Page 4 of 119 results (0.018 seconds)

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-0799 – libtiff: use-after-free in extractContigSamplesShifted32bits() in tools/tiffcrop.c

https://notcve.org/view.php?id=CVE-2023-0799

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to a use-after-free problem in the extractContigSamplesShifted32bits function in tools/tiffcrop.c, resulting in a Denial of Service. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0799.json https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68 https://gitlab.com/libtiff/libtiff/-/issues/494 https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html https://security.gentoo.org/glsa/202305-31 https://security.netapp.com/advisory/ntap-20230316-0003 https://www.debian.org/security/2023/dsa-5361 https://access.redhat.com/security/cve/CVE-2023-0799 https: • CWE-416: Use After Free •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-0800 – libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c

https://notcve.org/view.php?id=CVE-2023-0800

LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0800.json https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00 https://gitlab.com/libtiff/libtiff/-/issues/496 https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html https://security.gentoo.org/glsa/202305-31 https://security.netapp.com/advisory/ntap-20230316-0002 https://www.debian.org/security/2023/dsa-5361 https://access.redhat.com/security/cve/CVE-2023-0800 https: • CWE-787: Out-of-bounds Write •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-0801 – libtiff: out-of-bounds write in _TIFFmemcpy() in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c

https://notcve.org/view.php?id=CVE-2023-0801

LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the _TIFFmemcpy function in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0801.json https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00 https://gitlab.com/libtiff/libtiff/-/issues/498 https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html https://security.gentoo.org/glsa/202305-31 https://security.netapp.com/advisory/ntap-20230316-0002 https://www.debian.org/security/2023/dsa-5361 https://access.redhat.com/security/cve/CVE-2023-0801 https: • CWE-787: Out-of-bounds Write •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-0802 – libtiff: out-of-bounds write in extractContigSamplesShifted32bits() in tools/tiffcrop.c

https://notcve.org/view.php?id=CVE-2023-0802

LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted32bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0802.json https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00 https://gitlab.com/libtiff/libtiff/-/issues/500 https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html https://security.gentoo.org/glsa/202305-31 https://security.netapp.com/advisory/ntap-20230316-0002 https://www.debian.org/security/2023/dsa-5361 https://access.redhat.com/security/cve/CVE-2023-0802 https: • CWE-787: Out-of-bounds Write •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-0803 – libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c

https://notcve.org/view.php?id=CVE-2023-0803

LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0803.json https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00 https://gitlab.com/libtiff/libtiff/-/issues/501 https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html https://security.gentoo.org/glsa/202305-31 https://security.netapp.com/advisory/ntap-20230316-0002 https://www.debian.org/security/2023/dsa-5361 https://access.redhat.com/security/cve/CVE-2023-0803 https: • CWE-787: Out-of-bounds Write •