CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-0562 – libtiff: Null source pointer lead to Denial of Service via crafted TIFF file
https://notcve.org/view.php?id=CVE-2022-0562
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c. Un puntero fuente null pasado como argumento a la función memcpy() dentro de TIFFReadDirectory() en tif_dirread.c en libtiff versiones desde la 4.0 hasta 4.3.0, podría conllevar a una denegación de servicio por medio de un archivo TIFF diseñado. Para usuarios que compilan libtiff a partir de las fuentes, una corrección está disponible con el commit 561599c A flaw was found in libtiff where a NULL source pointer passed as an argument to the memcpy() function within the TIFFReadDirectory() in tif_dirread.c. This flaw allows an attacker to exploit this vulnerability via a crafted TIFF file, causing a crash and leading to a denial of service. • https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0562.json https://gitlab.com/libtiff/libtiff/-/issues/362 https://lists.debian.org/debian-lts-announce/2022/03/msg00001.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZEHZ35XVO2VBZ4HHCMM6J6TQIDSBQOM https://security.gentoo.org/glsa/202210-10 https://security.netapp.com/advisory/ • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2020-35524 – libtiff: Heap-based buffer overflow in TIFF2PDF tool
https://notcve.org/view.php?id=CVE-2020-35524
A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un error de desbordamiento de búfer en la región heap de la memoria en libtiff en el manejo de imágenes TIFF en la herramienta TIFF2PDF de libtiff. Un archivo TIFF especialmente diseñado puede conllevar a una ejecución de código arbitraria. • https://bugzilla.redhat.com/show_bug.cgi?id=1932044 https://gitlab.com/libtiff/libtiff/-/merge_requests/159 https://gitlab.com/rzkn/libtiff/-/commit/7be2e452ddcf6d7abca88f41d3761e6edab72b22 https://lists.debian.org/debian-lts-announce/2021/06/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG https://security.gentoo.org/glsa/202104-06 https://security.netapp.com/advisory/ntap-20210521-0009 https://www.debian.org/se • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-35522 – libtiff: Memory allocation failure in tiff2rgba
https://notcve.org/view.php?id=CVE-2020-35522
In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack. En LibTIFF, se presenta un fallo de memoria malloc en el archivo tif_pixarlog.c. Un documento TIFF diseñado puede conllevar a un aborto, resultando en un ataque de denegación de servicio remota • https://bugzilla.redhat.com/show_bug.cgi?id=1932037 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG https://security.gentoo.org/glsa/202104-06 https://security.netapp.com/advisory/ntap-20210521-0009 https://access.redhat.com/security/cve/CVE-2020-35522 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-35521 – libtiff: Memory allocation failure in tiff2rgba
https://notcve.org/view.php?id=CVE-2020-35521
A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service. Se encontró un fallo en libtiff. Debido a un fallo en la asignación de memoria en el archivo tif_read.c, un archivo TIFF diseñado puede provocar un aborto, resultando en una denegación de servicio • https://bugzilla.redhat.com/show_bug.cgi?id=1932034 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG https://security.gentoo.org/glsa/202104-06 https://security.netapp.com/advisory/ntap-20210521-0009 https://access.redhat.com/security/cve/CVE-2020-35521 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-35523 – libtiff: Integer overflow in tif_getimage.c
https://notcve.org/view.php?id=CVE-2020-35523
An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo de desbordamiento de enteros en libtiff que existe en el archivo tif_getimage.c. Este fallo permite a un atacante inyectar y ejecutar código arbitrario cuando un usuario abre un archivo TIFF diseñado. • https://bugzilla.redhat.com/show_bug.cgi?id=1932040 https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2 https://gitlab.com/libtiff/libtiff/-/merge_requests/160 https://lists.debian.org/debian-lts-announce/2021/06/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG https://security.gentoo.org/glsa/202104-06 https://security.netapp.com/advisory/ntap-20210521-0009 https://www.debian.org/ • CWE-190: Integer Overflow or Wraparound •