CVSS: 8.8EPSS: 8%CPEs: 1EXPL: 3CVE-2017-17095 – LibTIFF pal2rgb 4.0.9 - Heap Buffer Overflow
https://notcve.org/view.php?id=CVE-2017-17095
02 Dec 2017 — tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file. tools/pal2rgb.c en pal2rgb en LibTIFF 4.0.7 permite que atacantes remotos provoquen una denegación de servicio (desbordamiento de búfer basado en memoria dinámica o heap de TIFFSetupStrips y cierre inesperado de la aplicación) o, probablemente, causen otros impactos no especificad... • https://packetstorm.news/files/id/145357 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13726 – Ubuntu Security Notice USN-3602-1
https://notcve.org/view.php?id=CVE-2017-13726
29 Aug 2017 — There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack. Es posible abortar aserciones alcanzables en la función TIFFWriteDirectorySec() en LibTIFF 4.0.8 en relación con tif_dirwrite.c y una etiqueta SubIFD. Se podría realizar un ataque de denegación de servicio remoto con una entrada especialmente manipulada. It was discovered that LibTIFF incorrectly handled cer... • http://bugzilla.maptools.org/show_bug.cgi?id=2727 • CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13727 – Ubuntu Security Notice USN-3602-1
https://notcve.org/view.php?id=CVE-2017-13727
29 Aug 2017 — There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack. Es posible abortar aserciones alcanzables en la función TIFFWriteDirectoryTagSubifd() en LibTIFF 4.0.8 en relación con tif_dirwrite.c y una etiqueta SubIFD. Se podría realizar un ataque de denegación de servicio remoto con una entrada especialmente manipulada. It was discovered that LibTIFF incorrectly... • http://bugzilla.maptools.org/show_bug.cgi?id=2728 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12944 – Ubuntu Security Notice USN-3602-1
https://notcve.org/view.php?id=CVE-2017-12944
18 Aug 2017 — The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation. La función TIFFReadDirEntryArray en tif_read.c en LibTIFF 4.0.8 maneja incorrectamente la asignación de memoria para archivos pequeños, lo que permite a los atacantes remotos provocar una denegación de servicio en l... • http://bugzilla.maptools.org/show_bug.cgi?id=2725 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-11613 – Debian Security Advisory 4349-1
https://notcve.org/view.php?id=CVE-2017-11613
26 Jul 2017 — In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. • http://www.securityfocus.com/bid/99977 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-11335 – Ubuntu Security Notice USN-3602-1
https://notcve.org/view.php?id=CVE-2017-11335
16 Jul 2017 — There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack. Se presenta un desbordamiento de búfer en la región heap de la memoria en el archivo tools/tiff2pdf.c de LibTIFF versión 4.0.8 por medio de una imagen PlanarConfig=Contig, que causa una escr... • http://bugzilla.maptools.org/show_bug.cgi?id=2715 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 2CVE-2017-10688 – LibTIFF - 'tif_dirwrite.c' Denial of Service
https://notcve.org/view.php?id=CVE-2017-10688
29 Jun 2017 — In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A crafted input will lead to a remote denial of service attack. En LibTIFF versión 4.0.8, se presenta un abortado de aserción en la función TIFFWriteDirectoryTagCheckedLong8Array del archivo tif_dirwrite.c. Una entrada especialmente diseñada conllevará a un ataque de denegación de servicio remoto. It was discovered that LibTIFF incorrectly handled certain malformed images. • https://packetstorm.news/files/id/143265 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 1CVE-2017-9935 – Debian Security Advisory 4100-1
https://notcve.org/view.php?id=CVE-2017-9935
26 Jun 2017 — In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution. En LibTIFF 4.0.8, hay un buffer overflow basado en el heap en la funció... • http://bugzilla.maptools.org/show_bug.cgi?id=2704 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 4%CPEs: 6EXPL: 2CVE-2017-9936 – LibTIFF - 'tif_jbig.c' Denial of Service
https://notcve.org/view.php?id=CVE-2017-9936
26 Jun 2017 — In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack. En LibTIFF 4.0.8, hay una fuga de memoria en el archivo tif_jbig.c. Un archivo manipulado puede llevar a una fuga de memoria resultante en un ataque de denegación de servicio. It was discovered that LibTIFF incorrectly handled certain malformed images. • https://packetstorm.news/files/id/143266 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-9937 – Ubuntu Security Notice USN-5742-1
https://notcve.org/view.php?id=CVE-2017-9937
26 Jun 2017 — In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack. En LibTIFF 4.0.8, hay una fallo en la asignación de memoria en el archivo tif_jbig.c. Un documento TIFF manipulado puede resultar en la aborción que lleva a un ataque de denegación de servicio. It was discovered that JBIG-KIT incorrectly handled decoding certain large image files. • http://bugzilla.maptools.org/show_bug.cgi?id=2707 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •