CVE-2010-4665 – libtiff tiffdump integer overflow
https://notcve.org/view.php?id=CVE-2010-4665
Integer overflow in the ReadDirectory function in tiffdump.c in tiffdump in LibTIFF before 3.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF file containing a directory data structure with many directory entries. Desbordamiento de enteros en la función ReadDirectory en tiffdump.c en tiffdump en LibTIFF antes de v3.9.5 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente tener un impacto no especificado a través de un archivo TIFF debidamente modificado que contiene una estructura de directorios de datos con muchas entradas de directorio. • http://bugzilla.maptools.org/show_bug.cgi?id=2218 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058478.html http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html http://openwall.com/lists/oss-security/2011/04/12/10 http://secunia.com/advisories/44271 http://secunia.com/advisories/50726 http://security.gentoo.org/glsa/glsa-201209-02.xml http://ubuntu.com/usn/usn-1416-1 http://www.debian.org/security/2012/dsa-2552 http://www& • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVE-2009-5022 – IrfanView - '.TIF' Image Decompression Buffer Overflow
https://notcve.org/view.php?id=CVE-2009-5022
Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file. Desbordamiento de búfer basado en memoria dinámica en tif_ojpeg.c en el decodificador OJPEG en LibTIFF anterior a v3.9.5 permite a atacantes remotos ejecutar código arbitrario mediante un fichero TIFF manipulado. • https://www.exploit-db.com/exploits/22681 http://bugzilla.maptools.org/show_bug.cgi?id=1999 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058478.html http://openwall.com/lists/oss-security/2011/04/12/10 http://secunia.com/advisories/44271 http://secunia.com/advisories/50726 http://security.gentoo.org/glsa/glsa-201209-02.xml http://securitytracker.com/id?1025380 http://www.debian.org/security/2011/dsa-2256 http://www.mandriva.com/security/advisories? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-1167 – Libtiff ThunderCode Decoder THUNDER_2BITDELTAS Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1167
Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value. Desbordamiento de búfer basado en memoria dinámica en el decodificador Thunder (tambien conocido por ThunderScan) en tif_thunder.c de LibTIFF v3.9.4 y anteriores ,permite a atacantes remotos causar una denegación de servicio (cuelgue) o ejecutar código arbitrario a través de datos manipulados con THUNDER_2BITDELTAS en un fichero .tiff con un valor de BitsPerSample inesperado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of libtiff. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the ThunderDecode codec. While decoding a particular code within a row, the decoder will fail to accommodate for the total expanded size of the row. • http://blackberry.com/btsc/KB27244 http://bugzilla.maptools.org/show_bug.cgi?id=2300 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html http://lists.opensuse.org/opensuse& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2010-3087
https://notcve.org/view.php?id=CVE-2010-3087
LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF image. LibTIFF anterior v3.9.2-5.2.1 en SUSE openSUSE v11.3 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) o probablemente ejecutar código de su elección a través de una imagen TIFF manipulada. • http://blackberry.com/btsc/KB27244 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://secunia.com/advisories/50726 http://security.gentoo.org/glsa/glsa-201209-02.xml http://support.novell.com/security/cve/CVE-2010-3087.html https://bugzilla.novell.com/show_bug.cgi?id=624215 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-2630 – LibTIFF 3.9.4 - Out-Of-Order Tag Type Mismatch Remote Denial of Service
https://notcve.org/view.php?id=CVE-2010-2630
The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481. La función TIFFReadDirectory en LibTIFF v3.9.0 no valida adecuadamente los tipos de datos de etiquetas codec-specific que tiene una posición fuera de orden en los ficheros TIFF, lo que permite a atacantes remotos causar una denegación de servicio (caída programa) a través de ficheros manipulados, una vulnerabilidad diferente que CVE-2010-2481. • https://www.exploit-db.com/exploits/34278 http://bugzilla.maptools.org/show_bug.cgi?id=2210 http://secunia.com/advisories/50726 http://security.gentoo.org/glsa/glsa-201209-02.xml http://www.debian.org/security/2012/dsa-2552 https://bugzilla.redhat.com/show_bug.cgi?id=554371 • CWE-20: Improper Input Validation •