CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-10779 – libtiff: heap-based buffer over-read in TIFFWriteScanline function in tif_write.c
https://notcve.org/view.php?id=CVE-2018-10779
TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff. TIFFWriteScanline en tif_write.c en LibTIFF 3.8.2 tiene una sobrelectura de búfer basada en memoria dinámica (heap), tal y como queda demostrado con bmp2tiff. An integer overflow has been discovered in libtiff in TIFFSetupStrips:tif_write.c, which could lead to a heap-based buffer overflow in TIFFWriteScanline:tif_write.c. An attacker may use this vulnerability to corrupt memory or cause Denial of Service. • http://bugzilla.maptools.org/show_bug.cgi?id=2788 http://www.securityfocus.com/bid/104089 https://access.redhat.com/errata/RHSA-2019:2053 https://usn.ubuntu.com/3906-1 https://usn.ubuntu.com/3906-2 https://access.redhat.com/security/cve/CVE-2018-10779 https://bugzilla.redhat.com/show_bug.cgi?id=1577311 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2018-5360
https://notcve.org/view.php?id=CVE-2018-5360
LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27. LibTIFF 4.0.9 gestiona de manera incorrecta la lectura de archivos TIFF, tal y como demuestra una sobrelectura de búfer basada en memoria dinámica (heap) en la función ReadTIFFImage en coders/tiff.c en GraphicsMagick 1.3.27. • http://bugzilla.maptools.org/show_bug.cgi?id=2500 https://gitlab.com/libtiff/libtiff/commit/739dcd28a061738b317c1e9f91029d9cbc157159 https://sourceforge.net/p/graphicsmagick/bugs/540 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 1CVE-2017-9935
https://notcve.org/view.php?id=CVE-2017-9935
In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution. En LibTIFF 4.0.8, hay un buffer overflow basado en el heap en la función t2p_write_pfd en el archivo tools/tiff2pdf.c. • http://bugzilla.maptools.org/show_bug.cgi?id=2704 http://www.securityfocus.com/bid/99296 https://lists.debian.org/debian-lts-announce/2017/12/msg00008.html https://usn.ubuntu.com/3606-1 https://www.debian.org/security/2018/dsa-4100 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-9937
https://notcve.org/view.php?id=CVE-2017-9937
In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack. En LibTIFF 4.0.8, hay una fallo en la asignación de memoria en el archivo tif_jbig.c. Un documento TIFF manipulado puede resultar en la aborción que lleva a un ataque de denegación de servicio. • http://bugzilla.maptools.org/show_bug.cgi?id=2707 http://www.securityfocus.com/bid/99304 https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 1CVE-2016-5314
https://notcve.org/view.php?id=CVE-2016-5314
Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr. Desbordamiento de búfer en la función PixarLogDecode en tif_pixarlog.c en LibTIFF, en versiones 4.0.6 y anteriores, permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado de la aplicación) u otro tipo de impacto sin especificar mediante una imagen TIFF manipulada. Esto se demuestra sobrescribiendo el puntero de función vgetparent con rgb2ycbcr. • http://bugzilla.maptools.org/show_bug.cgi?id=2554 http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html http://lists.opensuse.org/opensuse-updates/2016-07/msg00087.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00060.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00090.html http://www.openwall.com/lists/oss-security/2016/06/15/1 http://www.openwall.com/lists/oss-security/2016/06/15/9 http://www.openwall.com/lists/oss-security/2 • CWE-787: Out-of-bounds Write •