CVSS: 9.8EPSS: 21%CPEs: 47EXPL: 4CVE-2009-5022 – IrfanView - '.TIF' Image Decompression Buffer Overflow
https://notcve.org/view.php?id=CVE-2009-5022
03 May 2011 — Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file. Desbordamiento de búfer basado en memoria dinámica en tif_ojpeg.c en el decodificador OJPEG en LibTIFF anterior a v3.9.5 permite a atacantes remotos ejecutar código arbitrario mediante un fichero TIFF manipulado. • https://www.exploit-db.com/exploits/22681 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 2%CPEs: 47EXPL: 0CVE-2010-4665 – libtiff tiffdump integer overflow
https://notcve.org/view.php?id=CVE-2010-4665
03 May 2011 — Integer overflow in the ReadDirectory function in tiffdump.c in tiffdump in LibTIFF before 3.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF file containing a directory data structure with many directory entries. Desbordamiento de enteros en la función ReadDirectory en tiffdump.c en tiffdump en LibTIFF antes de v3.9.5 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente t... • http://bugzilla.maptools.org/show_bug.cgi?id=2218 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 3%CPEs: 47EXPL: 0CVE-2011-1167 – Libtiff ThunderCode Decoder THUNDER_2BITDELTAS Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1167
21 Mar 2011 — Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value. Desbordamiento de búfer basado en memoria dinámica en el decodificador Thunder (tambien conocido por ThunderScan) en tif_thunder.c de LibTIFF v3.9.4 y anteriores ,permite a atacantes remotos causar una denegación de servicio (cuelgue) o ejecutar código... • http://blackberry.com/btsc/KB27244 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2010-3087
https://notcve.org/view.php?id=CVE-2010-3087
28 Sep 2010 — LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF image. LibTIFF anterior v3.9.2-5.2.1 en SUSE openSUSE v11.3 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) o probablemente ejecutar código de su elección a través de una imagen TIFF manipulada. • http://blackberry.com/btsc/KB27244 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 4%CPEs: 1EXPL: 1CVE-2010-2630 – LibTIFF 3.9.4 - Out-Of-Order Tag Type Mismatch Remote Denial of Service
https://notcve.org/view.php?id=CVE-2010-2630
06 Jul 2010 — The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481. La función TIFFReadDirectory en LibTIFF v3.9.0 no valida adecuadamente los tipos de datos de etiquetas codec-specific que tiene una posición fuera de orden en los ficheros TIFF, lo que permite a atacante... • https://www.exploit-db.com/exploits/34278 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 2%CPEs: 1EXPL: 2CVE-2010-2631 – LibTIFF 3.9.4 - Unknown Tag Second Pass Processing Remote Denial of Service
https://notcve.org/view.php?id=CVE-2010-2631
06 Jul 2010 — LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during the second stage, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481. LibTIFF v3.9.0 ignora las etiquetas en ciertas situaciones durante la primera etapa del procesado de archivos TIFF y no los maneja adecuadamente durante la segunda etapa, lo cual permite a los atacantes remotos c... • https://www.exploit-db.com/exploits/34279 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 1%CPEs: 45EXPL: 1CVE-2010-2481 – libtiff: TIFFExtractData out-of-bounds read crash
https://notcve.org/view.php?id=CVE-2010-2481
06 Jul 2010 — The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file. La macro TIFFExtractData en LibTIFF anteior v3.9.4 no maneja adecuadamente tipos de etiquetas desconocidas en entradas de directorios TIFF, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango y caída de programa) a través de... • http://bugzilla.maptools.org/show_bug.cgi?id=2210 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 13%CPEs: 45EXPL: 2CVE-2010-2482 – LibTIFF - 'td_stripbytecount' Null Pointer Dereference Remote Denial of Service
https://notcve.org/view.php?id=CVE-2010-2482
06 Jul 2010 — LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443. LibTIFF v3.9.4 y anteriores no manejan adecuadamente el campo invalid td_stripbytecount, lo que pemite a atacantes remotos causar una denegación de servicio (desreferencia de puntero nulo y caída de programa) a través de un fichero TIFF manipulad... • https://www.exploit-db.com/exploits/14573 •
CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 0CVE-2010-2483 – libtiff: out-of-bounds read crash on images with invalid SamplesPerPixel values
https://notcve.org/view.php?id=CVE-2010-2483
06 Jul 2010 — The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values. La función TIFFRGBAImageGet en LibTIFF v3.9.0 permite a los atacantes remotos causar una denegación de servicio (lectura fuera de rango y fallo de la aplicación) a través de ficheros TIFF con una combinación no válida de los valores SamplesPerPixel y Photometric. • http://bugzilla.maptools.org/show_bug.cgi?id=2216 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0CVE-2010-2233
https://notcve.org/view.php?id=CVE-2010-2233
01 Jul 2010 — tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to "downsampled OJPEG input." tif_getimage.c de LibTIFF v3.9.0 y v3.9.2 en plataformas de 64 bits, como las empleadas en ImageMagick, no rotan verticalmente de forma adecuada, lo que permite a atacantes remotos provocar una denegación ... • http://bugzilla.maptools.org/show_bug.cgi?id=2207 • CWE-20: Improper Input Validation •