Page 6 of 251 results (0.013 seconds)

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2022-2868 – libtiff: Invalid crop_width and/or crop_length could cause an out-of-bounds read in reverseSamples16bits()

https://notcve.org/view.php?id=CVE-2022-2868

17 Aug 2022 — libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop. La utilidad tiffcrop de libtiff presenta un fallo de comprobación de entrada inapropiada que puede conllevar a una lectura fuera de límites y, en última instancia, causar un fallo si un atacante es capaz de suministrar un archivo diseñado a tiffcrop. An improper input validation flaw was found in libtiff's tiffcrop utili... • https://bugzilla.redhat.com/show_bug.cgi?id=2118863 • CWE-20: Improper Input Validation CWE-1284: Improper Validation of Specified Quantity in Input •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2022-2869 – libtiff: tiffcrop.c has uint32_t underflow which leads to out of bounds read and write in extractContigSamples8bits()

https://notcve.org/view.php?id=CVE-2022-2869

17 Aug 2022 — libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation. La herramienta tiffcrop de libtiff presenta un desbordamiento de uint32_t que conlleva a una lectura y escritura fuera de límites en la rutina ext... • https://bugzilla.redhat.com/show_bug.cgi?id=2118869 • CWE-125: Out-of-bounds Read CWE-191: Integer Underflow (Wrap or Wraparound) CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 2

CVE-2022-34526 – Debian Security Advisory 5333-1

https://notcve.org/view.php?id=CVE-2022-34526

29 Jul 2022 — A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the "tiffsplit" or "tiffcrop" utilities. Se ha descubierto un desbordamiento de pila en la función _TIFFVGetField de Tiffsplit v4.4.0. Esta vulnerabilidad permite a los atacantes provocar una denegación de servicio (DoS) a través de un archivo TIFF manipulado analizado por las utilidades "tiffsplit" o "tiffcrop" It was di... • https://gitlab.com/libtiff/libtiff/-/issues/433 • CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-34266

https://notcve.org/view.php?id=CVE-2022-34266

19 Jul 2022 — The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 allows attackers to cause a denial of service (application crash), a different vulnerability than CVE-2022-0562. When processing a malicious TIFF file, an invalid range may be passed as an argument to the memset() function within TIFFFetchStripThing() in tif_dirread.c. This will cause TIFFFetchStripThing() to segfault after use of an uninitialized resource. El paquete libtiff versión 4.0.3-35.amzn2.0.1 para LibTIFF en Amazon Linux 2 permit... • https://alas.aws.amazon.com/AL2/ALAS-2022-1814.html • CWE-908: Use of Uninitialized Resource •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1

CVE-2022-2056 – libtiff: division by zero issues in tiffcrop

https://notcve.org/view.php?id=CVE-2022-2056

30 Jun 2022 — Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. Un error de División Por Cero en tiffcrop en libtiff versión 4.4.0, permite a atacantes causar una denegación de servicio por medio de un archivo tiff diseñado. Para usuarios que compilan libtiff a partir de las fuentes, la corrección está disponible con el commit f3a5e010 A divide-by-zero vulnerabilit... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2056.json • CWE-369: Divide By Zero •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1

CVE-2022-2057 – libtiff: division by zero issues in tiffcrop

https://notcve.org/view.php?id=CVE-2022-2057

30 Jun 2022 — Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. Un error de División Por Cero en tiffcrop en libtiff versión 4.4.0 permite a atacantes causar una denegación de servicio por medio de un archivo tiff diseñado. Para usuarios que compilan libtiff a partir de las fuentes, la corrección está disponible con el commit f3a5e010 A divide-by-zero vulnerability... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2057.json • CWE-369: Divide By Zero •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1

CVE-2022-2058 – libtiff: division by zero issues in tiffcrop

https://notcve.org/view.php?id=CVE-2022-2058

30 Jun 2022 — Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. Un error de División Por Cero en tiffcrop en libtiff versión 4.4.0, permite a atacantes causar una denegación de servicio por medio de un archivo tiff diseñado. Para usuarios que compilan libtiff a partir de las fuentes, la corrección está disponible con el commit f3a5e010 A divide-by-zero vulnerabilit... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2058.json • CWE-369: Divide By Zero •

CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1

CVE-2022-1622 – Debian Security Advisory 5333-1

https://notcve.org/view.php?id=CVE-2022-1622

11 May 2022 — LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa. La rama maestra de LibTIFF presenta una lectura fuera de límites en LZWDecode en libtiff/tif_lzw.c:619, permitiendo a atacantes causar una denegación de servicio por medio de un archivo tiff diseñado. Para usuarios que compilan libtiff a partir de las fuentes, la ... • http://seclists.org/fulldisclosure/2022/Oct/28 • CWE-125: Out-of-bounds Read •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1

CVE-2022-1623 – Debian Security Advisory 5333-1

https://notcve.org/view.php?id=CVE-2022-1623

11 May 2022 — LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa. La rama maestra de LibTIFF presenta una lectura fuera de límites en LZWDecode en libtiff/tif_lzw.c:624, permitiendo a atacantes causar una denegación de servicio por medio de un archivo tiff diseñado. Para usuarios que compilan libtiff desde las fuentes, la correc... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1623.json • CWE-125: Out-of-bounds Read •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1

CVE-2022-1210 – LibTIFF tiff2ps resource consumption

https://notcve.org/view.php?id=CVE-2022-1210

03 Apr 2022 — A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used. • https://gitlab.com/libtiff/libtiff/-/issues/402 • CWE-400: Uncontrolled Resource Consumption CWE-404: Improper Resource Shutdown or Release •