CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 0CVE-2017-16232
https://notcve.org/view.php?id=CVE-2017-16232
LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue ** EN DISPUTA ** LibTIFF 4.0.8 tiene múltiples vulnerabilidades de fuga de memoria, lo que permite que los atacantes provoquen una denegación de servicio (consumo de memoria), tal y como queda demostrado con tif_open.c, tif_lzw.c y tif_aux.c. NOTA: los terceros eran incapaces de reproducir el problema. • http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00041.html http://packetstormsecurity.com/files/150896/LibTIFF-4.0.8-Memory-Leak.html http://seclists.org/fulldisclosure/2018/Dec/32 http://seclists.org/fulldisclosure/2018/Dec/47 http://www.openwall.com/lists/oss-security/2017/11/01/11 http://www.openwall.com/lists/oss-security/2017/11/01/3 http://www.openwall.com/lists/oss-security/2017& • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-19210
https://notcve.org/view.php?id=CVE-2018-19210
In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset. En LibTIFF 4.0.9, hay una desreferencia de puntero NULL en la función TIFFWriteDirectorySec en tif_dirwrite.c que conducirá a un ataque de denegación de servicio (DoS), tal y como queda demostrado con tiffset. • http://bugzilla.maptools.org/show_bug.cgi?id=2820 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html http://packetstormsecurity.com/files/155095/Slackware-Security-Advisory-libtiff-Updates.html http://www.securityfocus.com/bid/105932 https://lists.debian.org/debian-lts-announce/2019/02/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C6IL2QFKE6MGVUTOPU2UUWITTE36KRDF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fed • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-18661 – libtiff: tiff2bw tool failed memory allocation leads to crash
https://notcve.org/view.php?id=CVE-2018-18661
An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c. Se ha descubierto un problema en LibTIFF 4.0.9. Hay una desreferencia de puntero NULL en la función LZWDecode en tif_lzw.c. • http://bugzilla.maptools.org/show_bug.cgi?id=2819 http://www.securityfocus.com/bid/105762 https://access.redhat.com/errata/RHSA-2019:2053 https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html https://usn.ubuntu.com/3864-1 https://access.redhat.com/security/cve/CVE-2018-18661 https://bugzilla.redhat.com/show_bug.cgi?id=1644448 • CWE-121: Stack-based Buffer Overflow CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 25%CPEs: 7EXPL: 1CVE-2018-18557 – libtiff 4.0.9 - Decodes Arbitrarily Sized JBIG into a Target Buffer
https://notcve.org/view.php?id=CVE-2018-18557
LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write. LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4. 0.8 y 4.0.9 (con JBIG activado) decodifica JBIG de tamaño arbitrario en un buffer, ignorando el tamaño del buffer, lo que lleva a una escritura fuera de límites de tif_jbig.c JBIGDecode libtiff up to and including 4.0.9 decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size. • https://www.exploit-db.com/exploits/45694 https://access.redhat.com/errata/RHSA-2019:2053 https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-18557 https://gitlab.com/libtiff/libtiff/commit/681748ec2f5ce88da5f9fa6831e1653e46af8a66 https://gitlab.com/libtiff/libtiff/merge_requests/38 https://lists.debian.org/debian-lts-announce/2018/10/msg00019.html https://security.gentoo.org/glsa/201904-15 https://usn.ubuntu.com/3864-1 https://usn.ubuntu.com/3906-2 https:/& • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1CVE-2018-17795
https://notcve.org/view.php?id=CVE-2018-17795
The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935. La función t2p_write_pdf en tiff2pdf.c en LibTIFF versión 4.0.9 y anteriores permite a los atacantes remotos causar una denegación de servicio (desbordamiento del búfer basado en heap y caída de la aplicación) o posiblemente tener otro impacto no especificado a través de un archivo TIFF elaborado, una cuestión similar a CVE-2017-9935 • http://bugzilla.maptools.org/show_bug.cgi?id=2816 http://www.securityfocus.com/bid/105445 https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-17795 • CWE-787: Out-of-bounds Write •