CVE-2017-5225
https://notcve.org/view.php?id=CVE-2017-5225
LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value. LibTIFF en la versión 4.0.7 es vulnerable a un desbordamiento de búfer de memoria dinámica en tools/tiffcp resultando en un DoS o ejecución de código a través de un valor BitsPerSample manipulado. • http://bugzilla.maptools.org/show_bug.cgi?id=2656 http://bugzilla.maptools.org/show_bug.cgi?id=2657 http://www.debian.org/security/2017/dsa-3844 http://www.securityfocus.com/bid/95413 http://www.securitytracker.com/id/1037911 https://github.com/vadz/libtiff/commit/5c080298d59efa53264d7248bbe3a04660db6ef7 https://security.gentoo.org/glsa/201709-27 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-5652 – libtiff: tiff2pdf JPEG Compression Tables Heap Buffer Overflow
https://notcve.org/view.php?id=CVE-2016-5652
An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means. Existe un desbordamiento de búfer basado en memoria dinámica explotable en el manejo de imágenes TIFF en la herramienta LibTIFF's TIFF2PDF. Un documento TIFF manipulado puede conducir a un desbordamiento de búfer basado en memoria dinámica resultando en ejecución remota de código. • http://rhn.redhat.com/errata/RHSA-2017-0225.html http://www.debian.org/security/2017/dsa-3762 http://www.securityfocus.com/bid/93902 http://www.talosintelligence.com/reports/TALOS-2016-0187 https://security.gentoo.org/glsa/201701-16 https://access.redhat.com/security/cve/CVE-2016-5652 https://bugzilla.redhat.com/show_bug.cgi?id=1389222 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2015-8870 – libtiff: Integer overflow in tools/bmp2tiff.c
https://notcve.org/view.php?id=CVE-2015-8870
Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file. Desbordamiento de entero en tools/bmp2tiff.c en LibTIFF en versiones anteriores a 4.0.4 permite a atacantes remotos provocar una denegación de servicio (sobre lectura de búfer basado en memoria dinámica), o posiblemente obtener información sensible de la memoria de proceso, a través de valores de anchura y longitud manipulados en datos RLE4 o RLE8 en un archivo BMP. • http://download.osgeo.org/libtiff/tiff-4.0.4.tar.gz http://rhn.redhat.com/errata/RHSA-2017-0225.html http://www.floyd.ch/?p=874BMP http://www.securityfocus.com/bid/94717 https://access.redhat.com/security/cve/CVE-2015-8870 https://bugzilla.redhat.com/show_bug.cgi?id=1402778 • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound •
CVE-2016-9538
https://notcve.org/view.php?id=CVE-2016-9538
tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100. tools/tiffcrop.c en libtiff 4.0.6 lee un búfer no definido en readContigStripsIntoBuffer() a causa de un desbordamiento de entero uint16. Reportado como MSVR 35100. • http://www.debian.org/security/2017/dsa-3762 http://www.securityfocus.com/bid/94484 http://www.securityfocus.com/bid/94753 https://github.com/vadz/libtiff/commit/43c0b81a818640429317c80fea1e66771e85024b#diff-c8b4b355f9b5c06d585b23138e1c185f • CWE-190: Integer Overflow or Wraparound •
CVE-2016-9536 – libtiff: t2p_process_jpeg_strip heap-buffer-overflow
https://notcve.org/view.php?id=CVE-2016-9536
tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka "t2p_process_jpeg_strip heap-buffer-overflow." tools/tiff2pdf.c en libtiff 4.0.6 tiene vulnerabilidades de escritura fuera de límites en bufers alojados en memoria dinámica en t2p_process_jpeg_strip(). Reportado como MSVR 35098, vulnerabilidad también conocida como "t2p_process_jpeg_strip heap-buffer-overflow". • http://rhn.redhat.com/errata/RHSA-2017-0225.html http://www.debian.org/security/2017/dsa-3762 http://www.securityfocus.com/bid/94484 http://www.securityfocus.com/bid/94745 https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5173a9b3b48146e4fd86d7b9b346115e https://access.redhat.com/security/cve/CVE-2016-9536 https://bugzilla.redhat.com/show_bug.cgi?id=1397758 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •