CVE-2010-2233
EPSS 2.4%
Description
tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to "downsampled OJPEG input."
How to fix CVE-2010-2233
To remediate CVE-2010-2233, upgrade the affected package to a fixed version below.
- Debian/tiff—upgrade to 3.9.4-2 or later
Is CVE-2010-2233 being exploited?
Low — EPSS is 2.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 3.9.4-2