Page 16 of 240 results (0.019 seconds)

CVSS: 8.8EPSS: 31%CPEs: 5EXPL: 1

Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file. Desbordamiento de búfer basado en heap en la función cpSeparateBufToContigBuf en tiffcp.c en LibTIFF versiones 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4. 0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 y 4.0.9 permite a los atacantes remotos causar una denegación de servicio (crash) o posiblemente tener otro impacto no especificado a través de un archivo TIFF crafteado • http://bugzilla.maptools.org/show_bug.cgi?id=2798 https://access.redhat.com/errata/RHSA-2019:2053 https://access.redhat.com/errata/RHSA-2019:3419 https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-12900 https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html https://usn.ubuntu.com/3906-1 https://usn.ubuntu.com/3906-2 https://www.debian.org/security/2020/dsa-4670 https://access.redhat.com/security/cve/CVE-2018-12900 https://b • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 1

The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726. La función TIFFWriteDirectorySec() en tif_dirwrite.c en LibTIFF hasta la versión 4.0.9 permite que atacantes remotos provoquen una denegación de servicio (fallo de aserción y cierre inesperado de la aplicación) mediante un archivo manipulado. • http://bugzilla.maptools.org/show_bug.cgi?id=2795 https://access.redhat.com/errata/RHSA-2019:2053 https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html https://usn.ubuntu.com/3864-1 https://www.debian.org/security/2018/dsa-4349 https://access.redhat.com/security/cve/CVE-2018-10963 https://bugzilla.redhat.com/show_bug.cgi?id=1579058 • CWE-617: Reachable Assertion •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory leaks, as demonstrated by bmp2tiff. TIFFClientOpen en tif_unix.c en LibTIFF 3.8.2 tiene fugas de memoria, tal y como queda demostrado con bmp2tiff. • http://bugzilla.maptools.org/show_bug.cgi?id=2790 • CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1

TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff. TIFFWriteScanline en tif_write.c en LibTIFF 3.8.2 tiene una sobrelectura de búfer basada en memoria dinámica (heap), tal y como queda demostrado con bmp2tiff. An integer overflow has been discovered in libtiff in TIFFSetupStrips:tif_write.c, which could lead to a heap-based buffer overflow in TIFFWriteScanline:tif_write.c. An attacker may use this vulnerability to corrupt memory or cause Denial of Service. • http://bugzilla.maptools.org/show_bug.cgi?id=2788 http://www.securityfocus.com/bid/104089 https://access.redhat.com/errata/RHSA-2019:2053 https://usn.ubuntu.com/3906-1 https://usn.ubuntu.com/3906-2 https://access.redhat.com/security/cve/CVE-2018-10779 https://bugzilla.redhat.com/show_bug.cgi?id=1577311 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c. LibTIFF 4.0.9 tiene una desreferencia de puntero NULL en la función jpeg_fdct_16x16 del archivo jfdctint.c. ijg-libjpeg before 9d, as used in tiff2pdf (from LibTIFF) and other products, does not check for a NULL pointer at a certain place in jpeg_fdct_16x16 in jfdctint.c. • http://bugzilla.maptools.org/show_bug.cgi?id=2786 https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E https://gitlab.com/libtiff/libtiff/-/issues/128 • CWE-476: NULL Pointer Dereference •