Page 19 of 225 results (0.008 seconds)

CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 2

In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps. En LibTIFF 4.0.9, ocurre un desbordamiento de búfer basado en memoria dinámica (heap) en la función LZWDecodeCompat en tif_lzw.c mediante un archivo TIFF. Esto se demuestra por tiff2ps. • http://bugzilla.maptools.org/show_bug.cgi?id=2780 https://access.redhat.com/errata/RHSA-2019:2053 https://github.com/halfbitteam/POCs/tree/master/libtiff-4.08_tiff2ps_heap_overflow https://gitlab.com/libtiff/libtiff/commit/58a898cb4459055bb488ca815c23b880c242a27d https://lists.debian.org/debian-lts-announce/2018/05/msg00008.html https://lists.debian.org/debian-lts-announce/2018/05/msg00009.html https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html https://usn.ubuntu.com/3864-1& • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 2

A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.) Una desreferencia de puntero NULL ocurre en la función TIFFPrintDirectory en tif_print.c en LibTIFF versiones 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 Y 4.0.9 al emplear la herramienta tiffinfo para imprimir la información TIFF manipulada. Esta vulnerabilidad es diferente de CVE-2017-18013. (Esto afecta a una parte anterior de la función TIFFPrintDirectory que no había abordado el parche de CVE-2017-18013.) • http://bugzilla.maptools.org/show_bug.cgi?id=2778 https://access.redhat.com/errata/RHSA-2019:2051 https://access.redhat.com/errata/RHSA-2019:2053 https://github.com/xiaoqx/pocs/tree/master/libtiff https://gitlab.com/libtiff/libtiff/commit/be4c85b16e8801a16eec25e80eb9f3dd6a96731b https://lists.debian.org/debian-lts-announce/2018/04/msg00010.html https://lists.debian.org/debian-lts-announce/2018/04/msg00011.html https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html https:// • CWE-476: NULL Pointer Dereference •

CVSS: 6.5EPSS: 1%CPEs: 7EXPL: 1

In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries. En LibTIFF 4.0.9, hay un consumo no controlado de recursos en la función TIFFSetDirectory de tif_dir.c. Los atacantes remotos pueden aprovechar esta vulnerabilidad para provocar una denegación de servicio (DoS) mediante un archivo tif manipulado. • http://bugzilla.maptools.org/show_bug.cgi?id=2772 https://gitlab.com/libtiff/libtiff/commit/473851d211cf8805a161820337ca74cc9615d6ef https://lists.debian.org/debian-lts-announce/2018/05/msg00022.html https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html https://usn.ubuntu.com/3602-1 https://usn.ubuntu.com/3606-1 https://www.debian.org/security/2018/dsa-4349 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2

LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27. LibTIFF 4.0.9 gestiona de manera incorrecta la lectura de archivos TIFF, tal y como demuestra una sobrelectura de búfer basada en memoria dinámica (heap) en la función ReadTIFFImage en coders/tiff.c en GraphicsMagick 1.3.27. • http://bugzilla.maptools.org/show_bug.cgi?id=2500 https://gitlab.com/libtiff/libtiff/commit/739dcd28a061738b317c1e9f91029d9cbc157159 https://sourceforge.net/p/graphicsmagick/bugs/540 • CWE-125: Out-of-bounds Read •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash. En LibTIFF 4.0.9, existe una desreferencia de puntero NULL en la función TIFFPrintDirectory en tif_print.c, tal y como se demuestra con un cierre inesperado de tiffinfo. • http://bugzilla.maptools.org/show_bug.cgi?id=2770 http://www.securityfocus.com/bid/102345 https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01 https://lists.debian.org/debian-lts-announce/2018/01/msg00033.html https://lists.debian.org/debian-lts-announce/2018/01/msg00034.html https://usn.ubuntu.com/3602-1 https://usn.ubuntu.com/3606-1 https://www.debian.org/security/2018/dsa-4100 • CWE-476: NULL Pointer Dereference •