CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-14973 – libtiff: integer overflow in _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c
https://notcve.org/view.php?id=CVE-2019-14973
14 Aug 2019 — _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash. Múltiples vulnerabilidades no especificadas en Oracle Database versiones 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5 y 10.2.0.3, presentan un impacto desconocido y vectores de ataque remotos no autenticados o autenticados relacionados con (1) SYS. DBMS_AQ en ... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00102.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 1CVE-2019-7663 – Debian Security Advisory 4670-1
https://notcve.org/view.php?id=CVE-2019-7663
09 Feb 2019 — An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900. Se ha descubierto una desreferencia de dirección inválida en TIFFWriteDirectoryTagTransferfunction en libtiff/tif_dirwrite.c en LibTIFF 4.0.10, que afecta a la función cpSepar... • http://bugzilla.maptools.org/show_bug.cgi?id=2833 •
CVSS: 8.8EPSS: 4%CPEs: 8EXPL: 1CVE-2019-6128 – Gentoo Linux Security Advisory 202003-25
https://notcve.org/view.php?id=CVE-2019-6128
11 Jan 2019 — The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb. La función TIFFdOpen en tif_unix.c en LibTIFF 4.0.10 tiene una fuga de memoria, tal y como queda demostrado con pal2rgb. It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user priv... • http://bugzilla.maptools.org/show_bug.cgi?id=2836 • CWE-401: Missing Release of Memory after Effective Lifetime •