CVE-2006-2026 – LibTiff 3.x - Double-Free Memory Corruption
https://notcve.org/view.php?id=CVE-2006-2026
Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers errors related to "setfield/getfield methods in cleanup functions." • https://www.exploit-db.com/exploits/27765 ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc http://bugzilla.remotesensing.org/show_bug.cgi?id=1102 http://secunia.com/advisories/19838 http://secunia.com/advisories/19897 http://secunia.com/advisories/19936 http://secunia.com/advisories/19949 http://secunia.com/advisories/19964 http://secunia.com/advisories/20021 http://secunia.com/advisories/20023 http://secunia.com/advisories/20210 http://secunia.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2005-2452
https://notcve.org/view.php?id=CVE-2005-2452
libtiff up to 3.7.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image header with a zero "YCbCr subsampling" value, which causes a divide-by-zero error in (1) tif_strip.c and (2) tif_tile.c, a different vulnerability than CVE-2004-0804. libtiff hasta 3.7.0 permite que atacantes remotos causen una denegación de servicio (caída de la aplicación) mediante un encabezamiento de imagen TIFF con un valor cero para "YCbCr subsampling", lo que causa un error de división por cero en (1) tif_strip.c y (2) tif_tile.c, una vulnerabilidad diferente de CVE-2004-0804. • http://secunia.com/advisories/16266 http://secunia.com/advisories/16486 http://www.mandriva.com/security/advisories?name=MDKSA-2005:142 http://www.mandriva.com/security/advisories?name=MDKSA-2005:143 http://www.mandriva.com/security/advisories?name=MDKSA-2005:144 http://www.securityfocus.com/bid/14417 https://bugzilla.ubuntu.com/show_bug.cgi?id=12008 https://usn.ubuntu.com/156-1 •
CVE-2005-1544 – LibTiff 3.7.1 - BitsPerSample Tag Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2005-1544
Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag. • https://www.exploit-db.com/exploits/1554 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.3/SCOSA-2006.3.txt ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.34/SCOSA-2005.34.txt http://bugs.gentoo.org/show_bug.cgi?id=91584 http://bugzilla.remotesensing.org/show_bug.cgi?id=843 http://secunia.com/advisories/15320 http://secunia.com/advisories/16872 http://secunia.com/advisories/18289 http://secunia.com/advisories/18943 http://securitytracker.com/id?1013944 h •
CVE-2004-1183
https://notcve.org/view.php?id=CVE-2004-1183
Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF file. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000920 http://marc.info/?l=bugtraq&m=110503635113419&w=2 http://secunia.com/advisories/13728 http://secunia.com/advisories/13776 http://security.gentoo.org/glsa/glsa-200501-06.xml http://www.debian.org/security/2004/dsa-626 http://www.mandriva.com/security/advisories?name=MDKSA-2005:001 http://www.mandriva.com/security/advisories?name=MDKSA-2005:002 http://www.mandriva.com/security/advisories? •
CVE-2004-1308
https://notcve.org/view.php?id=CVE-2004-1308
Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000920 http://lists.apple.com/archives/security-announce/2005/May/msg00001.html http://secunia.com/advisories/13776 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1 http://www.debian.org/security/2004/dsa-617 http://www.idefense.com/application/poi/display?id=174&type=vulnerabilities http://www.kb.cert.org/vuls/id/125598 http://w •