Page 17 of 252 results (0.023 seconds)

CVSS: 8.8EPSS: 25%CPEs: 7EXPL: 1

LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write. LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4. 0.8 y 4.0.9 (con JBIG activado) decodifica JBIG de tamaño arbitrario en un buffer, ignorando el tamaño del buffer, lo que lleva a una escritura fuera de límites de tif_jbig.c JBIGDecode libtiff up to and including 4.0.9 decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size. • https://www.exploit-db.com/exploits/45694 https://access.redhat.com/errata/RHSA-2019:2053 https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-18557 https://gitlab.com/libtiff/libtiff/commit/681748ec2f5ce88da5f9fa6831e1653e46af8a66 https://gitlab.com/libtiff/libtiff/merge_requests/38 https://lists.debian.org/debian-lts-announce/2018/10/msg00019.html https://security.gentoo.org/glsa/201904-15 https://usn.ubuntu.com/3864-1 https://usn.ubuntu.com/3906-2 https:/& • CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1

The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935. La función t2p_write_pdf en tiff2pdf.c en LibTIFF versión 4.0.9 y anteriores permite a los atacantes remotos causar una denegación de servicio (desbordamiento del búfer basado en heap y caída de la aplicación) o posiblemente tener otro impacto no especificado a través de un archivo TIFF elaborado, una cuestión similar a CVE-2017-9935 • http://bugzilla.maptools.org/show_bug.cgi?id=2816 http://www.securityfocus.com/bid/105445 https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-17795 • CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. Se ha descubierto un problema en LibTIFF 4.0.9. Hay un desbordamiento de int32 en multiply_ms en tools ppm2tiff.c que puede provocar una denegación de servicio (cierre inesperado) o, posiblemente, otro tipo de impacto sin especificar mediante un archivo de imagen manipulado. • http://bugzilla.maptools.org/show_bug.cgi?id=2810 https://access.redhat.com/errata/RHSA-2019:2053 https://gitlab.com/libtiff/libtiff/merge_requests/33/diffs?commit_id=6da1fb3f64d43be37e640efbec60400d1f1ac39e https://lists.debian.org/debian-lts-announce/2018/10/msg00019.html https://usn.ubuntu.com/3864-1 https://usn.ubuntu.com/3906-2 https://www.debian.org/security/2020/dsa-4670 https://access.redhat.com/security/cve/CVE-2018-17100 https://bugzilla.redhat.com/show_bug.cgi?id=16 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •

CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0

An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. Se ha descubierto un problema en LibTIFF 4.0.9. Hay dos escrituras fuera de límites en cpTags en tools tiff2bw.c y tools pal2rgb.c que pueden provocar una denegación de servicio (cierre inesperado de la aplicación) o, posiblemente, otro tipo de impacto sin especificar mediante un archivo de imagen manipulado. • http://bugzilla.maptools.org/show_bug.cgi?id=2807 http://www.securityfocus.com/bid/105370 https://access.redhat.com/errata/RHSA-2019:2053 https://gitlab.com/libtiff/libtiff/merge_requests/33/diffs?commit_id=f1b94e8a3ba49febdd3361c0214a1d1149251577 https://lists.debian.org/debian-lts-announce/2018/10/msg00019.html https://usn.ubuntu.com/3864-1 https://usn.ubuntu.com/3906-2 https://www.debian.org/security/2018/dsa-4349 https://access.redhat.com/security/cve/CVE-2018-17101 https:&#x • CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1

A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction) in LibTIFF 4.0.9 allows an attacker to cause a denial-of-service through a crafted tiff file. This vulnerability can be triggered by the executable tiffcp. Una desreferencia de puntero NULL en la función _TIFFmemcmp en tif_unix.c (llamado desde TIFFWriteDirectoryTagTransferfunction) en LibTIFF 4.0.9 permite que un atacante provoque una denegación de servicio (DoS) mediante un archivo TIFF manipulado. La vulnerabilidad puede ser desencadenada por el ejecutable tiffcp. • http://bugzilla.maptools.org/show_bug.cgi?id=2811 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html http://www.securityfocus.com/bid/105342 https://lists.debian.org/debian-lts-announce/2019/02/msg00026.html https://usn.ubuntu.com/3906-1 https://www.debian.org/security/2020/dsa-4670 • CWE-476: NULL Pointer Dereference •