CVSS: 9.3EPSS: 0%CPEs: 7EXPL: 1CVE-2017-9935 – Debian Security Advisory 4100-1
https://notcve.org/view.php?id=CVE-2017-9935
26 Jun 2017 — In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution. En LibTIFF 4.0.8, hay un buffer overflow basado en el heap en la funció... • http://bugzilla.maptools.org/show_bug.cgi?id=2704 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-9815 – Ubuntu Security Notice USN-3602-1
https://notcve.org/view.php?id=CVE-2017-9815
22 Jun 2017 — In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a denial of service (memory leak within the function _TIFFmalloc in tif_unix.c) via a crafted file. En LibTIFF 4.0.7, la función TIFFReadDirEntryLong8Array de libtif/tif_dirread.c hace mal uso de la operación malloc, lo que permite a un atacante remoto causar una denegación de servicio (fuga de memoria dentro de la función _TIFFmalloc en tif_unix.c) mediante un ar... • http://bugzilla.maptools.org/show_bug.cgi?id=2682 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2017-9404 – Ubuntu Security Notice USN-3602-1
https://notcve.org/view.php?id=CVE-2017-9404
02 Jun 2017 — In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file. En LibTIFF 4.0.7 se ha encontrado una vulnerabilidad de filtrado de memoria en la función OJPEGReadHeaderInfoSecTablesQTable en tif_ojpeg.c que permite a los atacantes provocar una denegación de servicio (DoS) mediante un archivo manipulado. It was discovered that LibTIFF incorrectly handled certain malformed images... • http://bugzilla.maptools.org/show_bug.cgi?id=2688 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2017-9403 – Ubuntu Security Notice USN-3602-1
https://notcve.org/view.php?id=CVE-2017-9403
02 Jun 2017 — In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file. Se ha encontrado una vulnerabilidad de filtrado de memoria en LibTIFF 4.0.7 en la función TIFFReadDirEntryLong8Array en tif_dirread.c. Esta vulnerabilidad permite que los atacantes provoquen una denegación de servicio mediante un archivo manipulado. It was discovered that LibTIFF incorrectly handled certain malformed imag... • http://bugzilla.maptools.org/show_bug.cgi?id=2689 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 2%CPEs: 1EXPL: 2CVE-2017-9147 – LibTIFF - '_TIFFVGetField (tiffsplit)' Out-of-Bounds Read
https://notcve.org/view.php?id=CVE-2017-9147
22 May 2017 — LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file. LibTIFF 4.0.7 tiene una lectura no válida en la función _TIFFVGetField en tif_dir.c, lo que podría permitir a atacantes remotos causar una denegación de servicio (bloqueo) a través de un archivo TIFF manipulado. It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into... • https://packetstorm.news/files/id/143267 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2017-9117 – Ubuntu Security Notice USN-3606-1
https://notcve.org/view.php?id=CVE-2017-9117
21 May 2017 — In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff. En LibTIFF 4.0.7, el programa procesa imágenes BMP sin verificar que biWidth y biHeight en la cabecera de información del bitmap coinciden con la entrada real, lo que lleva a una sobrelectura del búfer basado en heap en bmp2tiff. In LibTIFF 4.0.6 and possibly other versions, the program processes BMP imag... • http://bugzilla.maptools.org/show_bug.cgi?id=2690 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-7596 – Ubuntu Security Notice USN-3602-1
https://notcve.org/view.php?id=CVE-2017-7596
09 Apr 2017 — LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. LibTIFF 4.0.7 tiene un problema de comportamiento "fuera de rango de valores representables del tipo flotante" no definido, lo que podrían permitir a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o posiblemente tener otro impac... • http://www.debian.org/security/2017/dsa-3844 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7595 – Ubuntu Security Notice USN-3602-1
https://notcve.org/view.php?id=CVE-2017-7595
09 Apr 2017 — The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. La función JPEGSetupEncode en tiff_jpeg.c en LibTIFF 4.0.7 permite a atacantes remotos provocar una denegación de servicio (error de división por cero y caída de la aplicación) a través de una imagen manipulada. It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked ... • http://www.debian.org/security/2017/dsa-3844 • CWE-369: Divide By Zero •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-7601 – Ubuntu Security Notice USN-3602-1
https://notcve.org/view.php?id=CVE-2017-7601
09 Apr 2017 — LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. LibTIFF 4.0.7 tiene un problema de comportamiento de "exponente de cambio excesivamente grande para el tipo long de 64 bits" no definido, lo que podrían permitir a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o posiblemente tener otro im... • http://www.debian.org/security/2017/dsa-3844 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7593 – Ubuntu Security Notice USN-3602-1
https://notcve.org/view.php?id=CVE-2017-7593
09 Apr 2017 — tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image. tif_read.c en LibTIFF 4.0.7 no asegura que tif_rawdata se inicialice adecuadamente, lo que podrían permitir a atacantes remotos obtener información sensible de la memoria del proceso a través de una imagen manipulada. It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated ... • http://bugzilla.maptools.org/show_bug.cgi?id=2651 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •