CVE-2016-5652 – libtiff: tiff2pdf JPEG Compression Tables Heap Buffer Overflow
https://notcve.org/view.php?id=CVE-2016-5652
An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means. Existe un desbordamiento de búfer basado en memoria dinámica explotable en el manejo de imágenes TIFF en la herramienta LibTIFF's TIFF2PDF. Un documento TIFF manipulado puede conducir a un desbordamiento de búfer basado en memoria dinámica resultando en ejecución remota de código. • http://rhn.redhat.com/errata/RHSA-2017-0225.html http://www.debian.org/security/2017/dsa-3762 http://www.securityfocus.com/bid/93902 http://www.talosintelligence.com/reports/TALOS-2016-0187 https://security.gentoo.org/glsa/201701-16 https://access.redhat.com/security/cve/CVE-2016-5652 https://bugzilla.redhat.com/show_bug.cgi?id=1389222 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2015-8870 – libtiff: Integer overflow in tools/bmp2tiff.c
https://notcve.org/view.php?id=CVE-2015-8870
Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file. Desbordamiento de entero en tools/bmp2tiff.c en LibTIFF en versiones anteriores a 4.0.4 permite a atacantes remotos provocar una denegación de servicio (sobre lectura de búfer basado en memoria dinámica), o posiblemente obtener información sensible de la memoria de proceso, a través de valores de anchura y longitud manipulados en datos RLE4 o RLE8 en un archivo BMP. • http://download.osgeo.org/libtiff/tiff-4.0.4.tar.gz http://rhn.redhat.com/errata/RHSA-2017-0225.html http://www.floyd.ch/?p=874BMP http://www.securityfocus.com/bid/94717 https://access.redhat.com/security/cve/CVE-2015-8870 https://bugzilla.redhat.com/show_bug.cgi?id=1402778 • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound •
CVE-2016-9538
https://notcve.org/view.php?id=CVE-2016-9538
tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100. tools/tiffcrop.c en libtiff 4.0.6 lee un búfer no definido en readContigStripsIntoBuffer() a causa de un desbordamiento de entero uint16. Reportado como MSVR 35100. • http://www.debian.org/security/2017/dsa-3762 http://www.securityfocus.com/bid/94484 http://www.securityfocus.com/bid/94753 https://github.com/vadz/libtiff/commit/43c0b81a818640429317c80fea1e66771e85024b#diff-c8b4b355f9b5c06d585b23138e1c185f • CWE-190: Integer Overflow or Wraparound •
CVE-2016-9536 – libtiff: t2p_process_jpeg_strip heap-buffer-overflow
https://notcve.org/view.php?id=CVE-2016-9536
tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka "t2p_process_jpeg_strip heap-buffer-overflow." tools/tiff2pdf.c en libtiff 4.0.6 tiene vulnerabilidades de escritura fuera de límites en bufers alojados en memoria dinámica en t2p_process_jpeg_strip(). Reportado como MSVR 35098, vulnerabilidad también conocida como "t2p_process_jpeg_strip heap-buffer-overflow". • http://rhn.redhat.com/errata/RHSA-2017-0225.html http://www.debian.org/security/2017/dsa-3762 http://www.securityfocus.com/bid/94484 http://www.securityfocus.com/bid/94745 https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5173a9b3b48146e4fd86d7b9b346115e https://access.redhat.com/security/cve/CVE-2016-9536 https://bugzilla.redhat.com/show_bug.cgi?id=1397758 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2016-9534 – libtiff: TIFFFlushData1 heap-buffer-overflow
https://notcve.org/view.php?id=CVE-2016-9534
tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow." tif_write.c en libtiff 4.0.6 tiene un problema en la ruta del código de error de TIFFFlushData1() que no restableció los miembros tif_rawcc y tif_rawcp. Reportado como MSVR 35095, vulnerabilidad también conocida como "TIFFFlushData1 heap-buffer-overflow". • http://rhn.redhat.com/errata/RHSA-2017-0225.html http://www.debian.org/security/2017/dsa-3762 http://www.securityfocus.com/bid/94484 http://www.securityfocus.com/bid/94743 https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5be5ce02d0dea67050d5b2a10102d1ba https://access.redhat.com/security/cve/CVE-2016-9534 https://bugzilla.redhat.com/show_bug.cgi?id=1397751 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •