CVE-2006-2025 – LibTiff 3.x - TIFFFetchData Integer Overflow
https://notcve.org/view.php?id=CVE-2006-2025
Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image. • https://www.exploit-db.com/exploits/27764 ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc http://bugzilla.remotesensing.org/show_bug.cgi?id=1102 http://secunia.com/advisories/19838 http://secunia.com/advisories/19897 http://secunia.com/advisories/19936 http://secunia.com/advisories/19949 http://secunia.com/advisories/19964 http://secunia.com/advisories/20021 http://secunia.com/advisories/20023 http://secunia.com/advisories/20210 http://secunia.com •
CVE-2006-2026 – LibTiff 3.x - Double-Free Memory Corruption
https://notcve.org/view.php?id=CVE-2006-2026
Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers errors related to "setfield/getfield methods in cleanup functions." • https://www.exploit-db.com/exploits/27765 ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc http://bugzilla.remotesensing.org/show_bug.cgi?id=1102 http://secunia.com/advisories/19838 http://secunia.com/advisories/19897 http://secunia.com/advisories/19936 http://secunia.com/advisories/19949 http://secunia.com/advisories/19964 http://secunia.com/advisories/20021 http://secunia.com/advisories/20023 http://secunia.com/advisories/20210 http://secunia.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2006-0405
https://notcve.org/view.php?id=CVE-2006-0405
The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a NULL pointer dereference, possibly due to changes in type declarations and/or the TIFFVSetField function. La función TIFFFetchShortPair en tif_dirread.c en libtiff 3.8.0 permite a atacantes remotos causar una denegación de servicio (caída de aplicación) mediante una imagen TIFF artesanal que dispara una desreferencia a puntero NULO, posiblemente debido a cambios en declaraciones de tipos y/o la función TIFFVSetField. • http://bugzilla.remotesensing.org/show_bug.cgi?id=1029 http://bugzilla.remotesensing.org/show_bug.cgi?id=1034 http://secunia.com/advisories/18587 http://secunia.com/advisories/20345 http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml http://www.securityfocus.com/bid/18172 http://www.vupen.com/english/advisories/2006/0302 https://exchange.xforce.ibmcloud.com/vulnerabilities/24275 •
CVE-2005-2452
https://notcve.org/view.php?id=CVE-2005-2452
libtiff up to 3.7.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image header with a zero "YCbCr subsampling" value, which causes a divide-by-zero error in (1) tif_strip.c and (2) tif_tile.c, a different vulnerability than CVE-2004-0804. libtiff hasta 3.7.0 permite que atacantes remotos causen una denegación de servicio (caída de la aplicación) mediante un encabezamiento de imagen TIFF con un valor cero para "YCbCr subsampling", lo que causa un error de división por cero en (1) tif_strip.c y (2) tif_tile.c, una vulnerabilidad diferente de CVE-2004-0804. • http://secunia.com/advisories/16266 http://secunia.com/advisories/16486 http://www.mandriva.com/security/advisories?name=MDKSA-2005:142 http://www.mandriva.com/security/advisories?name=MDKSA-2005:143 http://www.mandriva.com/security/advisories?name=MDKSA-2005:144 http://www.securityfocus.com/bid/14417 https://bugzilla.ubuntu.com/show_bug.cgi?id=12008 https://usn.ubuntu.com/156-1 •
CVE-2005-1544 – LibTiff 3.7.1 - BitsPerSample Tag Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2005-1544
Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag. • https://www.exploit-db.com/exploits/1554 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.3/SCOSA-2006.3.txt ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.34/SCOSA-2005.34.txt http://bugs.gentoo.org/show_bug.cgi?id=91584 http://bugzilla.remotesensing.org/show_bug.cgi?id=843 http://secunia.com/advisories/15320 http://secunia.com/advisories/16872 http://secunia.com/advisories/18289 http://secunia.com/advisories/18943 http://securitytracker.com/id?1013944 h •