CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-9937
https://notcve.org/view.php?id=CVE-2017-9937
In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack. En LibTIFF 4.0.8, hay una fallo en la asignación de memoria en el archivo tif_jbig.c. Un documento TIFF manipulado puede resultar en la aborción que lleva a un ataque de denegación de servicio. • http://bugzilla.maptools.org/show_bug.cgi?id=2707 http://www.securityfocus.com/bid/99304 https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 1CVE-2017-9935
https://notcve.org/view.php?id=CVE-2017-9935
In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution. En LibTIFF 4.0.8, hay un buffer overflow basado en el heap en la función t2p_write_pfd en el archivo tools/tiff2pdf.c. • http://bugzilla.maptools.org/show_bug.cgi?id=2704 http://www.securityfocus.com/bid/99296 https://lists.debian.org/debian-lts-announce/2017/12/msg00008.html https://usn.ubuntu.com/3606-1 https://www.debian.org/security/2018/dsa-4100 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 2%CPEs: 6EXPL: 1CVE-2017-9936 – LibTIFF - 'tif_jbig.c' Denial of Service
https://notcve.org/view.php?id=CVE-2017-9936
In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack. En LibTIFF 4.0.8, hay una fuga de memoria en el archivo tif_jbig.c. Un archivo manipulado puede llevar a una fuga de memoria resultante en un ataque de denegación de servicio. LibTIFF versions 4.0.8 and below suffer from a denial of service vulnerability in tif_jbig.c. • https://www.exploit-db.com/exploits/42300 http://bugzilla.maptools.org/show_bug.cgi?id=2706 http://www.debian.org/security/2017/dsa-3903 http://www.securityfocus.com/bid/99300 https://usn.ubuntu.com/3602-1 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-9815
https://notcve.org/view.php?id=CVE-2017-9815
In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a denial of service (memory leak within the function _TIFFmalloc in tif_unix.c) via a crafted file. En LibTIFF 4.0.7, la función TIFFReadDirEntryLong8Array de libtif/tif_dirread.c hace mal uso de la operación malloc, lo que permite a un atacante remoto causar una denegación de servicio (fuga de memoria dentro de la función _TIFFmalloc en tif_unix.c) mediante un archivo manipulado. • http://bugzilla.maptools.org/show_bug.cgi?id=2682 http://somevulnsofadlab.blogspot.jp/2017/06/libtiffmemory-leak-in-tiffmalloc.html http://www.securityfocus.com/bid/99235 https://usn.ubuntu.com/3602-1 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2017-9403
https://notcve.org/view.php?id=CVE-2017-9403
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file. Se ha encontrado una vulnerabilidad de filtrado de memoria en LibTIFF 4.0.7 en la función TIFFReadDirEntryLong8Array en tif_dirread.c. Esta vulnerabilidad permite que los atacantes provoquen una denegación de servicio mediante un archivo manipulado. • http://bugzilla.maptools.org/show_bug.cgi?id=2689 http://www.debian.org/security/2017/dsa-3903 https://security.gentoo.org/glsa/201709-27 https://usn.ubuntu.com/3602-1 • CWE-772: Missing Release of Resource after Effective Lifetime •