CVSS: 8.8EPSS: 31%CPEs: 5EXPL: 1CVE-2018-12900 – libtiff: Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service or possibly code execution
https://notcve.org/view.php?id=CVE-2018-12900
Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file. Desbordamiento de búfer basado en heap en la función cpSeparateBufToContigBuf en tiffcp.c en LibTIFF versiones 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4. 0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 y 4.0.9 permite a los atacantes remotos causar una denegación de servicio (crash) o posiblemente tener otro impacto no especificado a través de un archivo TIFF crafteado • http://bugzilla.maptools.org/show_bug.cgi?id=2798 https://access.redhat.com/errata/RHSA-2019:2053 https://access.redhat.com/errata/RHSA-2019:3419 https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-12900 https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html https://usn.ubuntu.com/3906-1 https://usn.ubuntu.com/3906-2 https://www.debian.org/security/2020/dsa-4670 https://access.redhat.com/security/cve/CVE-2018-12900 https://b • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 1CVE-2018-10963 – libtiff: reachable assertion in TIFFWriteDirectorySec function in tif_dirwrite.c
https://notcve.org/view.php?id=CVE-2018-10963
The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726. La función TIFFWriteDirectorySec() en tif_dirwrite.c en LibTIFF hasta la versión 4.0.9 permite que atacantes remotos provoquen una denegación de servicio (fallo de aserción y cierre inesperado de la aplicación) mediante un archivo manipulado. • http://bugzilla.maptools.org/show_bug.cgi?id=2795 https://access.redhat.com/errata/RHSA-2019:2053 https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html https://usn.ubuntu.com/3864-1 https://www.debian.org/security/2018/dsa-4349 https://access.redhat.com/security/cve/CVE-2018-10963 https://bugzilla.redhat.com/show_bug.cgi?id=1579058 • CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10126
https://notcve.org/view.php?id=CVE-2018-10126
LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c. LibTIFF 4.0.9 tiene una desreferencia de puntero NULL en la función jpeg_fdct_16x16 del archivo jfdctint.c. ijg-libjpeg before 9d, as used in tiff2pdf (from LibTIFF) and other products, does not check for a NULL pointer at a certain place in jpeg_fdct_16x16 in jfdctint.c. • http://bugzilla.maptools.org/show_bug.cgi?id=2786 https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E https://gitlab.com/libtiff/libtiff/-/issues/128 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 2CVE-2018-8905 – libtiff: heap-based buffer overflow in tif_lzw.c:LZWDecodeCompat() allows for denial of service
https://notcve.org/view.php?id=CVE-2018-8905
In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps. En LibTIFF 4.0.9, ocurre un desbordamiento de búfer basado en memoria dinámica (heap) en la función LZWDecodeCompat en tif_lzw.c mediante un archivo TIFF. Esto se demuestra por tiff2ps. • http://bugzilla.maptools.org/show_bug.cgi?id=2780 https://access.redhat.com/errata/RHSA-2019:2053 https://github.com/halfbitteam/POCs/tree/master/libtiff-4.08_tiff2ps_heap_overflow https://gitlab.com/libtiff/libtiff/commit/58a898cb4459055bb488ca815c23b880c242a27d https://lists.debian.org/debian-lts-announce/2018/05/msg00008.html https://lists.debian.org/debian-lts-announce/2018/05/msg00009.html https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html https://usn.ubuntu.com/3864-1& • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 2CVE-2018-7456 – libtiff: NULL pointer dereference in tif_print.c:TIFFPrintDirectory() causes a denial of service
https://notcve.org/view.php?id=CVE-2018-7456
A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.) Una desreferencia de puntero NULL ocurre en la función TIFFPrintDirectory en tif_print.c en LibTIFF versiones 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 Y 4.0.9 al emplear la herramienta tiffinfo para imprimir la información TIFF manipulada. Esta vulnerabilidad es diferente de CVE-2017-18013. (Esto afecta a una parte anterior de la función TIFFPrintDirectory que no había abordado el parche de CVE-2017-18013.) • http://bugzilla.maptools.org/show_bug.cgi?id=2778 https://access.redhat.com/errata/RHSA-2019:2051 https://access.redhat.com/errata/RHSA-2019:2053 https://github.com/xiaoqx/pocs/tree/master/libtiff https://gitlab.com/libtiff/libtiff/commit/be4c85b16e8801a16eec25e80eb9f3dd6a96731b https://lists.debian.org/debian-lts-announce/2018/04/msg00010.html https://lists.debian.org/debian-lts-announce/2018/04/msg00011.html https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html https:// • CWE-476: NULL Pointer Dereference •