CVE-2009-5022 – IrfanView - '.TIF' Image Decompression Buffer Overflow
https://notcve.org/view.php?id=CVE-2009-5022
Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file. Desbordamiento de búfer basado en memoria dinámica en tif_ojpeg.c en el decodificador OJPEG en LibTIFF anterior a v3.9.5 permite a atacantes remotos ejecutar código arbitrario mediante un fichero TIFF manipulado. • https://www.exploit-db.com/exploits/22681 http://bugzilla.maptools.org/show_bug.cgi?id=1999 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058478.html http://openwall.com/lists/oss-security/2011/04/12/10 http://secunia.com/advisories/44271 http://secunia.com/advisories/50726 http://security.gentoo.org/glsa/glsa-201209-02.xml http://securitytracker.com/id?1025380 http://www.debian.org/security/2011/dsa-2256 http://www.mandriva.com/security/advisories? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-1167 – Libtiff ThunderCode Decoder THUNDER_2BITDELTAS Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1167
Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value. Desbordamiento de búfer basado en memoria dinámica en el decodificador Thunder (tambien conocido por ThunderScan) en tif_thunder.c de LibTIFF v3.9.4 y anteriores ,permite a atacantes remotos causar una denegación de servicio (cuelgue) o ejecutar código arbitrario a través de datos manipulados con THUNDER_2BITDELTAS en un fichero .tiff con un valor de BitsPerSample inesperado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of libtiff. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the ThunderDecode codec. While decoding a particular code within a row, the decoder will fail to accommodate for the total expanded size of the row. • http://blackberry.com/btsc/KB27244 http://bugzilla.maptools.org/show_bug.cgi?id=2300 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html http://lists.opensuse.org/opensuse& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2010-2630 – LibTIFF 3.9.4 - Out-Of-Order Tag Type Mismatch Remote Denial of Service
https://notcve.org/view.php?id=CVE-2010-2630
The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481. La función TIFFReadDirectory en LibTIFF v3.9.0 no valida adecuadamente los tipos de datos de etiquetas codec-specific que tiene una posición fuera de orden en los ficheros TIFF, lo que permite a atacantes remotos causar una denegación de servicio (caída programa) a través de ficheros manipulados, una vulnerabilidad diferente que CVE-2010-2481. • https://www.exploit-db.com/exploits/34278 http://bugzilla.maptools.org/show_bug.cgi?id=2210 http://secunia.com/advisories/50726 http://security.gentoo.org/glsa/glsa-201209-02.xml http://www.debian.org/security/2012/dsa-2552 https://bugzilla.redhat.com/show_bug.cgi?id=554371 • CWE-20: Improper Input Validation •
CVE-2010-2631 – LibTIFF 3.9.4 - Unknown Tag Second Pass Processing Remote Denial of Service
https://notcve.org/view.php?id=CVE-2010-2631
LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during the second stage, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481. LibTIFF v3.9.0 ignora las etiquetas en ciertas situaciones durante la primera etapa del procesado de archivos TIFF y no los maneja adecuadamente durante la segunda etapa, lo cual permite a los atacantes remotos causar una denegación de servicio (fallo de la aplicación) a través de ficheros manipulados, una vulnerabilidad distinta a CVE-2010-2481. • https://www.exploit-db.com/exploits/34279 http://bugzilla.maptools.org/show_bug.cgi?id=2210 http://secunia.com/advisories/50726 http://security.gentoo.org/glsa/glsa-201209-02.xml • CWE-20: Improper Input Validation •
CVE-2010-2481 – libtiff: TIFFExtractData out-of-bounds read crash
https://notcve.org/view.php?id=CVE-2010-2481
The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file. La macro TIFFExtractData en LibTIFF anteior v3.9.4 no maneja adecuadamente tipos de etiquetas desconocidas en entradas de directorios TIFF, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango y caída de programa) a través de ficheros TIFF manipulados. • http://bugzilla.maptools.org/show_bug.cgi?id=2210 http://marc.info/?l=oss-security&m=127731610612908&w=2 http://marc.info/?l=oss-security&m=127736307002102&w=2 http://marc.info/?l=oss-security&m=127738540902757&w=2 http://marc.info/? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •