CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-9539 – Ubuntu Security Notice USN-3212-1
https://notcve.org/view.php?id=CVE-2016-9539
22 Nov 2016 — tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092. tools/tiffcrop.c en libtiff 4.0.6 tiene una lectura fuera de límites en readContigTilesIntoBuffer(). Reportado como MSVR 35092. It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary... • http://www.securityfocus.com/bid/94484 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-9540 – libtiff: cpStripToTile heap-buffer-overflow
https://notcve.org/view.php?id=CVE-2016-9540
22 Nov 2016 — tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow." tools/tiffcp.c en libtiff 4.0.6 tiene una escritura fuera de límites en imágenes tiled con un ancho de tile extraño frente al ancho de la imagen. Reportado como MSVR 35103, vulnerabilidad también conocida como "cpStripToTile heap-buffer-overflow". The libtiff packages contain a library of functions for manipulating Tagged Image F... • http://rhn.redhat.com/errata/RHSA-2017-0225.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 8%CPEs: 1EXPL: 1CVE-2016-8331 – Gentoo Linux Security Advisory 201701-16
https://notcve.org/view.php?id=CVE-2016-8331
28 Oct 2016 — An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the application using LibTIFF's tag extension functionality. Existe una vulnerabilidad de ejecución remota de código explotable en el manejo de imágenes TIFF en LibTIFF versión 4.0.6. Un documento TIFF manipulado puede llevar a u... • http://www.securityfocus.com/bid/93898 •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 2CVE-2016-3619 – Gentoo Linux Security Advisory 201701-16
https://notcve.org/view.php?id=CVE-2016-3619
03 Oct 2016 — The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c none" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image. La función DumpModeEncode en tif_dumpmode.c en la herramienta bmp2tiff en LibTIFF 4.0.6 y versiones anteriores, cuando la opción "-c none" es usada, permite a atacantes remotos provocar una denegación de servicio (sobre lectura del búfer) a través de una imagen BMP manipulada. macOS... • http://bugzilla.maptools.org/show_bug.cgi?id=2567 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2CVE-2016-3620 – Gentoo Linux Security Advisory 201701-16
https://notcve.org/view.php?id=CVE-2016-3620
03 Oct 2016 — The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c zip" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image. La función ZIPEncode en tif_zip.c en la herramienta bmp2tiff en LibTIFF 4.0.6 y en versiones anteriores, cuando la opción "-c zip" es utilizada, permite a atacantes remotos provocar una denegación de servicio (sobre lectura de búfer) a través de una imagen BMP manipulada. Multiple vulnerabilit... • http://bugzilla.maptools.org/show_bug.cgi?id=2570 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3621 – Gentoo Linux Security Advisory 201701-16
https://notcve.org/view.php?id=CVE-2016-3621
03 Oct 2016 — The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c lzw" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image. La función LZWEncode en tif_lzw.c en la herramienta bmp2tiff en LibTIFF 4.0.6 y versiones anteriores, cuando la opción "-c lzw" es utilizada, permite a atacantes remotos provocar una denegación de servicios (sobre lectura de búfer) a través de una imagen BMP manipulada. Multiple vulnerabilitie... • http://bugzilla.maptools.org/show_bug.cgi?id=2565 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2016-3622 – Gentoo Linux Security Advisory 201701-16
https://notcve.org/view.php?id=CVE-2016-3622
03 Oct 2016 — The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image. La función fpAcc en tif_predict.c en la herramienta tiff2rgba en LibTIFF 4.0.6 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (error de división por cero) a través de una imagen TIFF manipulada. It was discovered that LibTIFF incorrectly handled certain malformed images. If a user o... • http://www.debian.org/security/2017/dsa-3762 • CWE-369: Divide By Zero •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 2CVE-2016-3623 – Gentoo Linux Security Advisory 201701-16
https://notcve.org/view.php?id=CVE-2016-3623
03 Oct 2016 — The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0. La herramienta rgb2ycbcr en LibTIFF 4.0.6 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (división por cero) estableciendo el parámetro (1) v o (2) h a 0. It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted ... • http://bugzilla.maptools.org/show_bug.cgi?id=2569 • CWE-369: Divide By Zero •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2CVE-2016-3624 – Gentoo Linux Security Advisory 201701-16
https://notcve.org/view.php?id=CVE-2016-3624
03 Oct 2016 — The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the "-v" option to -1. La función cvtClump en la herramienta rgb2ycbcr en LibTIFF 4.0.6 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (escritura fuera de límites) estableciendo la opción "-v" a -1. It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tr... • http://bugzilla.maptools.org/show_bug.cgi?id=2568 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3625 – Gentoo Linux Security Advisory 201701-16
https://notcve.org/view.php?id=CVE-2016-3625
03 Oct 2016 — tif_read.c in the tiff2bw tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image. tif_read.c en la herramienta tiff2bw en LibTIFF 4.0.6 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de una imagen TIFF manipulada. Multiple vulnerabilities have been found in libTIFF, the worst of which may allow execution of arbitrary code. Versions less than 4.0.7 are affe... • http://bugzilla.maptools.org/show_bug.cgi?id=2566 • CWE-125: Out-of-bounds Read •