CVE-2010-2631: Input Validation
First published: Tue Jul 06 2010(Updated: )
LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during the second stage, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| tiff | =3.9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2010-2631?
CVE-2010-2631 has a severity rating that indicates it can lead to a denial of service by causing an application crash.
How do I fix CVE-2010-2631?
To fix CVE-2010-2631, you should update to a patched version of LibTIFF that addresses this vulnerability.
What versions of LibTIFF are affected by CVE-2010-2631?
CVE-2010-2631 specifically affects LibTIFF version 3.9.0.
Can CVE-2010-2631 be exploited remotely?
Yes, CVE-2010-2631 can be exploited remotely via crafted TIFF files.
What kind of attack is associated with CVE-2010-2631?
CVE-2010-2631 is associated with denial of service attacks that result in application crashes.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/severity
- agent/remedy
- agent/references
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- vendor/libtiff
- canonical/tiff
- version/tiff/3.9.0