Vulnerability CVE-2010-2443 - CERT Civis.Net

Vulnerability Name:

CVE-2010-2443 (CCN-59766)

Assigned:

2010-06-11

Published:

2010-06-11

Updated:

2013-05-15

Summary:

The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an OJPEG image with undefined strip offsets, related to the TIFFVGetField function.
Per: http://cwe.mitre.org/data/definitions/476.html

'CWE-476: NULL Pointer Dereference'

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: CCN
Type: Sun Security Blog 24 Jan 2011
CVE-2010-2065 CVE-2010-2443 Integer Overflow and DoS Vulnerabilities in libtiff

Source: CONFIRM
Type: UNKNOWN
http://blogs.sun.com/security/entry/cve_2010_2065_cve_2010

Source: MITRE
Type: CNA
CVE-2010-2443

Source: MLIST
Type: UNKNOWN
[oss-security] 20100624 Re: CVE requests: LibTIFF

Source: MLIST
Type: UNKNOWN
[oss-security] 20100629 Re: CVE requests: LibTIFF

Source: CCN
Type: SA41800
Sun Solaris LibTIFF Multiple Vulnerabilities

Source: CCN
Type: SA41876
Sun Solaris LibTIFF Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
50726

Source: GENTOO
Type: UNKNOWN
GLSA-201209-02

Source: CCN
Type: OSVDB ID: 65795
LibTIFF OJPEG File Handling Unspecified DoS

Source: CCN
Type: OSVDB ID: 66083
LibTIFF td_stripbytecount Field Handling Weakness Crafted TIFF File DoS

Source: CCN
Type: LibTIFF Web site
TIFF CHANGE INFORMATION

Source: CONFIRM
Type: UNKNOWN
http://www.remotesensing.org/libtiff/v3.9.3.html

Source: VUPEN
Type: Vendor Advisory
ADV-2011-0204

Source: CONFIRM
Type: UNKNOWN
https://bugs.launchpad.net/ubuntu/lucid/+source/tiff/+bug/589145

Source: XF
Type: UNKNOWN
libtiff-ojpeg-dos(59766)

Vulnerable Configuration:

Configuration 1:

cpe:/a:libtiff:libtiff:3.4:*:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.4:beta18:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.4:beta24:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.4:beta28:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.4:beta29:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.4:beta31:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.4:beta32:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.4:beta34:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.4:beta35:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.4:beta36:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.4:beta37:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.5.6:*:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.5.6:beta:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.5.7:alpha:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.5.7:alpha2:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.5.7:alpha3:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.5.7:alpha4:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.5.7:beta:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.6.0:beta:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.6.0:beta2:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.7.0:alpha:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.7.0:beta:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.7.0:beta2:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.7.1:*:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.7.2:*:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.7.3:*:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.7.4:*:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.8.0:*:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.8.1:*:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.8.2:*:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.9:*:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.9.0:*:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.9.0:beta:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:3.9.1:*:*:*:*:*:*:*

OR cpe:/a:libtiff:libtiff:*:*:*:*:*:*:*:* (Version <= 3.9.2)

Configuration CCN 1:

cpe:/a:remotesensing:libtiff:3.9.1:*:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.9.0:*:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.9.0:beta:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.8.2:*:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.8.1:*:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.8.0:*:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.7.4:*:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.7.3:*:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.7.2:*:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.7.1:*:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.7.0:*:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.7.0:alpha:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.7.0:beta:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.7.0:beta2:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.6.1:*:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.6.0:*:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.6.0:beta:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.6.0:beta2:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.5.7:*:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.5.7:beta:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.5.7:alpha:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.5.7:alpha2:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.5.7:alpha3:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.5.7:alpha4:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.5.6:*:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.5.6:beta:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.5.5:*:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.5.4:*:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.5.3:*:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.5.2:*:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.5.1:*:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.4:*:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.4:beta18:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.4:beta24:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.4:beta28:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.4:beta29:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.4:beta31:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.4:beta32:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.4:beta34:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.4:beta35:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.4:beta36:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.4:beta37:*:*:*:*:*:*

OR cpe:/a:remotesensing:libtiff:3.9.2:*:*:*:*:*:*:*

AND

cpe:/o:sun:solaris:9::sparc:*:*:*:*:*

OR cpe:/o:sun:solaris:10::64bit:*:*:*:*:*

OR cpe:/o:oracle:solaris:8:*:*:*:*:*:*:*

OR cpe:/o:oracle:solaris:9:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2010:*:*:*:x86_64:*:*:*

OR cpe:/o:mandriva:linux:2010:*:*:*:*:*:*:*

Denotes that component is vulnerable