CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30775 – libtiff: Heap buffer overflow in extractContigSamples32bits, tiffcrop.c
https://notcve.org/view.php?id=CVE-2023-30775
A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c. • https://access.redhat.com/security/cve/CVE-2023-30775 https://bugzilla.redhat.com/show_bug.cgi?id=2187141 https://gitlab.com/libtiff/libtiff/-/issues/464 https://security.netapp.com/advisory/ntap-20230703-0002 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30086 – libtiff: Heap buffer overflow in tiffcp() at tiffcp.c
https://notcve.org/view.php?id=CVE-2023-30086
Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c. A vulnerability was found in the libtiff library. This flaw causes a buffer overflow in libtiff that allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c. • http://libtiff-release-v4-0-7.com http://tiffcp.com https://gitlab.com/libtiff/libtiff/-/issues/538 https://security.netapp.com/advisory/ntap-20230616-0003 https://access.redhat.com/security/cve/CVE-2023-30086 https://bugzilla.redhat.com/show_bug.cgi?id=2203650 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2023-1916
https://notcve.org/view.php?id=CVE-2023-1916
A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x. • https://gitlab.com/libtiff/libtiff/-/issues/536 https://gitlab.com/libtiff/libtiff/-/issues/536%2C https://gitlab.com/libtiff/libtiff/-/issues/537 https://support.apple.com/kb/HT213844 • CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4645 – libtiff: out-of-bounds read in tiffcp in tools/tiffcp.c
https://notcve.org/view.php?id=CVE-2022-4645
LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125. A flaw was found in tiffcp, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the tiffcp function in tools/tiffcp.c, resulting in a denial of service and limited information disclosure. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4645.json https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246 https://gitlab.com/libtiff/libtiff/-/issues/277 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZTFA6GGOKFPIQNHDBMXYUR4XUXUJESE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BA6GRCAQ7NR2OK5N44UQRGUJBIYKWJJH https://lists.fedoraproject.org/archives/list/package-announce%40lists.f • CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0797 – libtiff: out-of-bounds read in _TIFFmemcpy() in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c
https://notcve.org/view.php?id=CVE-2023-0797
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the _TIFFmemcpy function in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0797.json https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68 https://gitlab.com/libtiff/libtiff/-/issues/495 https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html https://security.gentoo.org/glsa/202305-31 https://www.debian.org/security/2023/dsa-5361 https://access.redhat.com/security/cve/CVE-2023-0797 https://bugzilla.redhat.com/show_bug.cgi?id=2170151 • CWE-125: Out-of-bounds Read •