CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 2CVE-2022-22844 – libtiff: out-of-bounds read in _TIFFmemcpy() in tif_unix.c
https://notcve.org/view.php?id=CVE-2022-22844
LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field. LibTIFF versión 4.3.0, presenta una lectura fuera de límites en la función _TIFFmemcpy en el archivo tif_unix.c en determinadas situaciones que implican una etiqueta personalizada y 0x0200 como la segunda palabra del campo DE A buffer overflow vulnerability was found in libtiff. This flaw allows an attacker with network access to pass specially crafted files, causing an application to halt or crash. The root cause of this issue was from the memcpy function in tif_unix.c. • https://gitlab.com/libtiff/libtiff/-/issues/355 https://gitlab.com/libtiff/libtiff/-/merge_requests/287 https://lists.debian.org/debian-lts-announce/2022/03/msg00001.html https://security.gentoo.org/glsa/202210-10 https://security.netapp.com/advisory/ntap-20220311-0002 https://www.debian.org/security/2022/dsa-5108 https://access.redhat.com/security/cve/CVE-2022-22844 https://bugzilla.redhat.com/show_bug.cgi?id=2042603 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-19144
https://notcve.org/view.php?id=CVE-2020-19144
Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'in _TIFFmemcpy' funtion in the component 'tif_unix.c'. Un desbordamiento del búfer en LibTiff versión v4.0.10, permite a atacantes causar una denegación de servicio por medio de la función "in _TIFFmemcpy" en el componente "tif_unix.c" • http://bugzilla.maptools.org/show_bug.cgi?id=2852 https://gitlab.com/libtiff/libtiff/-/issues/159 https://lists.debian.org/debian-lts-announce/2021/10/msg00004.html https://security.netapp.com/advisory/ntap-20211004-0005 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-19143
https://notcve.org/view.php?id=CVE-2020-19143
Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "TIFFVGetField" funtion in the component 'libtiff/tif_dir.c'. Un desbordamiento del búfer en LibTiff versión v4.0.10, permite a atacantes causar una denegación de servicio por medio de la función "TIFFVGetField" en el componente "libtiff/tif_dir.c" • http://bugzilla.maptools.org/show_bug.cgi?id=2851 https://gitlab.com/libtiff/libtiff/-/issues/158 https://gitlab.com/libtiff/libtiff/-/merge_requests/119 https://security.netapp.com/advisory/ntap-20211004-0005 https://www.debian.org/security/2021/dsa-4997 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2020-19131 – libtiff: a buffer overflow via the "invertImage()" may lead to DoS
https://notcve.org/view.php?id=CVE-2020-19131
Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop". Un desbordamiento del búfer en LibTiff versión v4.0.10, permite a atacantes causar una denegación de servicio por medio de la función "invertImage()" en el componente "tiffcrop" The libtiff package is susceptible to a heap/buffer overflow via the "invertImage()" which may lead to a DoS. The highest threat from this vulnerability is to system availability. • http://blog.topsec.com.cn/%E5%A4%A9%E8%9E%8D%E4%BF%A1%E5%85%B3%E4%BA%8Elibtiff%E4%B8%ADinvertimage%E5%87%BD%E6%95%B0%E5%A0%86%E6%BA%A2%E5%87%BA%E6%BC%8F%E6%B4%9E%E7%9A%84%E5%88%86%E6%9E%90 http://bugzilla.maptools.org/show_bug.cgi?id=2831 https://lists.debian.org/debian-lts-announce/2021/10/msg00004.html https://access.redhat.com/security/cve/CVE-2020-19131 https://bugzilla.redhat.com/show_bug.cgi?id=2004031 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2020-35524 – libtiff: Heap-based buffer overflow in TIFF2PDF tool
https://notcve.org/view.php?id=CVE-2020-35524
A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un error de desbordamiento de búfer en la región heap de la memoria en libtiff en el manejo de imágenes TIFF en la herramienta TIFF2PDF de libtiff. Un archivo TIFF especialmente diseñado puede conllevar a una ejecución de código arbitraria. • https://bugzilla.redhat.com/show_bug.cgi?id=1932044 https://gitlab.com/libtiff/libtiff/-/merge_requests/159 https://gitlab.com/rzkn/libtiff/-/commit/7be2e452ddcf6d7abca88f41d3761e6edab72b22 https://lists.debian.org/debian-lts-announce/2021/06/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG https://security.gentoo.org/glsa/202104-06 https://security.netapp.com/advisory/ntap-20210521-0009 https://www.debian.org/se • CWE-787: Out-of-bounds Write •