Page 22 of 107 results (0.002 seconds)

CVSS: 6.8EPSS: 2%CPEs: 6EXPL: 0

CVE-2010-2067

https://notcve.org/view.php?id=CVE-2010-2067

Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file. Desbordamiento de búfer basado en pila en la función TIFFFetchSubjectDistance en tif_dirread.c en LibTIFF anterior v3.9.4 permite a atacantes remotos causar una denegación de servicio (caída aplicación)o probablemente ejecutar código de su elección a través de un campo SubjectDistance largo en un fichero TIFF. • http://bugzilla.maptools.org/show_bug.cgi?id=2212 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=874 http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://marc.info/?l=oss-security&m=127731610612908&w=2 http://osvdb.org/65676 http://secunia.com/advisories/40241 http://secunia.com/advisories/40381 http://secunia.com/advisories/50726 http://security.gentoo.org/glsa/glsa-201209-02.xml http://slackware.com/security/viewer.php?l= • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0

CVE-2009-2347 – libtiff: integer overflows in various inter-color spaces conversion tools (crash, ACE)

https://notcve.org/view.php?id=CVE-2009-2347

Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr. Múltiples desbordamientos de enteros en las herramientas de conversión de inter-color spaces de libtiff v3.8 hasta v3.8.2 y v4.0, permiten a atacantes dependientes del contexto ejecutar código de su elección a través de una imagen TIFF con valores grandes para el (1) ancho y (2) alto. Esto provoca un desbordamiento de búfer basado en memoria dinámica -heap- en (a) la función cvt_whole_image de tiff2rgba y (b) la función tiffcvt de rgb2ycbcr. • http://article.gmane.org/gmane.linux.debian.devel.changes.unstable/178563 http://bugzilla.maptools.org/show_bug.cgi?id=2079 http://osvdb.org/55821 http://osvdb.org/55822 http://secunia.com/advisories/35811 http://secunia.com/advisories/35817 http://secunia.com/advisories/35866 http://secunia.com/advisories/35883 http://secunia.com/advisories/35911 http://secunia.com/advisories/36194 http://secunia.com/advisories/50726 http://security.gentoo.org/glsa/glsa-200908-03.xml • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •