Page 3 of 39 results (0.027 seconds)

CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0

A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c. • https://access.redhat.com/security/cve/CVE-2023-30775 https://bugzilla.redhat.com/show_bug.cgi?id=2187141 https://gitlab.com/libtiff/libtiff/-/issues/464 https://security.netapp.com/advisory/ntap-20230703-0002 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x. • https://gitlab.com/libtiff/libtiff/-/issues/536 https://gitlab.com/libtiff/libtiff/-/issues/536%2C https://gitlab.com/libtiff/libtiff/-/issues/537 https://support.apple.com/kb/HT213844 • CWE-125: Out-of-bounds Read •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1

LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125. A flaw was found in tiffcp, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the tiffcp function in tools/tiffcp.c, resulting in a denial of service and limited information disclosure. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4645.json https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246 https://gitlab.com/libtiff/libtiff/-/issues/277 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZTFA6GGOKFPIQNHDBMXYUR4XUXUJESE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BA6GRCAQ7NR2OK5N44UQRGUJBIYKWJJH https://lists.fedoraproject.org/archives/list/package-announce%40lists.f • CWE-125: Out-of-bounds Read •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the _TIFFmemcpy function in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0797.json https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68 https://gitlab.com/libtiff/libtiff/-/issues/495 https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html https://security.gentoo.org/glsa/202305-31 https://www.debian.org/security/2023/dsa-5361 https://access.redhat.com/security/cve/CVE-2023-0797 https://bugzilla.redhat.com/show_bug.cgi?id=2170151 • CWE-125: Out-of-bounds Read •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1

LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0800.json https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00 https://gitlab.com/libtiff/libtiff/-/issues/496 https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html https://security.gentoo.org/glsa/202305-31 https://security.netapp.com/advisory/ntap-20230316-0002 https://www.debian.org/security/2023/dsa-5361 https://access.redhat.com/security/cve/CVE-2023-0800 https: • CWE-787: Out-of-bounds Write •