CVE-2015-8668 – libtiff: OOB read in bmp2tiff
https://notcve.org/view.php?id=CVE-2015-8668
Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image. Desbordamiento de buffer basado en memoria dinámica en la función PackBitsPreEncode en tif_packbits.c en bmp2tiff en libtiff 4.0.6 y versiones anteriores permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio a través de un campo width grande en una imagen BMP. • http://packetstormsecurity.com/files/135080/libtiff-4.0.6-Heap-Overflow.html http://rhn.redhat.com/errata/RHSA-2016-1546.html http://rhn.redhat.com/errata/RHSA-2016-1547.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/archive/1/537208/100/0/threaded https://security.gentoo.org/glsa/201701-16 https://access.redhat.com/security/cve/CVE-2015-8 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2014-8128
https://notcve.org/view.php?id=CVE-2014-8128
LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image. LibTIFF versiones anteriores a 4.0.4, como es usado en Apple iOS versiones anteriores a 8.4 y OS X versiones anteriores a 10.10.4 y otros productos, permite a atacantes remotos causar una denegación de servicio (escritura fuera de límites) por medio de una imagen TIFF diseñada. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://openwall.com/lists/oss-security/2015/01/24/15 http://support.apple.com/kb/HT204941 http://support.apple.com/kb/HT204942 http://www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt https://bugzilla.redhat.com/show_bug.cgi?id=1185812 • CWE-787: Out-of-bounds Write •
CVE-2015-1547 – libtiff: use of uninitialized memory in NeXTDecode
https://notcve.org/view.php?id=CVE-2015-1547
The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif. La función NeXTDecode en tif_next.c en LibTIFF permite a atacantes remotos provocar una denegación de servicio (acceso a memoria no inicializada) a través de una imagen TIFF manipulada, según lo demostrado por libtiff5.tif. • http://openwall.com/lists/oss-security/2015/01/24/16 http://openwall.com/lists/oss-security/2015/02/07/5 http://rhn.redhat.com/errata/RHSA-2016-1546.html http://rhn.redhat.com/errata/RHSA-2016-1547.html http://www.debian.org/security/2016/dsa-3467 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.h • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-9655 – libtiff: use of uninitialized memory in putcontig8bitYCbCr21tile and NeXTDecode
https://notcve.org/view.php?id=CVE-2014-9655
The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif. La función (1) putcontig8bitYCbCr21tile en tif_getimage.c o la función (2) NeXTDecode en tif_next.c in LibTIFF permite a atacantes remotos provocar una denegación de servicio (acceso a memoria no inicializada) a través de una imagen TIFF manipulada, según lo demostrado por libtiff-cvs-1.tif y libtiff-cvs-2.tif. • http://openwall.com/lists/oss-security/2015/02/07/5 http://rhn.redhat.com/errata/RHSA-2016-1546.html http://rhn.redhat.com/errata/RHSA-2016-1547.html http://www.debian.org/security/2015/dsa-3273 http://www.debian.org/security/2016/dsa-3467 http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html https://security.gentoo.org/glsa/201701-16 https://access.redhat.com/security • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-4243 – (gif2tiff): possible heap-based buffer overflow in readgifimage()
https://notcve.org/view.php?id=CVE-2013-4243
Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image. Desbordamiento de buffer de memoria dinámica en la función readgifimage de la herramienta gif2tiff en libtiff 4.0.3 y anteriores permite a un atacante remoto causar una denegación de servicio (cuelgue) y posiblemente ejecutar código a discrección a través de unos valores ancho y alto manipulados en una imagen GIF. • http://bugzilla.maptools.org/show_bug.cgi?id=2451 http://rhn.redhat.com/errata/RHSA-2014-0223.html http://secunia.com/advisories/54543 http://secunia.com/advisories/54628 http://www.debian.org/security/2013/dsa-2744 http://www.securityfocus.com/bid/62082 https://bugzilla.redhat.com/show_bug.cgi?id=996052 https://security.gentoo.org/glsa/201701-16 https://access.redhat.com/security/cve/CVE-2013-4243 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •