CVSS: 6.8EPSS: 3%CPEs: 61EXPL: 0CVE-2013-4243 – (gif2tiff): possible heap-based buffer overflow in readgifimage()
https://notcve.org/view.php?id=CVE-2013-4243
Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image. Desbordamiento de buffer de memoria dinámica en la función readgifimage de la herramienta gif2tiff en libtiff 4.0.3 y anteriores permite a un atacante remoto causar una denegación de servicio (cuelgue) y posiblemente ejecutar código a discrección a través de unos valores ancho y alto manipulados en una imagen GIF. • http://bugzilla.maptools.org/show_bug.cgi?id=2451 http://rhn.redhat.com/errata/RHSA-2014-0223.html http://secunia.com/advisories/54543 http://secunia.com/advisories/54628 http://www.debian.org/security/2013/dsa-2744 http://www.securityfocus.com/bid/62082 https://bugzilla.redhat.com/show_bug.cgi?id=996052 https://security.gentoo.org/glsa/201701-16 https://access.redhat.com/security/cve/CVE-2013-4243 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 6.8EPSS: 0%CPEs: 59EXPL: 0CVE-2013-4244 – (gif2tiff): OOB Write in LZW decompressor
https://notcve.org/view.php?id=CVE-2013-4244
The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image. El decompresor LZW en la utilidad gif2tiff de libtiff 4.0.3 y anteriores permite a un atacante dependiente de contexto causar una denegación de servicio (escritura fuera de rango y caída) o posiblemente ejecutar código a discrección a través de una imagen GIF manipulada. • http://bugzilla.maptools.org/show_bug.cgi?id=2452 http://rhn.redhat.com/errata/RHSA-2014-0223.html https://bugzilla.redhat.com/show_bug.cgi?id=996468 https://github.com/vadz/libtiff/commit/ce6841d9e41d621ba23cf18b190ee6a23b2cc833 https://access.redhat.com/security/cve/CVE-2013-4244 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 4%CPEs: 3EXPL: 0CVE-2013-4232 – (tiff2pdf): use-after-free in t2p_readwrite_pdf_image()
https://notcve.org/view.php?id=CVE-2013-4232
Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted TIFF image. Una vulnerabilidad de uso de la memoria previamente liberada en la función t2p_readwrite_pdf_image en el archivo tools/tiff2pdf.c en libtiff versión 4.0.3, permite a los atacantes remotos causar una denegación de servicio (bloqueo de aplicación) o posiblemente ejecutar código arbitrario por medio de una imagen TIFF diseñada. • http://bugzilla.maptools.org/show_bug.cgi?id=2449 http://rhn.redhat.com/errata/RHSA-2014-0223.html http://secunia.com/advisories/54543 http://secunia.com/advisories/54628 http://www.asmail.be/msg0055359936.html http://www.debian.org/security/2013/dsa-2744 http://www.openwall.com/lists/oss-security/2013/08/10/2 https://bugzilla.redhat.com/show_bug.cgi?id=995975 https://access.redhat.com/security/cve/CVE-2013-4232 • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 9.3EPSS: 4%CPEs: 49EXPL: 0CVE-2013-1960 – (tiff2pdf): Heap-based buffer overflow in t2_process_jpeg_strip()
https://notcve.org/view.php?id=CVE-2013-1960
Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file. Desbordamiento de búfer basado en memoria dinámica en la función tp_process_jpeg_strip en tiff2pdf en libtiff 4.0.3 y anteriores, permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente la ejecución arbitraria de código a través de una imagen TIFF manipulada. • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104916.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105253.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105828.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00058.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00080.html http://rhn.redhat.com/errata/RHSA-2014-0223.html http://seclists.org/oss-sec/2013/q2/254 http://secunia.com/advisories/53237 ht • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.3EPSS: 2%CPEs: 49EXPL: 0CVE-2013-1961 – (tiff2pdf): Stack-based buffer overflow with malformed image-length and resolution
https://notcve.org/view.php?id=CVE-2013-1961
Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file. Desbordamiento de búfer basado en función t2p_write_pdf_page en tiff2pdf in libtiff anterior a 4.0.3 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través la manipulación del alto de la imagen y la resolución en un archivo de imagen TIFF. • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104916.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105253.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105828.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00058.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00080.html http://rhn.redhat.com/errata/RHSA-2014-0223.html http://seclists.org/oss-sec/2013/q2/254 http://secunia.com/advisories/53237 ht • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •