CVE-2012-2088 – libtiff: Type conversion flaw leading to heap-buffer overflow
https://notcve.org/view.php?id=CVE-2012-2088
Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow. Error de signo de entero en la función TIFFReadDirectory en tif_dirread.c en libtiff v3.9.4 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) y posiblemente ejecutar código arbitrario a través de una profundidad en una imagen TIFF, lo que provoca una inadecuada conversión entre los tipos de signo y sin signo, dando lugar a un desbordamiento de búfer basado en memoria dinámica. • http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00010.html http://rhn.redhat.com/errata/RHSA-2012-1054.html http://secunia.com/advisories/49686 http://secunia.com/advisories/50726 http://security.gentoo.org/glsa/glsa-201209-02.xml http://support.apple.com/kb/HT6162 http://support.apple.com/kb/HT6163 http://www.mandriva.com/security/advisories?name=MDVSA-2012:101 http://www.securityfocus. • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVE-2012-2113 – libtiff: integer overflow in tiff2pdf leading to heap-buffer overflow when reading a tiled tiff file
https://notcve.org/view.php?id=CVE-2012-2113
Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. Múltiples desbordamientos de enteros en tiff2pdf en libtiff anterior a v4.0.2 permite a atacantes remotos causar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de una elaborada imagen TIFF, lo que provoca un desbordamiento de búfer basado en memoria dinámica • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00010.html http://rhn.redhat.com/errata/RHSA-2012-1054.html http://secunia.com/advisories/49493 http://secunia.com/advisories/49686 http://secunia.com/advisories/50726 http://security.gentoo.org/glsa/glsa-201209-02.xml http://www.debian.org/security/2012/dsa-2552 http://www.mandriva.com/security/advisories?name=MDVSA-2012:101 http://www.remotesensing.org/libtiff/v4.0.2.html http://www.securityfocus.com/bid/ • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVE-2010-4665 – libtiff tiffdump integer overflow
https://notcve.org/view.php?id=CVE-2010-4665
Integer overflow in the ReadDirectory function in tiffdump.c in tiffdump in LibTIFF before 3.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF file containing a directory data structure with many directory entries. Desbordamiento de enteros en la función ReadDirectory en tiffdump.c en tiffdump en LibTIFF antes de v3.9.5 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente tener un impacto no especificado a través de un archivo TIFF debidamente modificado que contiene una estructura de directorios de datos con muchas entradas de directorio. • http://bugzilla.maptools.org/show_bug.cgi?id=2218 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058478.html http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html http://openwall.com/lists/oss-security/2011/04/12/10 http://secunia.com/advisories/44271 http://secunia.com/advisories/50726 http://security.gentoo.org/glsa/glsa-201209-02.xml http://ubuntu.com/usn/usn-1416-1 http://www.debian.org/security/2012/dsa-2552 http://www& • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVE-2009-5022 – IrfanView - '.TIF' Image Decompression Buffer Overflow
https://notcve.org/view.php?id=CVE-2009-5022
Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file. Desbordamiento de búfer basado en memoria dinámica en tif_ojpeg.c en el decodificador OJPEG en LibTIFF anterior a v3.9.5 permite a atacantes remotos ejecutar código arbitrario mediante un fichero TIFF manipulado. • https://www.exploit-db.com/exploits/22681 http://bugzilla.maptools.org/show_bug.cgi?id=1999 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058478.html http://openwall.com/lists/oss-security/2011/04/12/10 http://secunia.com/advisories/44271 http://secunia.com/advisories/50726 http://security.gentoo.org/glsa/glsa-201209-02.xml http://securitytracker.com/id?1025380 http://www.debian.org/security/2011/dsa-2256 http://www.mandriva.com/security/advisories? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-1167 – Libtiff ThunderCode Decoder THUNDER_2BITDELTAS Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1167
Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value. Desbordamiento de búfer basado en memoria dinámica en el decodificador Thunder (tambien conocido por ThunderScan) en tif_thunder.c de LibTIFF v3.9.4 y anteriores ,permite a atacantes remotos causar una denegación de servicio (cuelgue) o ejecutar código arbitrario a través de datos manipulados con THUNDER_2BITDELTAS en un fichero .tiff con un valor de BitsPerSample inesperado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of libtiff. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the ThunderDecode codec. While decoding a particular code within a row, the decoder will fail to accommodate for the total expanded size of the row. • http://blackberry.com/btsc/KB27244 http://bugzilla.maptools.org/show_bug.cgi?id=2300 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html http://lists.opensuse.org/opensuse& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •