Link
Products affected by CVE-2010-2598
- cpe:2.3:o:redhat:enterprise_linux:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:3:ga:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:3:ga:desktop:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:3:ga:es:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:3:ga:ws:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:3:ga:as:*:*:*:*:*