CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2016-9537 – libtiff: Out-of-bounds write vulnerabilities in tools/tiffcrop.c
https://notcve.org/view.php?id=CVE-2016-9537
tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096, and MSVR 35097. tools/tiffcrop.c en libtiff 4.0.6 tiene vulnerabilidades de escritura fuera de límites en bufers. Reportado como MSVR 35093, MSVR 35096 y MSVR 35097. • http://rhn.redhat.com/errata/RHSA-2017-0225.html http://www.debian.org/security/2017/dsa-3762 http://www.securityfocus.com/bid/94484 http://www.securityfocus.com/bid/94746 https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-c8b4b355f9b5c06d585b23138e1c185f https://access.redhat.com/security/cve/CVE-2016-9537 https://bugzilla.redhat.com/show_bug.cgi?id=1397760 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9539
https://notcve.org/view.php?id=CVE-2016-9539
tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092. tools/tiffcrop.c en libtiff 4.0.6 tiene una lectura fuera de límites en readContigTilesIntoBuffer(). Reportado como MSVR 35092. • http://www.securityfocus.com/bid/94484 http://www.securityfocus.com/bid/94754 https://github.com/vadz/libtiff/commit/ae9365db1b271b62b35ce018eac8799b1d5e8a53 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-9535 – libtiff: Predictor heap-buffer-overflow
https://notcve.org/view.php?id=CVE-2016-9535
tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow." tif_predict.h y tif_predict.c en libtiff 4.0.6 tienen aserciones que pueden conducir a fallos de aserción en modo debug, o desbordamientos de búfer en modo de liberación, cuando trata con un tamaño inusual de tile como YCbCr con submuestreo. Reportado como MSVR 35105, vulnerabilidad también conocida como "Predictor heap-buffer-overflow". • http://rhn.redhat.com/errata/RHSA-2017-0225.html http://www.debian.org/security/2017/dsa-3844 http://www.securityfocus.com/bid/94484 http://www.securityfocus.com/bid/94744 https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1 https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33 https://access.redhat.com/security/cve/CVE-2016-9535 https://bugzilla.redhat.com/show_bug.cgi?id=1397755 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 8.1EPSS: 9%CPEs: 1EXPL: 1CVE-2016-8331
https://notcve.org/view.php?id=CVE-2016-8331
An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the application using LibTIFF's tag extension functionality. Existe una vulnerabilidad de ejecución remota de código explotable en el manejo de imágenes TIFF en LibTIFF versión 4.0.6. Un documento TIFF manipulado puede llevar a un tipo de vulnerabilidad de confusión resultando en ejecución remota de código. • http://www.securityfocus.com/bid/93898 http://www.talosintelligence.com/reports/TALOS-2016-0190 https://security.gentoo.org/glsa/201701-16 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3621
https://notcve.org/view.php?id=CVE-2016-3621
The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c lzw" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image. La función LZWEncode en tif_lzw.c en la herramienta bmp2tiff en LibTIFF 4.0.6 y versiones anteriores, cuando la opción "-c lzw" es utilizada, permite a atacantes remotos provocar una denegación de servicios (sobre lectura de búfer) a través de una imagen BMP manipulada. • http://bugzilla.maptools.org/show_bug.cgi?id=2565 http://www.openwall.com/lists/oss-security/2016/04/07/3 http://www.securitytracker.com/id/1035508 https://security.gentoo.org/glsa/201701-16 • CWE-125: Out-of-bounds Read •