CVSS: 5.5EPSS: 4%CPEs: 1EXPL: 1CVE-2010-2630 – LibTIFF 3.9.4 - Out-Of-Order Tag Type Mismatch Remote Denial of Service
https://notcve.org/view.php?id=CVE-2010-2630
06 Jul 2010 — The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481. La función TIFFReadDirectory en LibTIFF v3.9.0 no valida adecuadamente los tipos de datos de etiquetas codec-specific que tiene una posición fuera de orden en los ficheros TIFF, lo que permite a atacante... • https://www.exploit-db.com/exploits/34278 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 2%CPEs: 1EXPL: 2CVE-2010-2631 – LibTIFF 3.9.4 - Unknown Tag Second Pass Processing Remote Denial of Service
https://notcve.org/view.php?id=CVE-2010-2631
06 Jul 2010 — LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during the second stage, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481. LibTIFF v3.9.0 ignora las etiquetas en ciertas situaciones durante la primera etapa del procesado de archivos TIFF y no los maneja adecuadamente durante la segunda etapa, lo cual permite a los atacantes remotos c... • https://www.exploit-db.com/exploits/34279 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 1%CPEs: 45EXPL: 1CVE-2010-2481 – libtiff: TIFFExtractData out-of-bounds read crash
https://notcve.org/view.php?id=CVE-2010-2481
06 Jul 2010 — The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file. La macro TIFFExtractData en LibTIFF anteior v3.9.4 no maneja adecuadamente tipos de etiquetas desconocidas en entradas de directorios TIFF, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango y caída de programa) a través de... • http://bugzilla.maptools.org/show_bug.cgi?id=2210 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 13%CPEs: 45EXPL: 2CVE-2010-2482 – LibTIFF - 'td_stripbytecount' Null Pointer Dereference Remote Denial of Service
https://notcve.org/view.php?id=CVE-2010-2482
06 Jul 2010 — LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443. LibTIFF v3.9.4 y anteriores no manejan adecuadamente el campo invalid td_stripbytecount, lo que pemite a atacantes remotos causar una denegación de servicio (desreferencia de puntero nulo y caída de programa) a través de un fichero TIFF manipulad... • https://www.exploit-db.com/exploits/14573 •
CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 0CVE-2010-2483 – libtiff: out-of-bounds read crash on images with invalid SamplesPerPixel values
https://notcve.org/view.php?id=CVE-2010-2483
06 Jul 2010 — The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values. La función TIFFRGBAImageGet en LibTIFF v3.9.0 permite a los atacantes remotos causar una denegación de servicio (lectura fuera de rango y fallo de la aplicación) a través de ficheros TIFF con una combinación no válida de los valores SamplesPerPixel y Photometric. • http://bugzilla.maptools.org/show_bug.cgi?id=2216 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0CVE-2010-2233
https://notcve.org/view.php?id=CVE-2010-2233
01 Jul 2010 — tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to "downsampled OJPEG input." tif_getimage.c de LibTIFF v3.9.0 y v3.9.2 en plataformas de 64 bits, como las empleadas en ImageMagick, no rotan verticalmente de forma adecuada, lo que permite a atacantes remotos provocar una denegación ... • http://bugzilla.maptools.org/show_bug.cgi?id=2207 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 1CVE-2010-2595 – libtiff: Array index error due improper handling of invalid ReferenceBlackWhite values
https://notcve.org/view.php?id=CVE-2010-2595
01 Jul 2010 — The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to "downsampled OJPEG input." La función TIFFYCbCrtoRGB de LibTIFF v3.9.0 y v3.9.2, como la utilizada en ImageMagick, no maneja adecuadamente los valores ReferenceBlackWhite no válidos, esto permite a atacantes remotos prov... • http://blackberry.com/btsc/KB27244 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 1CVE-2010-2596 – libtiff: assertion failure on downsampled OJPEG file
https://notcve.org/view.php?id=CVE-2010-2596
01 Jul 2010 — The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2, as used in tiff2ps, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF image, related to "downsampled OJPEG input." La función OJPEGPostDecode en tif_ojpeg.c en LibTIFF v3.9.0 y v3.9.2, tal y como se utiliza en tiff2ps, permite a atacantes remotos provocar una denegación de servicio (por falta de confirmación y salida de la aplicación) a través de una imagen TIFF debidamente ... • http://bugzilla.maptools.org/show_bug.cgi?id=2209 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 1%CPEs: 2EXPL: 1CVE-2010-2597 – libtiff: use of uninitialized values crash
https://notcve.org/view.php?id=CVE-2010-2597
01 Jul 2010 — The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image, related to "downsampled OJPEG input" and possibly related to a compiler optimization that triggers a divide-by-zero error. La función TIFFVStripSize en tif_strip.c en LibTIFF v3.9.0 y v3.9.2 realiza llamadas a la función incorrecta TIFFGetField, lo que permite a atacantes remotos prov... • http://bugzilla.maptools.org/show_bug.cgi?id=2215 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 1%CPEs: 44EXPL: 0CVE-2010-2443
https://notcve.org/view.php?id=CVE-2010-2443
24 Jun 2010 — The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an OJPEG image with undefined strip offsets, related to the TIFFVGetField function. La función OJPEGReadBufferFill en el archivo tif_ojpeg.c en LibTIFF anterior a versión 3.9.3, permite a los atacantes remotos causar una denegación de servicio (desreferencia de un puntero NULL y bloqueo de aplicación) por medio de una imagen OJPEG c... • http://blogs.sun.com/security/entry/cve_2010_2065_cve_2010 •