CVSS: 7.5EPSS: 2%CPEs: 10EXPL: 0CVE-2017-16232 – LibTIFF 4.0.8 Memory Leak
https://notcve.org/view.php?id=CVE-2017-16232
21 Dec 2018 — LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue ** EN DISPUTA ** LibTIFF 4.0.8 tiene múltiples vulnerabilidades de fuga de memoria, lo que permite que los atacantes provoquen una denegación de servicio (consumo de memoria), tal y como queda demostrado con tif_open.c, tif_lzw.c y tif_aux.c. NOTA: los terceros eran inca... • http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00036.html • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 1CVE-2018-10963 – libtiff: reachable assertion in TIFFWriteDirectorySec function in tif_dirwrite.c
https://notcve.org/view.php?id=CVE-2018-10963
10 May 2018 — The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726. La función TIFFWriteDirectorySec() en tif_dirwrite.c en LibTIFF hasta la versión 4.0.9 permite que atacantes remotos provoquen una denegación de servicio (fallo de aserción y cierre inesperado de la aplicación) mediante un archivo manipulado. It was discovered that LibT... • http://bugzilla.maptools.org/show_bug.cgi?id=2795 • CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10801
https://notcve.org/view.php?id=CVE-2018-10801
08 May 2018 — TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory leaks, as demonstrated by bmp2tiff. TIFFClientOpen en tif_unix.c en LibTIFF 3.8.2 tiene fugas de memoria, tal y como queda demostrado con bmp2tiff. • http://bugzilla.maptools.org/show_bug.cgi?id=2790 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-10779 – libtiff: heap-based buffer over-read in TIFFWriteScanline function in tif_write.c
https://notcve.org/view.php?id=CVE-2018-10779
07 May 2018 — TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff. TIFFWriteScanline en tif_write.c en LibTIFF 3.8.2 tiene una sobrelectura de búfer basada en memoria dinámica (heap), tal y como queda demostrado con bmp2tiff. An integer overflow has been discovered in libtiff in TIFFSetupStrips:tif_write.c, which could lead to a heap-based buffer overflow in TIFFWriteScanline:tif_write.c. An attacker may use this vulnerability to corrupt memory or cause Denial ... • http://bugzilla.maptools.org/show_bug.cgi?id=2788 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2018-5360
https://notcve.org/view.php?id=CVE-2018-5360
14 Jan 2018 — LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27. LibTIFF 4.0.9 gestiona de manera incorrecta la lectura de archivos TIFF, tal y como demuestra una sobrelectura de búfer basada en memoria dinámica (heap) en la función ReadTIFFImage en coders/tiff.c en GraphicsMagick 1.3.27. • http://bugzilla.maptools.org/show_bug.cgi?id=2500 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-17973
https://notcve.org/view.php?id=CVE-2017-17973
29 Dec 2017 — In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue ** EN DISPUTA ** En LibTIFF 4.0.8, hay un uso de memoria dinámica (heap) previamente liberada en la función t2p_writeproc en tiff2pdf.c. NOTA: hay un informe de terceros que establece que es imposible reproducir este problema. • http://bugzilla.maptools.org/show_bug.cgi?id=2769 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13726 – Ubuntu Security Notice USN-3602-1
https://notcve.org/view.php?id=CVE-2017-13726
29 Aug 2017 — There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack. Es posible abortar aserciones alcanzables en la función TIFFWriteDirectorySec() en LibTIFF 4.0.8 en relación con tif_dirwrite.c y una etiqueta SubIFD. Se podría realizar un ataque de denegación de servicio remoto con una entrada especialmente manipulada. It was discovered that LibTIFF incorrectly handled cer... • http://bugzilla.maptools.org/show_bug.cgi?id=2727 • CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13727 – Ubuntu Security Notice USN-3602-1
https://notcve.org/view.php?id=CVE-2017-13727
29 Aug 2017 — There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack. Es posible abortar aserciones alcanzables en la función TIFFWriteDirectoryTagSubifd() en LibTIFF 4.0.8 en relación con tif_dirwrite.c y una etiqueta SubIFD. Se podría realizar un ataque de denegación de servicio remoto con una entrada especialmente manipulada. It was discovered that LibTIFF incorrectly... • http://bugzilla.maptools.org/show_bug.cgi?id=2728 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12944 – Ubuntu Security Notice USN-3602-1
https://notcve.org/view.php?id=CVE-2017-12944
18 Aug 2017 — The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation. La función TIFFReadDirEntryArray en tif_read.c en LibTIFF 4.0.8 maneja incorrectamente la asignación de memoria para archivos pequeños, lo que permite a los atacantes remotos provocar una denegación de servicio en l... • http://bugzilla.maptools.org/show_bug.cgi?id=2725 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-11613 – Debian Security Advisory 4349-1
https://notcve.org/view.php?id=CVE-2017-11613
26 Jul 2017 — In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. • http://www.securityfocus.com/bid/99977 • CWE-20: Improper Input Validation •