CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9297
https://notcve.org/view.php?id=CVE-2016-9297
The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values. La función TIFFFetchNormalTag en LibTiff 4.0.6 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de valores de etiqueta TIFF_SETGET_C16ASCII o TIFF_SETGET_C32_ASCII manipulados. • http://bugzilla.maptools.org/show_bug.cgi?id=2590 http://www.debian.org/security/2017/dsa-3762 http://www.openwall.com/lists/oss-security/2016/11/12/2 http://www.openwall.com/lists/oss-security/2016/11/14/7 http://www.securityfocus.com/bid/94419 https://security.gentoo.org/glsa/201701-16 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9273
https://notcve.org/view.php?id=CVE-2016-9273
tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode. tiffsplit en libtiff 4.0.6 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo manipulado, relacionado con el cambio de td_nstrips en el modo TIFF_STRIPCHOP. • http://bugzilla.maptools.org/show_bug.cgi?id=2587 http://www.debian.org/security/2017/dsa-3762 http://www.openwall.com/lists/oss-security/2016/11/09/20 http://www.openwall.com/lists/oss-security/2016/11/11/6 http://www.securityfocus.com/bid/94271 https://security.gentoo.org/glsa/201701-16 • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 1%CPEs: 1EXPL: 1CVE-2016-5652 – libtiff: tiff2pdf JPEG Compression Tables Heap Buffer Overflow
https://notcve.org/view.php?id=CVE-2016-5652
An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means. Existe un desbordamiento de búfer basado en memoria dinámica explotable en el manejo de imágenes TIFF en la herramienta LibTIFF's TIFF2PDF. Un documento TIFF manipulado puede conducir a un desbordamiento de búfer basado en memoria dinámica resultando en ejecución remota de código. • http://rhn.redhat.com/errata/RHSA-2017-0225.html http://www.debian.org/security/2017/dsa-3762 http://www.securityfocus.com/bid/93902 http://www.talosintelligence.com/reports/TALOS-2016-0187 https://security.gentoo.org/glsa/201701-16 https://access.redhat.com/security/cve/CVE-2016-5652 https://bugzilla.redhat.com/show_bug.cgi?id=1389222 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8870 – libtiff: Integer overflow in tools/bmp2tiff.c
https://notcve.org/view.php?id=CVE-2015-8870
Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file. Desbordamiento de entero en tools/bmp2tiff.c en LibTIFF en versiones anteriores a 4.0.4 permite a atacantes remotos provocar una denegación de servicio (sobre lectura de búfer basado en memoria dinámica), o posiblemente obtener información sensible de la memoria de proceso, a través de valores de anchura y longitud manipulados en datos RLE4 o RLE8 en un archivo BMP. • http://download.osgeo.org/libtiff/tiff-4.0.4.tar.gz http://rhn.redhat.com/errata/RHSA-2017-0225.html http://www.floyd.ch/?p=874BMP http://www.securityfocus.com/bid/94717 https://access.redhat.com/security/cve/CVE-2015-8870 https://bugzilla.redhat.com/show_bug.cgi?id=1402778 • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9538
https://notcve.org/view.php?id=CVE-2016-9538
tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100. tools/tiffcrop.c en libtiff 4.0.6 lee un búfer no definido en readContigStripsIntoBuffer() a causa de un desbordamiento de entero uint16. Reportado como MSVR 35100. • http://www.debian.org/security/2017/dsa-3762 http://www.securityfocus.com/bid/94484 http://www.securityfocus.com/bid/94753 https://github.com/vadz/libtiff/commit/43c0b81a818640429317c80fea1e66771e85024b#diff-c8b4b355f9b5c06d585b23138e1c185f • CWE-190: Integer Overflow or Wraparound •