CVE-2016-9297
https://notcve.org/view.php?id=CVE-2016-9297
The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values. La función TIFFFetchNormalTag en LibTiff 4.0.6 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de valores de etiqueta TIFF_SETGET_C16ASCII o TIFF_SETGET_C32_ASCII manipulados. • http://bugzilla.maptools.org/show_bug.cgi?id=2590 http://www.debian.org/security/2017/dsa-3762 http://www.openwall.com/lists/oss-security/2016/11/12/2 http://www.openwall.com/lists/oss-security/2016/11/14/7 http://www.securityfocus.com/bid/94419 https://security.gentoo.org/glsa/201701-16 • CWE-125: Out-of-bounds Read •
CVE-2016-9273
https://notcve.org/view.php?id=CVE-2016-9273
tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode. tiffsplit en libtiff 4.0.6 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo manipulado, relacionado con el cambio de td_nstrips en el modo TIFF_STRIPCHOP. • http://bugzilla.maptools.org/show_bug.cgi?id=2587 http://www.debian.org/security/2017/dsa-3762 http://www.openwall.com/lists/oss-security/2016/11/09/20 http://www.openwall.com/lists/oss-security/2016/11/11/6 http://www.securityfocus.com/bid/94271 https://security.gentoo.org/glsa/201701-16 • CWE-125: Out-of-bounds Read •
CVE-2017-5225
https://notcve.org/view.php?id=CVE-2017-5225
LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value. LibTIFF en la versión 4.0.7 es vulnerable a un desbordamiento de búfer de memoria dinámica en tools/tiffcp resultando en un DoS o ejecución de código a través de un valor BitsPerSample manipulado. • http://bugzilla.maptools.org/show_bug.cgi?id=2656 http://bugzilla.maptools.org/show_bug.cgi?id=2657 http://www.debian.org/security/2017/dsa-3844 http://www.securityfocus.com/bid/95413 http://www.securitytracker.com/id/1037911 https://github.com/vadz/libtiff/commit/5c080298d59efa53264d7248bbe3a04660db6ef7 https://security.gentoo.org/glsa/201709-27 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-5652 – libtiff: tiff2pdf JPEG Compression Tables Heap Buffer Overflow
https://notcve.org/view.php?id=CVE-2016-5652
An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means. Existe un desbordamiento de búfer basado en memoria dinámica explotable en el manejo de imágenes TIFF en la herramienta LibTIFF's TIFF2PDF. Un documento TIFF manipulado puede conducir a un desbordamiento de búfer basado en memoria dinámica resultando en ejecución remota de código. • http://rhn.redhat.com/errata/RHSA-2017-0225.html http://www.debian.org/security/2017/dsa-3762 http://www.securityfocus.com/bid/93902 http://www.talosintelligence.com/reports/TALOS-2016-0187 https://security.gentoo.org/glsa/201701-16 https://access.redhat.com/security/cve/CVE-2016-5652 https://bugzilla.redhat.com/show_bug.cgi?id=1389222 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2015-8870 – libtiff: Integer overflow in tools/bmp2tiff.c
https://notcve.org/view.php?id=CVE-2015-8870
Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file. Desbordamiento de entero en tools/bmp2tiff.c en LibTIFF en versiones anteriores a 4.0.4 permite a atacantes remotos provocar una denegación de servicio (sobre lectura de búfer basado en memoria dinámica), o posiblemente obtener información sensible de la memoria de proceso, a través de valores de anchura y longitud manipulados en datos RLE4 o RLE8 en un archivo BMP. • http://download.osgeo.org/libtiff/tiff-4.0.4.tar.gz http://rhn.redhat.com/errata/RHSA-2017-0225.html http://www.floyd.ch/?p=874BMP http://www.securityfocus.com/bid/94717 https://access.redhat.com/security/cve/CVE-2015-8870 https://bugzilla.redhat.com/show_bug.cgi?id=1402778 • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound •