CVSS: 7.8EPSS: 1%CPEs: 24EXPL: 0CVE-2024-7006 – Libtiff: null pointer dereference in tif_dirinfo.c
https://notcve.org/view.php?id=CVE-2024-7006
08 Aug 2024 — A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service. USN-6997-1 fixed a vulnerability in LibTIFF. This update provides the corresponding updates for Ubuntu 14.04 LTS. • https://access.redhat.com/security/cve/CVE-2024-7006 • CWE-476: NULL Pointer Dereference CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.8EPSS: 2%CPEs: 3EXPL: 0CVE-2023-52356 – Libtiff: segment fault in libtiff in tiffreadrgbatileext() leading to denial of service
https://notcve.org/view.php?id=CVE-2023-52356
25 Jan 2024 — A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. Se encontró un fallo de falla de segmento (SEGV) en libtiff que podría activarse al pasar un archivo tiff diseñado a la API TIFFReadRGBATileExt(). Este fallo permite que un atacante remoto provoque un desbordamiento de búfer en la región Heap de la memoria, lo que lleva a u... • https://access.redhat.com/security/cve/CVE-2023-52356 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-52355 – Libtiff: tiffrasterscanlinesize64 produce too-big size and could cause oom
https://notcve.org/view.php?id=CVE-2023-52355
25 Jan 2024 — An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB. Se encontró un fallo de falta de memoria en libtiff que podría activarse al pasar un archivo tiff diseñado a la API TIFFRasterScanlineSize64(). Este fallo permite que un atacante remoto provoque una denegación de servicio a través de una entrada manipulada c... • https://access.redhat.com/security/cve/CVE-2023-52355 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-6228 – Libtiff: heap-based buffer overflow in cpstriptotile() in tools/tiffcp.c
https://notcve.org/view.php?id=CVE-2023-6228
18 Dec 2023 — An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash. Se encontró un problema en la utilidad tiffcp distribuida por el paquete libtiff donde un archivo TIFF manipulado durante el procesamiento puede provocar un desbordamiento de búfer de almacenamiento dinámico y provocar un bloqueo de la aplicación. USN-6644-1 fixed vulnerabilities in LibTIFF. This update provides the correspo... • https://access.redhat.com/errata/RHSA-2024:2289 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 2%CPEs: 6EXPL: 1CVE-2023-6277 – Libtiff: out-of-memory in tiffopen via a craft file
https://notcve.org/view.php?id=CVE-2023-6277
24 Nov 2023 — An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB. Se encontró un error de falta de memoria en libtiff. Pasar un archivo tiff manipulado a la API TIFFOpen() puede permitir que un atacante remoto provoque una denegación de servicio a través de una entrada artesanal con un tamaño inferior a 379 KB. USN-6644-1 fixed vulnerabilities in LibTIFF. • https://access.redhat.com/security/cve/CVE-2023-6277 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-3164 – Heap-buffer-overflow in extractimagesection()
https://notcve.org/view.php?id=CVE-2023-3164
02 Nov 2023 — A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file. Se encontró un error de lectura fuera de los límites en el paquete gawk de buildin.c. Este problema puede provocar un bloqueo y podría utilizarse para leer información confidencial. It was discovered that LibTIFF incorrectly handled memory when performing certain cropping operations, leading to... • https://access.redhat.com/security/cve/CVE-2023-3164 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-41175 – Libtiff: potential integer overflow in raw2tiff.c
https://notcve.org/view.php?id=CVE-2023-41175
05 Oct 2023 — A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. Se encontró una vulnerabilidad en libtiff debido a múltiples posibles desbordamientos de enteros en raw2tiff.c. Esta falla permite a atacantes remotos provocar una denegación de servicio o posiblemente ejecutar un código arbitrario a través de ... • https://access.redhat.com/errata/RHSA-2024:2289 • CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-40745 – Libtiff: integer overflow in tiffcp.c
https://notcve.org/view.php?id=CVE-2023-40745
05 Oct 2023 — LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. LibTIFF es vulnerable a un desbordamiento de enteros. Esta falla permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o posiblemente ejecutar un código arbitrario a través de una imagen tiff manipulada, lo que desencadena un desbordamient... • https://access.redhat.com/errata/RHSA-2024:2289 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-3576 – Libtiff: memory leak in tiffcrop.c
https://notcve.org/view.php?id=CVE-2023-3576
04 Oct 2023 — A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service. Se encontró una falla de pérdida de memoria en la utilidad tiffcrop de Libatiff. Este problema se produce cuando tiffcrop opera en un archivo de imagen TIFF, lo que permite a un atacante pasar un archi... • https://access.redhat.com/errata/RHSA-2023:6575 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-40090 – libtiff: infinite loop via a crafted TIFF file
https://notcve.org/view.php?id=CVE-2022-40090
22 Aug 2023 — An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file. Se ha descubierto un problema en la función TIFFReadDirectory de libtiff anterior a 4.4.0 que permite a los atacantes provocar una denegación de servicio a través de un archivo TIFF manipulado. A flaw was found in the libtiff library. This issue allows an attacker who can submit a specially crafted file to an application linked with libtiff to cause an infinite loop... • https://gitlab.com/libtiff/libtiff/-/issues/455 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •