CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1CVE-2022-0924 – libtiff: Out-of-bounds Read error in tiffcp
https://notcve.org/view.php?id=CVE-2022-0924
11 Mar 2022 — Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4. Un error de Lectura Fuera de límites en tiffcp en libtiff versión 4.3.0, permite a atacantes causar una denegación de servicio por medio de un archivo tiff diseñado. Para usuarios que compilan libtiff a partir de las fuentes, la corrección está disponible con el commit 408976c4 A heap buffer overflow... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0924.json • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 2CVE-2022-0891 – libtiff: heap buffer overflow in extractImageSection
https://notcve.org/view.php?id=CVE-2022-0891
09 Mar 2022 — A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact Un desbordamiento del búfer de la pila en la función ExtractImageSection en el archivo tiffcrop.c en libtiff library versión 4.3.0, permite a un atacante desencadenar un acceso no seguro o fuera de límit... • https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 2CVE-2022-0865 – libtiff: reachable assertion
https://notcve.org/view.php?id=CVE-2022-0865
07 Mar 2022 — Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045. Una Aserción Alcanzable en tiffcp en libtiff versión 4.3.0, permite a atacantes causar una denegación de servicio por medio de un archivo tiff diseñado. Para usuarios que compilan libtiff desde las fuentes, la corrección está disponible con el commit 5e180045 A reachable assertion failure was found in lib... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0865.json • CWE-617: Reachable Assertion •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1CVE-2022-0561 – libtiff: Denial of Service via crafted TIFF file
https://notcve.org/view.php?id=CVE-2022-0561
11 Feb 2022 — Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712. Un puntero fuente null pasado como argumento a la función memcpy() dentro de TIFFFetchStripThing() en el archivo tif_dirread.c en libtiff versiones 3.9.0 a 4.3.0, podía conllevar a una denegación de servicio por medio de... • https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-0562 – libtiff: Null source pointer lead to Denial of Service via crafted TIFF file
https://notcve.org/view.php?id=CVE-2022-0562
11 Feb 2022 — Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c. Un puntero fuente null pasado como argumento a la función memcpy() dentro de TIFFReadDirectory() en tif_dirread.c en libtiff versiones desde la 4.0 hasta 4.3.0, podría conllevar a una denegación de servicio por medio de un arch... • https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 2CVE-2022-22844 – libtiff: out-of-bounds read in _TIFFmemcpy() in tif_unix.c
https://notcve.org/view.php?id=CVE-2022-22844
08 Jan 2022 — LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field. LibTIFF versión 4.3.0, presenta una lectura fuera de límites en la función _TIFFmemcpy en el archivo tif_unix.c en determinadas situaciones que implican una etiqueta personalizada y 0x0200 como la segunda palabra del campo DE A buffer overflow vulnerability was found in libtiff. This flaw allows an attacker with network access to pass specially craf... • https://gitlab.com/libtiff/libtiff/-/issues/355 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-19144 – Ubuntu Security Notice USN-5619-1
https://notcve.org/view.php?id=CVE-2020-19144
09 Sep 2021 — Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'in _TIFFmemcpy' funtion in the component 'tif_unix.c'. Un desbordamiento del búfer en LibTiff versión v4.0.10, permite a atacantes causar una denegación de servicio por medio de la función "in _TIFFmemcpy" en el componente "tif_unix.c" It was discovered that LibTIFF was not properly performing the calculation of data that would eventually be used as a reference for bound-checking operations. An attacker could possibly ... • http://bugzilla.maptools.org/show_bug.cgi?id=2852 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 0CVE-2020-19143 – Debian Security Advisory 4997-1
https://notcve.org/view.php?id=CVE-2020-19143
09 Sep 2021 — Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "TIFFVGetField" funtion in the component 'libtiff/tif_dir.c'. Un desbordamiento del búfer en LibTiff versión v4.0.10, permite a atacantes causar una denegación de servicio por medio de la función "TIFFVGetField" en el componente "libtiff/tif_dir.c" It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attac... • http://bugzilla.maptools.org/show_bug.cgi?id=2851 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2020-19131 – libtiff: a buffer overflow via the "invertImage()" may lead to DoS
https://notcve.org/view.php?id=CVE-2020-19131
07 Sep 2021 — Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop". Un desbordamiento del búfer en LibTiff versión v4.0.10, permite a atacantes causar una denegación de servicio por medio de la función "invertImage()" en el componente "tiffcrop" The libtiff package is susceptible to a heap/buffer overflow via the "invertImage()" which may lead to a DoS. The highest threat from this vulnerability is to system availability. Red Hat Adv... • http://blog.topsec.com.cn/%E5%A4%A9%E8%9E%8D%E4%BF%A1%E5%85%B3%E4%BA%8Elibtiff%E4%B8%ADinvertimage%E5%87%BD%E6%95%B0%E5%A0%86%E6%BA%A2%E5%87%BA%E6%BC%8F%E6%B4%9E%E7%9A%84%E5%88%86%E6%9E%90 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2020-35524 – libtiff: Heap-based buffer overflow in TIFF2PDF tool
https://notcve.org/view.php?id=CVE-2020-35524
09 Mar 2021 — A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un error de desbordamiento de búfer en la región heap de la memoria en libtiff en el manejo de imágenes TIFF en la herramienta TIFF2PDF de libtiff. Un archivo TIFF especialmente diseñado puede conllevar a... • https://bugzilla.redhat.com/show_bug.cgi?id=1932044 • CWE-787: Out-of-bounds Write •