CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-5317
https://notcve.org/view.php?id=CVE-2016-5317
Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file. Desbordamiento de búfer en la función PixarLogDecode en libtiff.so en la función PixarLogDecode en libtiff 4.0.6 y versiones anteriores, como se utiliza en GNOME nautilus, permite a atacantes provocar un ataque de denegación de servicio (caída) a través de un archivo TIFF manipulado. • http://lists.opensuse.org/opensuse-updates/2016-07/msg00087.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00060.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00090.html http://www.debian.org/security/2017/dsa-3762 http://www.openwall.com/lists/oss-security/2016/06/15/10 http://www.openwall.com/lists/oss-security/2016/06/15/5 http://www.securityfocus.com/bid/91208 https://security.gentoo.org/glsa/201701-16 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9297
https://notcve.org/view.php?id=CVE-2016-9297
The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values. La función TIFFFetchNormalTag en LibTiff 4.0.6 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de valores de etiqueta TIFF_SETGET_C16ASCII o TIFF_SETGET_C32_ASCII manipulados. • http://bugzilla.maptools.org/show_bug.cgi?id=2590 http://www.debian.org/security/2017/dsa-3762 http://www.openwall.com/lists/oss-security/2016/11/12/2 http://www.openwall.com/lists/oss-security/2016/11/14/7 http://www.securityfocus.com/bid/94419 https://security.gentoo.org/glsa/201701-16 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9273
https://notcve.org/view.php?id=CVE-2016-9273
tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode. tiffsplit en libtiff 4.0.6 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo manipulado, relacionado con el cambio de td_nstrips en el modo TIFF_STRIPCHOP. • http://bugzilla.maptools.org/show_bug.cgi?id=2587 http://www.debian.org/security/2017/dsa-3762 http://www.openwall.com/lists/oss-security/2016/11/09/20 http://www.openwall.com/lists/oss-security/2016/11/11/6 http://www.securityfocus.com/bid/94271 https://security.gentoo.org/glsa/201701-16 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2017-5225
https://notcve.org/view.php?id=CVE-2017-5225
LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value. LibTIFF en la versión 4.0.7 es vulnerable a un desbordamiento de búfer de memoria dinámica en tools/tiffcp resultando en un DoS o ejecución de código a través de un valor BitsPerSample manipulado. • http://bugzilla.maptools.org/show_bug.cgi?id=2656 http://bugzilla.maptools.org/show_bug.cgi?id=2657 http://www.debian.org/security/2017/dsa-3844 http://www.securityfocus.com/bid/95413 http://www.securitytracker.com/id/1037911 https://github.com/vadz/libtiff/commit/5c080298d59efa53264d7248bbe3a04660db6ef7 https://security.gentoo.org/glsa/201709-27 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 1%CPEs: 1EXPL: 1CVE-2016-5652 – libtiff: tiff2pdf JPEG Compression Tables Heap Buffer Overflow
https://notcve.org/view.php?id=CVE-2016-5652
An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means. Existe un desbordamiento de búfer basado en memoria dinámica explotable en el manejo de imágenes TIFF en la herramienta LibTIFF's TIFF2PDF. Un documento TIFF manipulado puede conducir a un desbordamiento de búfer basado en memoria dinámica resultando en ejecución remota de código. • http://rhn.redhat.com/errata/RHSA-2017-0225.html http://www.debian.org/security/2017/dsa-3762 http://www.securityfocus.com/bid/93902 http://www.talosintelligence.com/reports/TALOS-2016-0187 https://security.gentoo.org/glsa/201701-16 https://access.redhat.com/security/cve/CVE-2016-5652 https://bugzilla.redhat.com/show_bug.cgi?id=1389222 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •