Page 19 of 100 results (0.016 seconds)

CVSS: 6.8EPSS: 3%CPEs: 58EXPL: 0

Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format. Desbordamiento de búfer basado en memoria dinámica en tif_pixarlog.c en libtiff antes de v4.0.3 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) y posiblemente ejecutar código arbitrario a través de una imagen TIFF manipulada utilizando el formato PixarLog Compression. • http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.html http://rhn.redhat.com/errata/RHSA-2012-1590.html http://secunia.com/advisories/49938 http://secunia.com/advisories/51049 http://www.debian.org/security/2012/dsa-2561 http://www.openwall.com/lists/oss-security/2012/09/25/14 http://www.openwall.com/lists/oss-security/2012/09/25/9 http://www.remotesensing.org/libtiff/v4.0.3.html http://www.securityfocus.com/bid/55673 http://www.ubuntu.com/usn&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 6.8EPSS: 0%CPEs: 57EXPL: 0

The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow. La función t2p_read_tiff_init en tiff2pdf (tools/tiff2pdf.c) en libTIFF v4.0.2 y versiones anteriores no inicializa correctamente el puntero de la estructura de contexto T2P en determinadas condiciones de error, lo que permite causar una denegación de servicio (caída de la aplicación) y posiblemente ejecutar código de su elección a atacantes dependientes de contexto a través de una imagen TIFF debidamente modificada que provoca un desbordamiento de búfer basado en memoria dinámica (heap). • http://libjpeg-turbo.svn.sourceforge.net/viewvc/libjpeg-turbo?view=revision&revision=830 http://lists.opensuse.org/opensuse-updates/2012-08/msg00011.html http://osvdb.org/84090 http://rhn.redhat.com/errata/RHSA-2012-1590.html http://secunia.com/advisories/49938 http://secunia.com/advisories/50007 http://secunia.com/advisories/50726 http://security.gentoo.org/glsa/glsa-201209-02.xml http://www.debian.org/security/2012/dsa-2552 http://www.mandriva.com/security/advisories?name= • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 7.5EPSS: 7%CPEs: 47EXPL: 0

Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow. Error de signo de entero en la función TIFFReadDirectory en tif_dirread.c en libtiff v3.9.4 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) y posiblemente ejecutar código arbitrario a través de una profundidad en una imagen TIFF, lo que provoca una inadecuada conversión entre los tipos de signo y sin signo, dando lugar a un desbordamiento de búfer basado en memoria dinámica. • http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00010.html http://rhn.redhat.com/errata/RHSA-2012-1054.html http://secunia.com/advisories/49686 http://secunia.com/advisories/50726 http://security.gentoo.org/glsa/glsa-201209-02.xml http://support.apple.com/kb/HT6162 http://support.apple.com/kb/HT6163 http://www.mandriva.com/security/advisories?name=MDVSA-2012:101 http://www.securityfocus. • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •

CVSS: 6.8EPSS: 4%CPEs: 56EXPL: 0

Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. Múltiples desbordamientos de enteros en tiff2pdf en libtiff anterior a v4.0.2 permite a atacantes remotos causar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de una elaborada imagen TIFF, lo que provoca un desbordamiento de búfer basado en memoria dinámica • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00010.html http://rhn.redhat.com/errata/RHSA-2012-1054.html http://secunia.com/advisories/49493 http://secunia.com/advisories/49686 http://secunia.com/advisories/50726 http://security.gentoo.org/glsa/glsa-201209-02.xml http://www.debian.org/security/2012/dsa-2552 http://www.mandriva.com/security/advisories?name=MDVSA-2012:101 http://www.remotesensing.org/libtiff/v4.0.2.html http://www.securityfocus.com/bid/ • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •

CVSS: 7.5EPSS: 9%CPEs: 1EXPL: 0

Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow. Múltiples desbordamientos de entero en v3.9.4 permite a atacantes remotos ejecutar código a través de un tamaño del "tile" manipulado, que no es gestionado de forma adecuada por las funciones (1) gtTileSeparate o (2) gtStripSeparate, produciendo un desbordamiento de memoria dinámica. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LibTIFF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the LibTIFF Library and occurs when the application attempts to allocate space for a tile. When calculating the size for a buffer, the library will perform a multiply which can cause an integer overflow. • http://bugzilla.maptools.org/attachment.cgi?id=477&action=diff http://bugzilla.maptools.org/show_bug.cgi?id=2369 http://home.gdal.org/private/zdi-can-1221/zdi-can-1221.txt http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077463.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078403.html http://lists& • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •