{"url":"http://public2.vulnerablecode.io/api/packages/184693?format=json","purl":"pkg:rpm/redhat/libtiff@3.5.7-34?arch=el3","type":"rpm","namespace":"redhat","name":"libtiff","version":"3.5.7-34","qualifiers":{"arch":"el3"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102726?format=json","vulnerability_id":"VCID-hcaj-3gt6-c7hg","summary":"LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to \"downsampled OJPEG input.\"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2598.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2598.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2598","reference_id":"","reference_type":"","scores":[{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.69398","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.69437","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.69445","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.69436","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.69424","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2598"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=610786","reference_id":"610786","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=610786"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0520","reference_id":"RHSA-2010:0520","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0520"},{"reference_url":"https://usn.ubuntu.com/1085-1/","reference_id":"USN-1085-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1085-1/"}],"fixed_packages":[],"aliases":["CVE-2010-2598"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hcaj-3gt6-c7hg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102716?format=json","vulnerability_id":"VCID-yq53-171e-nye4","summary":"Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file that triggers a heap-based buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1411.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1411.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1411","reference_id":"","reference_type":"","scores":[{"value":"0.00745","scoring_system":"epss","scoring_elements":"0.73403","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00745","scoring_system":"epss","scoring_elements":"0.73439","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00745","scoring_system":"epss","scoring_elements":"0.73445","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00745","scoring_system":"epss","scoring_elements":"0.73431","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00745","scoring_system":"epss","scoring_elements":"0.73418","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1411"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1411","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1411"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=592361","reference_id":"592361","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=592361"},{"reference_url":"https://security.gentoo.org/glsa/201209-02","reference_id":"GLSA-201209-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201209-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0519","reference_id":"RHSA-2010:0519","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0519"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0520","reference_id":"RHSA-2010:0520","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0520"},{"reference_url":"https://usn.ubuntu.com/954-1/","reference_id":"USN-954-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/954-1/"}],"fixed_packages":[],"aliases":["CVE-2010-1411"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yq53-171e-nye4"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/libtiff@3.5.7-34%3Farch=el3"}