CVSS: 6.5EPSS: 1%CPEs: 3EXPL: 0CVE-2014-9655 – libtiff: use of uninitialized memory in putcontig8bitYCbCr21tile and NeXTDecode
https://notcve.org/view.php?id=CVE-2014-9655
30 Mar 2015 — The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif. La función (1) putcontig8bitYCbCr21tile en tif_getimage.c o la función (2) NeXTDecode en tif_next.c in LibTIFF permite a atacantes remotos provocar una denegación de servicio (acceso a memoria no inicializada) a través de una image... • http://openwall.com/lists/oss-security/2015/02/07/5 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-8128 – Gentoo Linux Security Advisory 201701-16
https://notcve.org/view.php?id=CVE-2014-8128
30 Mar 2015 — LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image. LibTIFF versiones anteriores a 4.0.4, como es usado en Apple iOS versiones anteriores a 8.4 y OS X versiones anteriores a 10.10.4 y otros productos, permite a atacantes remotos causar una denegación de servicio (escritura fuera de límites) por medio de una imagen TIFF diseñada. William Robinet discovered that ... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 5%CPEs: 3EXPL: 2CVE-2015-1547 – libtiff: use of uninitialized memory in NeXTDecode
https://notcve.org/view.php?id=CVE-2015-1547
30 Mar 2015 — The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif. La función NeXTDecode en tif_next.c en LibTIFF permite a atacantes remotos provocar una denegación de servicio (acceso a memoria no inicializada) a través de una imagen TIFF manipulada, según lo demostrado por libtiff5.tif. The libtiff packages contain a library of functions for manipulating Tagged Image File Format fil... • http://openwall.com/lists/oss-security/2015/01/24/16 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 18%CPEs: 61EXPL: 0CVE-2013-4243 – (gif2tiff): possible heap-based buffer overflow in readgifimage()
https://notcve.org/view.php?id=CVE-2013-4243
10 Sep 2013 — Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image. Desbordamiento de buffer de memoria dinámica en la función readgifimage de la herramienta gif2tiff en libtiff 4.0.3 y anteriores permite a un atacante remoto causar una denegación de servicio (cuelgue) y posiblemente ejecutar código a discrección a través... • http://bugzilla.maptools.org/show_bug.cgi?id=2451 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 1%CPEs: 59EXPL: 0CVE-2013-4244 – (gif2tiff): OOB Write in LZW decompressor
https://notcve.org/view.php?id=CVE-2013-4244
27 Aug 2013 — The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image. El decompresor LZW en la utilidad gif2tiff de libtiff 4.0.3 y anteriores permite a un atacante dependiente de contexto causar una denegación de servicio (escritura fuera de rango y caída) o posiblemente ejecutar código a discrección a través de una imagen GIF manipulada. Pedro Ribeiro... • http://bugzilla.maptools.org/show_bug.cgi?id=2452 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 21%CPEs: 10EXPL: 0CVE-2013-4231 – (gif2tiff): GIF LZW decoder missing datasize value check
https://notcve.org/view.php?id=CVE-2013-4231
23 Aug 2013 — Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size. Múltiples desbordamientos de búfer en libtiff anterior a 4.0.3 que permite a atacantes remotos provocar una denegació... • http://bugzilla.maptools.org/show_bug.cgi?id=2450 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 6%CPEs: 49EXPL: 0CVE-2013-1960 – (tiff2pdf): Heap-based buffer overflow in t2_process_jpeg_strip()
https://notcve.org/view.php?id=CVE-2013-1960
21 May 2013 — Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file. Desbordamiento de búfer basado en memoria dinámica en la función tp_process_jpeg_strip en tiff2pdf en libtiff 4.0.3 y anteriores, permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente la ejecución arbitraria de código a través de una imagen TIF... • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104916.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 2%CPEs: 49EXPL: 0CVE-2013-1961 – (tiff2pdf): Stack-based buffer overflow with malformed image-length and resolution
https://notcve.org/view.php?id=CVE-2013-1961
21 May 2013 — Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file. Desbordamiento de búfer basado en función t2p_write_pdf_page en tiff2pdf in libtiff anterior a 4.0.3 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través la manipulación del alto de la imagen y la resolución en un archivo de imagen TI... • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104916.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 1%CPEs: 57EXPL: 0CVE-2012-5581 – libtiff: Stack-based buffer overflow when reading a tiled tiff file
https://notcve.org/view.php?id=CVE-2012-5581
04 Jan 2013 — Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image. Desbordamiento de búfer basado en pila en tif_dir.c en LibTIFF anteriores a v4.0.2, permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección a través de una etiqueta DOTRANGE manipulada en una imagen TIFF. • http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 26%CPEs: 16EXPL: 1CVE-2012-4564 – libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file
https://notcve.org/view.php?id=CVE-2012-4564
11 Nov 2012 — ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow. ppm2tiff no comprueba el valor devuelto por la función TIFFScanlineSize, lo que permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de una image... • http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.html • CWE-122: Heap-based Buffer Overflow •