CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2016-9453 – Gentoo Linux Security Advisory 201701-16
https://notcve.org/view.php?id=CVE-2016-9453
09 Jan 2017 — The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one. La función t2p_readwrite_pdf_image_tile en LibTIFF permite a atacantes remotos provocar una denegación de servicio (escritura fuera de limites y caída) o posiblemente ejecutar código arbitrario a través de un archivo JPEG manipulado con TIFFTAG_JPEGTABLES de longitud uno. It was di... • http://bugzilla.maptools.org/show_bug.cgi?id=2579 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-9532 – Gentoo Linux Security Advisory 201701-16
https://notcve.org/view.php?id=CVE-2016-9532
09 Jan 2017 — Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file. Desbordamiento de enteros en la función writeBufferToSeparateStrips en tiffcrop.c en LibTIFF en versiones anteriores a 4.0.7 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo tif manipulado. It was discovered that LibTIFF incorrectly handled certain m... • http://bugzilla.maptools.org/show_bug.cgi?id=2592 • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 8%CPEs: 1EXPL: 1CVE-2016-5652 – libtiff: tiff2pdf JPEG Compression Tables Heap Buffer Overflow
https://notcve.org/view.php?id=CVE-2016-5652
06 Jan 2017 — An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means. Existe un desbordamiento de búfer basado en memoria dinámica explotable en el manejo de imágenes TIFF en la herramienta LibTIFF's TIFF2PDF. Un documento TIFF manipulado puede conducir a un desbordamiento de búfer basado en m... • http://rhn.redhat.com/errata/RHSA-2017-0225.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8870 – libtiff: Integer overflow in tools/bmp2tiff.c
https://notcve.org/view.php?id=CVE-2015-8870
06 Dec 2016 — Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file. Desbordamiento de entero en tools/bmp2tiff.c en LibTIFF en versiones anteriores a 4.0.4 permite a atacantes remotos provocar una denegación de servicio (sobre lectura de búfer basado en memoria dinámica), o posiblemente obtener infor... • http://download.osgeo.org/libtiff/tiff-4.0.4.tar.gz • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-9533 – libtiff: PixarLog horizontalDifference heap-buffer-overflow
https://notcve.org/view.php?id=CVE-2016-9533
22 Nov 2016 — tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka "PixarLog horizontalDifference heap-buffer-overflow." tif_pixarlog.c en libtiff 4.0.6 tiene vulnerabilidades de escritura fuera de límites en bufers alojados en memoria dinámica. Reportada como SVR 35094, vulnerabilidad también conocida como "PixarLog horizontalDifference heap-buffer-overflow". The libtiff packages contain a library of functions for manipulating Tagged Image File Fo... • http://rhn.redhat.com/errata/RHSA-2017-0225.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2016-9534 – libtiff: TIFFFlushData1 heap-buffer-overflow
https://notcve.org/view.php?id=CVE-2016-9534
22 Nov 2016 — tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow." tif_write.c en libtiff 4.0.6 tiene un problema en la ruta del código de error de TIFFFlushData1() que no restableció los miembros tif_rawcc y tif_rawcp. Reportado como MSVR 35095, vulnerabilidad también conocida como "TIFFFlushData1 heap-buffer-overflow". The libtiff packages contain a library of functio... • http://rhn.redhat.com/errata/RHSA-2017-0225.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-9535 – libtiff: Predictor heap-buffer-overflow
https://notcve.org/view.php?id=CVE-2016-9535
22 Nov 2016 — tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow." tif_predict.h y tif_predict.c en libtiff 4.0.6 tienen aserciones que pueden conducir a fallos de aserción en modo debug, o desbordamientos de búfer en modo de liberación, cuando trata con un tamaño inusual de tile como YCbCr con sub... • http://rhn.redhat.com/errata/RHSA-2017-0225.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-9536 – libtiff: t2p_process_jpeg_strip heap-buffer-overflow
https://notcve.org/view.php?id=CVE-2016-9536
22 Nov 2016 — tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka "t2p_process_jpeg_strip heap-buffer-overflow." tools/tiff2pdf.c en libtiff 4.0.6 tiene vulnerabilidades de escritura fuera de límites en bufers alojados en memoria dinámica en t2p_process_jpeg_strip(). Reportado como MSVR 35098, vulnerabilidad también conocida como "t2p_process_jpeg_strip heap-buffer-overflow". The libtiff packages contain a library of ... • http://rhn.redhat.com/errata/RHSA-2017-0225.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-9537 – libtiff: Out-of-bounds write vulnerabilities in tools/tiffcrop.c
https://notcve.org/view.php?id=CVE-2016-9537
22 Nov 2016 — tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096, and MSVR 35097. tools/tiffcrop.c en libtiff 4.0.6 tiene vulnerabilidades de escritura fuera de límites en bufers. Reportado como MSVR 35093, MSVR 35096 y MSVR 35097. The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Security Fix: Multiple flaws have been discovered in libtiff. • http://rhn.redhat.com/errata/RHSA-2017-0225.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-9538 – Ubuntu Security Notice USN-3212-1
https://notcve.org/view.php?id=CVE-2016-9538
22 Nov 2016 — tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100. tools/tiffcrop.c en libtiff 4.0.6 lee un búfer no definido en readContigStripsIntoBuffer() a causa de un desbordamiento de entero uint16. Reportado como MSVR 35100. It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the... • http://www.debian.org/security/2017/dsa-3762 • CWE-190: Integer Overflow or Wraparound •