CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-17546 – libtiff: integer overflow leading to heap-based buffer overflow in tif_getimage.c
https://notcve.org/view.php?id=CVE-2019-17546
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition. El archivo tif_getimage.c en LibTIFF versiones hasta 4.0.10, como es usado en GDAL hasta 3.0.1 y otros productos, presenta un desbordamiento de enteros que causa potencialmente un desbordamiento de búfer en la región heap de la memoria por medio de una imagen RGBA diseñada, relacionada con una condición "Negative-size-param". • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443 https://github.com/OSGeo/gdal/commit/21674033ee246f698887604c7af7ba1962a40ddf https://gitlab.com/libtiff/libtiff/commit/4bb584a35f87af42d6cf09d15e9ce8909a839145 https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html https://lists.debian.org/debian-lts-announce/2020/03/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LM5ZW7E3IEW7LT2BPJP7D3RN6OUOE3MX https://lists.fedoraproject.org/archives/list/package • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 1%CPEs: 8EXPL: 0CVE-2019-14973 – libtiff: integer overflow in _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c
https://notcve.org/view.php?id=CVE-2019-14973
_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash. Múltiples vulnerabilidades no especificadas en Oracle Database versiones 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5 y 10.2.0.3, presentan un impacto desconocido y vectores de ataque remotos no autenticados o autenticados relacionados con (1) SYS. DBMS_AQ en el componente Advanced Queue Server, también se conoce como DB01; (2) Core RDBMS, también se conoce como DB03; (3) SDO_GEOM en Oracle Spatial, también se conoce como DB06; (4) Export, también se conoce como DB12; y (5) DBMS_STATS en el Query Optimizer , también se conoce como DB13. NOTA: la información anterior fue obtenida de la CPU de Oracle. • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00102.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00023.html http://packetstormsecurity.com/files/155095/Slackware-Security-Advisory-libtiff-Updates.html https://gitlab.com/libtiff/libtiff/merge_requests/90 https://lists.debian.org/debian-lts-announce/2019/08/msg00031.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63BVT6N5KQPHWOWM4B3I7Z3ODBXUVNPS https://lists.fedoraproject.org/archiv • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-19210
https://notcve.org/view.php?id=CVE-2018-19210
In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset. En LibTIFF 4.0.9, hay una desreferencia de puntero NULL en la función TIFFWriteDirectorySec en tif_dirwrite.c que conducirá a un ataque de denegación de servicio (DoS), tal y como queda demostrado con tiffset. • http://bugzilla.maptools.org/show_bug.cgi?id=2820 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html http://packetstormsecurity.com/files/155095/Slackware-Security-Advisory-libtiff-Updates.html http://www.securityfocus.com/bid/105932 https://lists.debian.org/debian-lts-announce/2019/02/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C6IL2QFKE6MGVUTOPU2UUWITTE36KRDF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fed • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-18661 – libtiff: tiff2bw tool failed memory allocation leads to crash
https://notcve.org/view.php?id=CVE-2018-18661
An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c. Se ha descubierto un problema en LibTIFF 4.0.9. Hay una desreferencia de puntero NULL en la función LZWDecode en tif_lzw.c. • http://bugzilla.maptools.org/show_bug.cgi?id=2819 http://www.securityfocus.com/bid/105762 https://access.redhat.com/errata/RHSA-2019:2053 https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html https://usn.ubuntu.com/3864-1 https://access.redhat.com/security/cve/CVE-2018-18661 https://bugzilla.redhat.com/show_bug.cgi?id=1644448 • CWE-121: Stack-based Buffer Overflow CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 25%CPEs: 7EXPL: 1CVE-2018-18557 – libtiff 4.0.9 - Decodes Arbitrarily Sized JBIG into a Target Buffer
https://notcve.org/view.php?id=CVE-2018-18557
LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write. LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4. 0.8 y 4.0.9 (con JBIG activado) decodifica JBIG de tamaño arbitrario en un buffer, ignorando el tamaño del buffer, lo que lleva a una escritura fuera de límites de tif_jbig.c JBIGDecode libtiff up to and including 4.0.9 decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size. • https://www.exploit-db.com/exploits/45694 https://access.redhat.com/errata/RHSA-2019:2053 https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-18557 https://gitlab.com/libtiff/libtiff/commit/681748ec2f5ce88da5f9fa6831e1653e46af8a66 https://gitlab.com/libtiff/libtiff/merge_requests/38 https://lists.debian.org/debian-lts-announce/2018/10/msg00019.html https://security.gentoo.org/glsa/201904-15 https://usn.ubuntu.com/3864-1 https://usn.ubuntu.com/3906-2 https:/& • CWE-787: Out-of-bounds Write •