CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-15209 – libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c
https://notcve.org/view.php?id=CVE-2018-15209
ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. ChopUpSingleUncompressedStrip en tif_dirread.c en LibTIFF 4.0.9 permite que atacantes remotos provoquen una denegación de servicio (desbordamiento de búfer y caída de aplicación basada en memoria dinámica o heap) o, probablemente, provocar cualquier otro tipo de problema mediante un archivo TIFF manipulado, tal y como queda demostrado con tiff2pdf. • http://bugzilla.maptools.org/show_bug.cgi?id=2808 http://www.securityfocus.com/bid/105092 https://www.debian.org/security/2018/dsa-4349 https://access.redhat.com/security/cve/CVE-2018-15209 https://bugzilla.redhat.com/show_bug.cgi?id=1614051 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 31%CPEs: 5EXPL: 1CVE-2018-12900 – libtiff: Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service or possibly code execution
https://notcve.org/view.php?id=CVE-2018-12900
Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file. Desbordamiento de búfer basado en heap en la función cpSeparateBufToContigBuf en tiffcp.c en LibTIFF versiones 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4. 0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 y 4.0.9 permite a los atacantes remotos causar una denegación de servicio (crash) o posiblemente tener otro impacto no especificado a través de un archivo TIFF crafteado • http://bugzilla.maptools.org/show_bug.cgi?id=2798 https://access.redhat.com/errata/RHSA-2019:2053 https://access.redhat.com/errata/RHSA-2019:3419 https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-12900 https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html https://usn.ubuntu.com/3906-1 https://usn.ubuntu.com/3906-2 https://www.debian.org/security/2020/dsa-4670 https://access.redhat.com/security/cve/CVE-2018-12900 https://b • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 1CVE-2018-10963 – libtiff: reachable assertion in TIFFWriteDirectorySec function in tif_dirwrite.c
https://notcve.org/view.php?id=CVE-2018-10963
The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726. La función TIFFWriteDirectorySec() en tif_dirwrite.c en LibTIFF hasta la versión 4.0.9 permite que atacantes remotos provoquen una denegación de servicio (fallo de aserción y cierre inesperado de la aplicación) mediante un archivo manipulado. • http://bugzilla.maptools.org/show_bug.cgi?id=2795 https://access.redhat.com/errata/RHSA-2019:2053 https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html https://usn.ubuntu.com/3864-1 https://www.debian.org/security/2018/dsa-4349 https://access.redhat.com/security/cve/CVE-2018-10963 https://bugzilla.redhat.com/show_bug.cgi?id=1579058 • CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10126
https://notcve.org/view.php?id=CVE-2018-10126
LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c. LibTIFF 4.0.9 tiene una desreferencia de puntero NULL en la función jpeg_fdct_16x16 del archivo jfdctint.c. ijg-libjpeg before 9d, as used in tiff2pdf (from LibTIFF) and other products, does not check for a NULL pointer at a certain place in jpeg_fdct_16x16 in jfdctint.c. • http://bugzilla.maptools.org/show_bug.cgi?id=2786 https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E https://gitlab.com/libtiff/libtiff/-/issues/128 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 2CVE-2018-8905 – libtiff: heap-based buffer overflow in tif_lzw.c:LZWDecodeCompat() allows for denial of service
https://notcve.org/view.php?id=CVE-2018-8905
In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps. En LibTIFF 4.0.9, ocurre un desbordamiento de búfer basado en memoria dinámica (heap) en la función LZWDecodeCompat en tif_lzw.c mediante un archivo TIFF. Esto se demuestra por tiff2ps. • http://bugzilla.maptools.org/show_bug.cgi?id=2780 https://access.redhat.com/errata/RHSA-2019:2053 https://github.com/halfbitteam/POCs/tree/master/libtiff-4.08_tiff2ps_heap_overflow https://gitlab.com/libtiff/libtiff/commit/58a898cb4459055bb488ca815c23b880c242a27d https://lists.debian.org/debian-lts-announce/2018/05/msg00008.html https://lists.debian.org/debian-lts-announce/2018/05/msg00009.html https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html https://usn.ubuntu.com/3864-1& • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •