CVE-2010-4665 – libtiff tiffdump integer overflow
https://notcve.org/view.php?id=CVE-2010-4665
Integer overflow in the ReadDirectory function in tiffdump.c in tiffdump in LibTIFF before 3.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF file containing a directory data structure with many directory entries. Desbordamiento de enteros en la función ReadDirectory en tiffdump.c en tiffdump en LibTIFF antes de v3.9.5 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente tener un impacto no especificado a través de un archivo TIFF debidamente modificado que contiene una estructura de directorios de datos con muchas entradas de directorio. • http://bugzilla.maptools.org/show_bug.cgi?id=2218 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058478.html http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html http://openwall.com/lists/oss-security/2011/04/12/10 http://secunia.com/advisories/44271 http://secunia.com/advisories/50726 http://security.gentoo.org/glsa/glsa-201209-02.xml http://ubuntu.com/usn/usn-1416-1 http://www.debian.org/security/2012/dsa-2552 http://www& • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVE-2009-5022 – IrfanView - '.TIF' Image Decompression Buffer Overflow
https://notcve.org/view.php?id=CVE-2009-5022
Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file. Desbordamiento de búfer basado en memoria dinámica en tif_ojpeg.c en el decodificador OJPEG en LibTIFF anterior a v3.9.5 permite a atacantes remotos ejecutar código arbitrario mediante un fichero TIFF manipulado. • https://www.exploit-db.com/exploits/22681 http://bugzilla.maptools.org/show_bug.cgi?id=1999 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058478.html http://openwall.com/lists/oss-security/2011/04/12/10 http://secunia.com/advisories/44271 http://secunia.com/advisories/50726 http://security.gentoo.org/glsa/glsa-201209-02.xml http://securitytracker.com/id?1025380 http://www.debian.org/security/2011/dsa-2256 http://www.mandriva.com/security/advisories? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-1167 – Libtiff ThunderCode Decoder THUNDER_2BITDELTAS Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1167
Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value. Desbordamiento de búfer basado en memoria dinámica en el decodificador Thunder (tambien conocido por ThunderScan) en tif_thunder.c de LibTIFF v3.9.4 y anteriores ,permite a atacantes remotos causar una denegación de servicio (cuelgue) o ejecutar código arbitrario a través de datos manipulados con THUNDER_2BITDELTAS en un fichero .tiff con un valor de BitsPerSample inesperado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of libtiff. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the ThunderDecode codec. While decoding a particular code within a row, the decoder will fail to accommodate for the total expanded size of the row. • http://blackberry.com/btsc/KB27244 http://bugzilla.maptools.org/show_bug.cgi?id=2300 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html http://lists.opensuse.org/opensuse& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2010-2482 – LibTIFF - 'td_stripbytecount' Null Pointer Dereference Remote Denial of Service
https://notcve.org/view.php?id=CVE-2010-2482
LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443. LibTIFF v3.9.4 y anteriores no manejan adecuadamente el campo invalid td_stripbytecount, lo que pemite a atacantes remotos causar una denegación de servicio (desreferencia de puntero nulo y caída de programa) a través de un fichero TIFF manipulado, una vulnerabilidad diferente que CVE-2010-2443. • https://www.exploit-db.com/exploits/14573 http://bugzilla.maptools.org/show_bug.cgi?id=1996 http://marc.info/?l=oss-security&m=127736307002102&w=2 http://marc.info/?l=oss-security&m=127738540902757&w=2 http://marc.info/?l=oss-security&m=127797353202873&w=2 http://secunia.com/advisories/40422 http://secunia.com/advisories/50726 http://security.gentoo.org/glsa/glsa-201209-02.xml http://www.debian.org/security/2012/dsa-2552 http://www.openwall.com/lists/oss& •
CVE-2009-2347 – libtiff: integer overflows in various inter-color spaces conversion tools (crash, ACE)
https://notcve.org/view.php?id=CVE-2009-2347
Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr. Múltiples desbordamientos de enteros en las herramientas de conversión de inter-color spaces de libtiff v3.8 hasta v3.8.2 y v4.0, permiten a atacantes dependientes del contexto ejecutar código de su elección a través de una imagen TIFF con valores grandes para el (1) ancho y (2) alto. Esto provoca un desbordamiento de búfer basado en memoria dinámica -heap- en (a) la función cvt_whole_image de tiff2rgba y (b) la función tiffcvt de rgb2ycbcr. • http://article.gmane.org/gmane.linux.debian.devel.changes.unstable/178563 http://bugzilla.maptools.org/show_bug.cgi?id=2079 http://osvdb.org/55821 http://osvdb.org/55822 http://secunia.com/advisories/35811 http://secunia.com/advisories/35817 http://secunia.com/advisories/35866 http://secunia.com/advisories/35883 http://secunia.com/advisories/35911 http://secunia.com/advisories/36194 http://secunia.com/advisories/50726 http://security.gentoo.org/glsa/glsa-200908-03.xml • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •