Page 42 of 250 results (0.006 seconds)

CVSS: 7.5EPSS: 7%CPEs: 47EXPL: 0

Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow. Error de signo de entero en la función TIFFReadDirectory en tif_dirread.c en libtiff v3.9.4 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) y posiblemente ejecutar código arbitrario a través de una profundidad en una imagen TIFF, lo que provoca una inadecuada conversión entre los tipos de signo y sin signo, dando lugar a un desbordamiento de búfer basado en memoria dinámica. • http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00010.html http://rhn.redhat.com/errata/RHSA-2012-1054.html http://secunia.com/advisories/49686 http://secunia.com/advisories/50726 http://security.gentoo.org/glsa/glsa-201209-02.xml http://support.apple.com/kb/HT6162 http://support.apple.com/kb/HT6163 http://www.mandriva.com/security/advisories?name=MDVSA-2012:101 http://www.securityfocus. • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •

CVSS: 6.8EPSS: 4%CPEs: 56EXPL: 0

Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. Múltiples desbordamientos de enteros en tiff2pdf en libtiff anterior a v4.0.2 permite a atacantes remotos causar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de una elaborada imagen TIFF, lo que provoca un desbordamiento de búfer basado en memoria dinámica • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00010.html http://rhn.redhat.com/errata/RHSA-2012-1054.html http://secunia.com/advisories/49493 http://secunia.com/advisories/49686 http://secunia.com/advisories/50726 http://security.gentoo.org/glsa/glsa-201209-02.xml http://www.debian.org/security/2012/dsa-2552 http://www.mandriva.com/security/advisories?name=MDVSA-2012:101 http://www.remotesensing.org/libtiff/v4.0.2.html http://www.securityfocus.com/bid/ • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •

CVSS: 7.5EPSS: 9%CPEs: 1EXPL: 0

Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow. Múltiples desbordamientos de entero en v3.9.4 permite a atacantes remotos ejecutar código a través de un tamaño del "tile" manipulado, que no es gestionado de forma adecuada por las funciones (1) gtTileSeparate o (2) gtStripSeparate, produciendo un desbordamiento de memoria dinámica. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LibTIFF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the LibTIFF Library and occurs when the application attempts to allocate space for a tile. When calculating the size for a buffer, the library will perform a multiply which can cause an integer overflow. • http://bugzilla.maptools.org/attachment.cgi?id=477&action=diff http://bugzilla.maptools.org/show_bug.cgi?id=2369 http://home.gdal.org/private/zdi-can-1221/zdi-can-1221.txt http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077463.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078403.html http://lists& • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •

CVSS: 4.3EPSS: 4%CPEs: 47EXPL: 0

Integer overflow in the ReadDirectory function in tiffdump.c in tiffdump in LibTIFF before 3.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF file containing a directory data structure with many directory entries. Desbordamiento de enteros en la función ReadDirectory en tiffdump.c en tiffdump en LibTIFF antes de v3.9.5 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente tener un impacto no especificado a través de un archivo TIFF debidamente modificado que contiene una estructura de directorios de datos con muchas entradas de directorio. • http://bugzilla.maptools.org/show_bug.cgi?id=2218 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058478.html http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html http://openwall.com/lists/oss-security/2011/04/12/10 http://secunia.com/advisories/44271 http://secunia.com/advisories/50726 http://security.gentoo.org/glsa/glsa-201209-02.xml http://ubuntu.com/usn/usn-1416-1 http://www.debian.org/security/2012/dsa-2552 http://www& • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •

CVSS: 7.5EPSS: 26%CPEs: 47EXPL: 4

Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file. Desbordamiento de búfer basado en memoria dinámica en tif_ojpeg.c en el decodificador OJPEG en LibTIFF anterior a v3.9.5 permite a atacantes remotos ejecutar código arbitrario mediante un fichero TIFF manipulado. • https://www.exploit-db.com/exploits/22681 http://bugzilla.maptools.org/show_bug.cgi?id=1999 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058478.html http://openwall.com/lists/oss-security/2011/04/12/10 http://secunia.com/advisories/44271 http://secunia.com/advisories/50726 http://security.gentoo.org/glsa/glsa-201209-02.xml http://securitytracker.com/id?1025380 http://www.debian.org/security/2011/dsa-2256 http://www.mandriva.com/security/advisories? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •