CRITICAL9.3
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
CVSS 2.0CRITICAL 9.3
CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:C
Severity:
Closed issues (67)
CRITICAL9.3
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
CVSS 2.0CRITICAL 9.3
CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:CCRITICAL9.3
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
CVSS 2.0CRITICAL 9.3
CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:CCRITICAL9.3
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
CVSS 2.0CRITICAL 9.3
CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:CCRITICAL9.3
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
CVSS 2.0CRITICAL 9.3
CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:CCRITICAL9.3
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
CVSS 2.0CRITICAL 9.3
CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:CCRITICAL9.3
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
CVSS 2.0CRITICAL 9.3
CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:CCRITICAL9.3
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
CVSS 2.0CRITICAL 9.3
CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:CCRITICAL9.3
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
CVSS 2.0CRITICAL 9.3
CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:CCRITICAL9.3
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
CVSS 2.0CRITICAL 9.3
CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:CCRITICAL9.3
Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
CVSS 2.0CRITICAL 9.3
CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:CMEDIUM4.3
Уязвимость библиотеки LibTIFF, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PReferences
MEDIUM4.3
Уязвимость библиотеки LibTIFF, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PReferences
MEDIUM4.3
Уязвимость библиотеки LibTIFF, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PReferences
MEDIUM4.3
Уязвимость библиотеки LibTIFF, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PReferences
MEDIUM5.0
Уязвимость библиотеки LibTIFF, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:PReferences
MEDIUM5.0
Уязвимость библиотеки LibTIFF, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:PReferences
MEDIUM5.0
Уязвимость библиотеки LibTIFF, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:PReferences
MEDIUM4.3
Уязвимость библиотеки LibTIFF, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PReferences
MEDIUM5.0
Уязвимость библиотеки LibTIFF, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:PReferences
MEDIUM4.3
Уязвимость операционной системы openSUSE, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PReferences
MEDIUM4.3
Уязвимость библиотеки LibTIFF, позволяющая нарушителю вызвать аварийное завершение работы приложения
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PReferences
MEDIUM4.3
Уязвимость библиотеки LibTIFF, позволяющая нарушителю получить несанкционированный доступ к устройству
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PReferences
MEDIUM4.3
Уязвимость библиотеки LibTIFF, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PMEDIUM6.8
ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow.
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:PReferences
- http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.html
- http://rhn.redhat.com/errata/RHSA-2012-1590.html
- http://secunia.com/advisories/51133
- http://www.debian.org/security/2012/dsa-2575
- http://www.openwall.com/lists/oss-security/2012/11/02/3
- http://www.openwall.com/lists/oss-security/2012/11/02/7
- http://www.osvdb.org/86878
- http://www.securityfocus.com/bid/56372
- http://www.ubuntu.com/usn/USN-1631-1
- https://bugzilla.redhat.com/show_bug.cgi?id=871700
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79750
- http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.html
- http://rhn.redhat.com/errata/RHSA-2012-1590.html
- http://secunia.com/advisories/51133
- http://www.debian.org/security/2012/dsa-2575
- http://www.openwall.com/lists/oss-security/2012/11/02/3
- http://www.openwall.com/lists/oss-security/2012/11/02/7
- http://www.osvdb.org/86878
- http://www.securityfocus.com/bid/56372
- http://www.ubuntu.com/usn/USN-1631-1
- https://bugzilla.redhat.com/show_bug.cgi?id=871700
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79750
CRITICAL9.3
Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file.
CVSS 2.0CRITICAL 9.3
CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:CReferences
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104916.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105253.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105828.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00058.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00080.html
- http://rhn.redhat.com/errata/RHSA-2014-0223.html
- http://seclists.org/oss-sec/2013/q2/254
- http://secunia.com/advisories/53237
- http://secunia.com/advisories/53765
- http://www.debian.org/security/2013/dsa-2698
- http://www.securityfocus.com/bid/59609
- https://bugzilla.redhat.com/show_bug.cgi?id=952158
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104916.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105253.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105828.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00058.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00080.html
- http://rhn.redhat.com/errata/RHSA-2014-0223.html
- http://seclists.org/oss-sec/2013/q2/254
- http://secunia.com/advisories/53237
- http://secunia.com/advisories/53765
- http://www.debian.org/security/2013/dsa-2698
- http://www.securityfocus.com/bid/59609
- https://bugzilla.redhat.com/show_bug.cgi?id=952158
CRITICAL9.3
Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file.
CVSS 2.0CRITICAL 9.3
CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:CReferences
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104916.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105253.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105828.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00058.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00080.html
- http://rhn.redhat.com/errata/RHSA-2014-0223.html
- http://seclists.org/oss-sec/2013/q2/254
- http://secunia.com/advisories/53237
- http://secunia.com/advisories/53765
- http://www.debian.org/security/2013/dsa-2698
- http://www.securityfocus.com/bid/59607
- https://bugzilla.redhat.com/show_bug.cgi?id=952131
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104916.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105253.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105828.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00058.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00080.html
- http://rhn.redhat.com/errata/RHSA-2014-0223.html
- http://seclists.org/oss-sec/2013/q2/254
- http://secunia.com/advisories/53237
- http://secunia.com/advisories/53765
- http://www.debian.org/security/2013/dsa-2698
- http://www.securityfocus.com/bid/59607
- https://bugzilla.redhat.com/show_bug.cgi?id=952131
MEDIUM6.8
Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted TIFF image.
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:PReferences
- http://bugzilla.maptools.org/show_bug.cgi?id=2449
- http://rhn.redhat.com/errata/RHSA-2014-0223.html
- http://secunia.com/advisories/54543
- http://secunia.com/advisories/54628
- http://www.asmail.be/msg0055359936.html
- http://www.debian.org/security/2013/dsa-2744
- http://www.openwall.com/lists/oss-security/2013/08/10/2
- https://bugzilla.redhat.com/show_bug.cgi?id=995975
- http://bugzilla.maptools.org/show_bug.cgi?id=2449
- http://rhn.redhat.com/errata/RHSA-2014-0223.html
- http://secunia.com/advisories/54543
- http://secunia.com/advisories/54628
- http://www.asmail.be/msg0055359936.html
- http://www.debian.org/security/2013/dsa-2744
- http://www.openwall.com/lists/oss-security/2013/08/10/2
- https://bugzilla.redhat.com/show_bug.cgi?id=995975
MEDIUM6.8
Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image.
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:PReferences
- http://bugzilla.maptools.org/show_bug.cgi?id=2451
- http://rhn.redhat.com/errata/RHSA-2014-0223.html
- http://secunia.com/advisories/54543
- http://secunia.com/advisories/54628
- http://www.debian.org/security/2013/dsa-2744
- http://www.securityfocus.com/bid/62082
- https://bugzilla.redhat.com/show_bug.cgi?id=996052
- https://security.gentoo.org/glsa/201701-16
- http://bugzilla.maptools.org/show_bug.cgi?id=2451
- http://rhn.redhat.com/errata/RHSA-2014-0223.html
- http://secunia.com/advisories/54543
- http://secunia.com/advisories/54628
- http://www.debian.org/security/2013/dsa-2744
- http://www.securityfocus.com/bid/62082
- https://bugzilla.redhat.com/show_bug.cgi?id=996052
- https://security.gentoo.org/glsa/201701-16
MEDIUM6.8
The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image.
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:PReferences
- http://bugzilla.maptools.org/show_bug.cgi?id=2452
- http://rhn.redhat.com/errata/RHSA-2014-0223.html
- https://bugzilla.redhat.com/show_bug.cgi?id=996468
- https://github.com/vadz/libtiff/commit/ce6841d9e41d621ba23cf18b190ee6a23b2cc833
- http://bugzilla.maptools.org/show_bug.cgi?id=2452
- http://rhn.redhat.com/errata/RHSA-2014-0223.html
- https://bugzilla.redhat.com/show_bug.cgi?id=996468
- https://github.com/vadz/libtiff/commit/ce6841d9e41d621ba23cf18b190ee6a23b2cc833
MEDIUM6.5
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PCVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HReferences
- http://bugzilla.maptools.org/show_bug.cgi?id=2484
- http://bugzilla.maptools.org/show_bug.cgi?id=2485
- http://bugzilla.maptools.org/show_bug.cgi?id=2486
- http://bugzilla.maptools.org/show_bug.cgi?id=2496
- http://bugzilla.maptools.org/show_bug.cgi?id=2497
- http://bugzilla.maptools.org/show_bug.cgi?id=2500
- http://lists.opensuse.org/opensuse-updates/2015-03/msg00022.html
- http://rhn.redhat.com/errata/RHSA-2016-1546.html
- http://rhn.redhat.com/errata/RHSA-2016-1547.html
- http://www.conostix.com/pub/adv/CVE-2014-8127-LibTIFF-Out-of-bounds_Reads.txt
- http://www.debian.org/security/2015/dsa-3273
- http://www.openwall.com/lists/oss-security/2015/01/24/15
- http://www.securityfocus.com/bid/72323
- http://www.securitytracker.com/id/1032760
- https://security.gentoo.org/glsa/201701-16
- http://bugzilla.maptools.org/show_bug.cgi?id=2484
- http://bugzilla.maptools.org/show_bug.cgi?id=2485
- http://bugzilla.maptools.org/show_bug.cgi?id=2486
- http://bugzilla.maptools.org/show_bug.cgi?id=2496
- http://bugzilla.maptools.org/show_bug.cgi?id=2497
- http://bugzilla.maptools.org/show_bug.cgi?id=2500
- http://lists.opensuse.org/opensuse-updates/2015-03/msg00022.html
- http://rhn.redhat.com/errata/RHSA-2016-1546.html
- http://rhn.redhat.com/errata/RHSA-2016-1547.html
- http://www.conostix.com/pub/adv/CVE-2014-8127-LibTIFF-Out-of-bounds_Reads.txt
- http://www.debian.org/security/2015/dsa-3273
- http://www.openwall.com/lists/oss-security/2015/01/24/15
- http://www.securityfocus.com/bid/72323
- http://www.securitytracker.com/id/1032760
- https://security.gentoo.org/glsa/201701-16
HIGH8.8
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c.
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:PCVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- http://bugzilla.maptools.org/show_bug.cgi?id=2487
- http://bugzilla.maptools.org/show_bug.cgi?id=2488
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
- http://openwall.com/lists/oss-security/2015/01/24/15
- http://rhn.redhat.com/errata/RHSA-2016-1546.html
- http://rhn.redhat.com/errata/RHSA-2016-1547.html
- http://support.apple.com/kb/HT204941
- http://support.apple.com/kb/HT204942
- http://www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt
- http://www.securityfocus.com/bid/72352
- http://www.securitytracker.com/id/1032760
- https://bugzilla.redhat.com/show_bug.cgi?id=1185815
- https://security.gentoo.org/glsa/201701-16
- https://www.debian.org/security/2015/dsa-3273
- http://bugzilla.maptools.org/show_bug.cgi?id=2487
- http://bugzilla.maptools.org/show_bug.cgi?id=2488
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
- http://openwall.com/lists/oss-security/2015/01/24/15
- http://rhn.redhat.com/errata/RHSA-2016-1546.html
- http://rhn.redhat.com/errata/RHSA-2016-1547.html
- http://support.apple.com/kb/HT204941
- http://support.apple.com/kb/HT204942
- http://www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt
- http://www.securityfocus.com/bid/72352
- http://www.securitytracker.com/id/1032760
- https://bugzilla.redhat.com/show_bug.cgi?id=1185815
- https://security.gentoo.org/glsa/201701-16
- https://www.debian.org/security/2015/dsa-3273
MEDIUM6.5
The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PCVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HReferences
- http://bugzilla.maptools.org/show_bug.cgi?id=2483
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
- http://openwall.com/lists/oss-security/2015/01/24/15
- http://rhn.redhat.com/errata/RHSA-2016-1546.html
- http://rhn.redhat.com/errata/RHSA-2016-1547.html
- http://support.apple.com/kb/HT204941
- http://support.apple.com/kb/HT204942
- http://www.conostix.com/pub/adv/CVE-2014-8130-LibTIFF-Division_By_Zero.txt
- http://www.securityfocus.com/bid/72353
- http://www.securitytracker.com/id/1032760
- https://bugzilla.redhat.com/show_bug.cgi?id=1185817
- https://github.com/vadz/libtiff/commit/3c5eb8b1be544e41d2c336191bc4936300ad7543
- https://security.gentoo.org/glsa/201701-16
- http://bugzilla.maptools.org/show_bug.cgi?id=2483
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
- http://openwall.com/lists/oss-security/2015/01/24/15
- http://rhn.redhat.com/errata/RHSA-2016-1546.html
- http://rhn.redhat.com/errata/RHSA-2016-1547.html
- http://support.apple.com/kb/HT204941
- http://support.apple.com/kb/HT204942
- http://www.conostix.com/pub/adv/CVE-2014-8130-LibTIFF-Division_By_Zero.txt
- http://www.securityfocus.com/bid/72353
- http://www.securitytracker.com/id/1032760
- https://bugzilla.redhat.com/show_bug.cgi?id=1185817
- https://github.com/vadz/libtiff/commit/3c5eb8b1be544e41d2c336191bc4936300ad7543
- https://security.gentoo.org/glsa/201701-16
MEDIUM5.0
Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) via crafted BMP image, related to dimensions, which triggers an out-of-bounds read.
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:PReferences
- http://bugzilla.maptools.org/show_bug.cgi?id=2494
- http://rhn.redhat.com/errata/RHSA-2016-1546.html
- http://rhn.redhat.com/errata/RHSA-2016-1547.html
- http://seclists.org/fulldisclosure/2014/Dec/97
- http://www.debian.org/security/2015/dsa-3273
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/71789
- http://www.securitytracker.com/id/1031442
- https://security.gentoo.org/glsa/201701-16
- http://bugzilla.maptools.org/show_bug.cgi?id=2494
- http://rhn.redhat.com/errata/RHSA-2016-1546.html
- http://rhn.redhat.com/errata/RHSA-2016-1547.html
- http://seclists.org/fulldisclosure/2014/Dec/97
- http://www.debian.org/security/2015/dsa-3273
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/71789
- http://www.securitytracker.com/id/1031442
- https://security.gentoo.org/glsa/201701-16
MEDIUM6.5
The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif.
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PCVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HReferences
- http://openwall.com/lists/oss-security/2015/02/07/5
- http://rhn.redhat.com/errata/RHSA-2016-1546.html
- http://rhn.redhat.com/errata/RHSA-2016-1547.html
- http://www.debian.org/security/2015/dsa-3273
- http://www.debian.org/security/2016/dsa-3467
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- https://security.gentoo.org/glsa/201701-16
- http://openwall.com/lists/oss-security/2015/02/07/5
- http://rhn.redhat.com/errata/RHSA-2016-1546.html
- http://rhn.redhat.com/errata/RHSA-2016-1547.html
- http://www.debian.org/security/2015/dsa-3273
- http://www.debian.org/security/2016/dsa-3467
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- https://security.gentoo.org/glsa/201701-16
MEDIUM6.5
The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif.
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PCVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HReferences
- http://openwall.com/lists/oss-security/2015/01/24/16
- http://openwall.com/lists/oss-security/2015/02/07/5
- http://rhn.redhat.com/errata/RHSA-2016-1546.html
- http://rhn.redhat.com/errata/RHSA-2016-1547.html
- http://www.debian.org/security/2016/dsa-3467
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/73438
- https://security.gentoo.org/glsa/201701-16
- http://openwall.com/lists/oss-security/2015/01/24/16
- http://openwall.com/lists/oss-security/2015/02/07/5
- http://rhn.redhat.com/errata/RHSA-2016-1546.html
- http://rhn.redhat.com/errata/RHSA-2016-1547.html
- http://www.debian.org/security/2016/dsa-3467
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/73438
- https://security.gentoo.org/glsa/201701-16
MEDIUM6.5
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782.
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PCVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HReferences
- http://bugzilla.maptools.org/show_bug.cgi?id=2522#c0
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00058.html
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00064.html
- http://rhn.redhat.com/errata/RHSA-2016-1546.html
- http://rhn.redhat.com/errata/RHSA-2016-1547.html
- http://www.debian.org/security/2016/dsa-3467
- http://www.openwall.com/lists/oss-security/2016/01/24/3
- http://www.openwall.com/lists/oss-security/2016/01/24/7
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/81730
- http://www.ubuntu.com/usn/USN-2939-1
- https://security.gentoo.org/glsa/201701-16
- http://bugzilla.maptools.org/show_bug.cgi?id=2522#c0
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00058.html
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00064.html
- http://rhn.redhat.com/errata/RHSA-2016-1546.html
- http://rhn.redhat.com/errata/RHSA-2016-1547.html
- http://www.debian.org/security/2016/dsa-3467
- http://www.openwall.com/lists/oss-security/2016/01/24/3
- http://www.openwall.com/lists/oss-security/2016/01/24/7
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/81730
- http://www.ubuntu.com/usn/USN-2939-1
- https://security.gentoo.org/glsa/201701-16
MEDIUM6.5
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781.
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PCVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HReferences
- http://bugzilla.maptools.org/show_bug.cgi?id=2522
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00058.html
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00064.html
- http://rhn.redhat.com/errata/RHSA-2016-1546.html
- http://rhn.redhat.com/errata/RHSA-2016-1547.html
- http://www.debian.org/security/2016/dsa-3467
- http://www.openwall.com/lists/oss-security/2016/01/24/3
- http://www.openwall.com/lists/oss-security/2016/01/24/7
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/81730
- http://www.ubuntu.com/usn/USN-2939-1
- https://security.gentoo.org/glsa/201701-16
- http://bugzilla.maptools.org/show_bug.cgi?id=2522
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00058.html
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00064.html
- http://rhn.redhat.com/errata/RHSA-2016-1546.html
- http://rhn.redhat.com/errata/RHSA-2016-1547.html
- http://www.debian.org/security/2016/dsa-3467
- http://www.openwall.com/lists/oss-security/2016/01/24/3
- http://www.openwall.com/lists/oss-security/2016/01/24/7
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/81730
- http://www.ubuntu.com/usn/USN-2939-1
- https://security.gentoo.org/glsa/201701-16
MEDIUM6.5
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image.
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PCVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HReferences
- http://bugzilla.maptools.org/show_bug.cgi?id=2522
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00058.html
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00064.html
- http://rhn.redhat.com/errata/RHSA-2016-1546.html
- http://rhn.redhat.com/errata/RHSA-2016-1547.html
- http://www.debian.org/security/2016/dsa-3467
- http://www.openwall.com/lists/oss-security/2016/01/24/3
- http://www.openwall.com/lists/oss-security/2016/01/24/7
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/81730
- http://www.ubuntu.com/usn/USN-2939-1
- https://security.gentoo.org/glsa/201701-16
- http://bugzilla.maptools.org/show_bug.cgi?id=2522
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00058.html
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00064.html
- http://rhn.redhat.com/errata/RHSA-2016-1546.html
- http://rhn.redhat.com/errata/RHSA-2016-1547.html
- http://www.debian.org/security/2016/dsa-3467
- http://www.openwall.com/lists/oss-security/2016/01/24/3
- http://www.openwall.com/lists/oss-security/2016/01/24/7
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/81730
- http://www.ubuntu.com/usn/USN-2939-1
- https://security.gentoo.org/glsa/201701-16
MEDIUM6.5
The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif.
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PCVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HReferences
- http://bugzilla.maptools.org/show_bug.cgi?id=2508
- http://rhn.redhat.com/errata/RHSA-2016-1546.html
- http://rhn.redhat.com/errata/RHSA-2016-1547.html
- http://www.debian.org/security/2016/dsa-3467
- http://www.openwall.com/lists/oss-security/2016/01/24/4
- http://www.openwall.com/lists/oss-security/2016/01/24/8
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/81696
- http://www.ubuntu.com/usn/USN-2939-1
- https://github.com/vadz/libtiff/commit/b18012dae552f85dcc5c57d3bf4e997a15b1cc1c
- https://security.gentoo.org/glsa/201701-16
- http://bugzilla.maptools.org/show_bug.cgi?id=2508
- http://rhn.redhat.com/errata/RHSA-2016-1546.html
- http://rhn.redhat.com/errata/RHSA-2016-1547.html
- http://www.debian.org/security/2016/dsa-3467
- http://www.openwall.com/lists/oss-security/2016/01/24/4
- http://www.openwall.com/lists/oss-security/2016/01/24/8
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/81696
- http://www.ubuntu.com/usn/USN-2939-1
- https://github.com/vadz/libtiff/commit/b18012dae552f85dcc5c57d3bf4e997a15b1cc1c
- https://security.gentoo.org/glsa/201701-16
HIGH7.4
Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file.
CVSS 2.0MEDIUM 5.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:PCVSS 3.xHIGH 7.4
CVSS:3.x/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:HReferences
- http://download.osgeo.org/libtiff/tiff-4.0.4.tar.gz
- http://rhn.redhat.com/errata/RHSA-2017-0225.html
- http://www.floyd.ch/?p=874BMP
- http://www.securityfocus.com/bid/94717
- http://download.osgeo.org/libtiff/tiff-4.0.4.tar.gz
- http://rhn.redhat.com/errata/RHSA-2017-0225.html
- http://www.floyd.ch/?p=874BMP
- http://www.securityfocus.com/bid/94717
HIGH7.5
The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c zip" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:PCVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HReferences
- http://bugzilla.maptools.org/show_bug.cgi?id=2570
- http://www.openwall.com/lists/oss-security/2016/04/07/2
- http://www.securitytracker.com/id/1035508
- https://security.gentoo.org/glsa/201701-16
- http://bugzilla.maptools.org/show_bug.cgi?id=2570
- http://www.openwall.com/lists/oss-security/2016/04/07/2
- http://www.securitytracker.com/id/1035508
- https://security.gentoo.org/glsa/201701-16
HIGH8.8
The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c lzw" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:PCVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- http://bugzilla.maptools.org/show_bug.cgi?id=2565
- http://www.openwall.com/lists/oss-security/2016/04/07/3
- http://www.securitytracker.com/id/1035508
- https://security.gentoo.org/glsa/201701-16
- http://bugzilla.maptools.org/show_bug.cgi?id=2565
- http://www.openwall.com/lists/oss-security/2016/04/07/3
- http://www.securitytracker.com/id/1035508
- https://security.gentoo.org/glsa/201701-16
HIGH7.5
The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0.
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:PCVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HReferences
- http://bugzilla.maptools.org/show_bug.cgi?id=2569
- http://lists.opensuse.org/opensuse-updates/2016-09/msg00039.html
- http://www.debian.org/security/2017/dsa-3762
- http://www.openwall.com/lists/oss-security/2016/04/08/3
- http://www.securityfocus.com/bid/85952
- https://security.gentoo.org/glsa/201701-16
- http://bugzilla.maptools.org/show_bug.cgi?id=2569
- http://lists.opensuse.org/opensuse-updates/2016-09/msg00039.html
- http://www.debian.org/security/2017/dsa-3762
- http://www.openwall.com/lists/oss-security/2016/04/08/3
- http://www.securityfocus.com/bid/85952
- https://security.gentoo.org/glsa/201701-16
HIGH7.5
The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the "-v" option to -1.
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:PCVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HReferences
- http://bugzilla.maptools.org/show_bug.cgi?id=2568
- http://www.debian.org/security/2017/dsa-3762
- http://www.openwall.com/lists/oss-security/2016/04/08/4
- http://www.securityfocus.com/bid/85956
- https://security.gentoo.org/glsa/201701-16
- http://bugzilla.maptools.org/show_bug.cgi?id=2568
- http://www.debian.org/security/2017/dsa-3762
- http://www.openwall.com/lists/oss-security/2016/04/08/4
- http://www.securityfocus.com/bid/85956
- https://security.gentoo.org/glsa/201701-16
MEDIUM6.5
tif_read.c in the tiff2bw tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PCVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HReferences
HIGH7.5
The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the bytecounts[] array variable.
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:PCVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HHIGH7.8
The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image.
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:PCVSS 3.xHIGH 7.8
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- http://bugzilla.maptools.org/show_bug.cgi?id=2549
- http://rhn.redhat.com/errata/RHSA-2016-1546.html
- http://rhn.redhat.com/errata/RHSA-2016-1547.html
- http://www.openwall.com/lists/oss-security/2016/04/08/9
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/85953
- http://www.securityfocus.com/bid/85960
- https://bugzilla.redhat.com/show_bug.cgi?id=1325095
- https://security.gentoo.org/glsa/201701-16
- http://bugzilla.maptools.org/show_bug.cgi?id=2549
- http://rhn.redhat.com/errata/RHSA-2016-1546.html
- http://rhn.redhat.com/errata/RHSA-2016-1547.html
- http://www.openwall.com/lists/oss-security/2016/04/08/9
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/85953
- http://www.securityfocus.com/bid/85960
- https://bugzilla.redhat.com/show_bug.cgi?id=1325095
- https://security.gentoo.org/glsa/201701-16
HIGH7.5
The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the src variable.
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:PCVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HReferences
HIGH7.5
The tagCompare function in tif_dirinfo.c in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to field_tag matching.
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:PCVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HReferences
- http://bugzilla.maptools.org/show_bug.cgi?id=2547
- http://www.openwall.com/lists/oss-security/2016/04/08/13
- http://www.securityfocus.com/bid/93335
- https://security.gentoo.org/glsa/201701-16
- http://bugzilla.maptools.org/show_bug.cgi?id=2547
- http://www.openwall.com/lists/oss-security/2016/04/08/13
- http://www.securityfocus.com/bid/93335
- https://security.gentoo.org/glsa/201701-16
HIGH7.5
The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving the ma variable.
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:PCVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HReferences
- http://bugzilla.maptools.org/show_bug.cgi?id=2546
- http://www.debian.org/security/2017/dsa-3844
- http://www.openwall.com/lists/oss-security/2016/04/08/12
- http://www.securityfocus.com/bid/93331
- https://security.gentoo.org/glsa/201701-16
- http://bugzilla.maptools.org/show_bug.cgi?id=2546
- http://www.debian.org/security/2017/dsa-3844
- http://www.openwall.com/lists/oss-security/2016/04/08/12
- http://www.securityfocus.com/bid/93331
- https://security.gentoo.org/glsa/201701-16
HIGH7.8
Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write.
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:PCVSS 3.xHIGH 7.8
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- http://bugzilla.maptools.org/show_bug.cgi?id=2545
- http://lists.opensuse.org/opensuse-updates/2016-09/msg00039.html
- http://rhn.redhat.com/errata/RHSA-2016-1546.html
- http://rhn.redhat.com/errata/RHSA-2016-1547.html
- http://www.debian.org/security/2017/dsa-3762
- http://www.openwall.com/lists/oss-security/2016/04/08/6
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/85960
- https://bugzilla.redhat.com/show_bug.cgi?id=1325093
- https://security.gentoo.org/glsa/201701-16
- http://bugzilla.maptools.org/show_bug.cgi?id=2545
- http://lists.opensuse.org/opensuse-updates/2016-09/msg00039.html
- http://rhn.redhat.com/errata/RHSA-2016-1546.html
- http://rhn.redhat.com/errata/RHSA-2016-1547.html
- http://www.debian.org/security/2017/dsa-3762
- http://www.openwall.com/lists/oss-security/2016/04/08/6
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/85960
- https://bugzilla.redhat.com/show_bug.cgi?id=1325093
- https://security.gentoo.org/glsa/201701-16
HIGH7.8
Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp.
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:PCVSS 3.xHIGH 7.8
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- http://bugzilla.maptools.org/show_bug.cgi?id=2544
- http://lists.opensuse.org/opensuse-updates/2016-09/msg00039.html
- http://rhn.redhat.com/errata/RHSA-2016-1546.html
- http://rhn.redhat.com/errata/RHSA-2016-1547.html
- http://www.debian.org/security/2017/dsa-3762
- http://www.openwall.com/lists/oss-security/2016/04/12/2
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/86000
- https://bugzilla.redhat.com/show_bug.cgi?id=1326246
- https://security.gentoo.org/glsa/201701-16
- http://bugzilla.maptools.org/show_bug.cgi?id=2544
- http://lists.opensuse.org/opensuse-updates/2016-09/msg00039.html
- http://rhn.redhat.com/errata/RHSA-2016-1546.html
- http://rhn.redhat.com/errata/RHSA-2016-1547.html
- http://www.debian.org/security/2017/dsa-3762
- http://www.openwall.com/lists/oss-security/2016/04/12/2
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/86000
- https://bugzilla.redhat.com/show_bug.cgi?id=1326246
- https://security.gentoo.org/glsa/201701-16
HIGH7.8
Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles.
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:PCVSS 3.xHIGH 7.8
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- http://bugzilla.maptools.org/show_bug.cgi?id=2543
- http://lists.opensuse.org/opensuse-updates/2016-09/msg00039.html
- http://rhn.redhat.com/errata/RHSA-2016-1546.html
- http://rhn.redhat.com/errata/RHSA-2016-1547.html
- http://www.debian.org/security/2017/dsa-3762
- http://www.openwall.com/lists/oss-security/2016/04/12/3
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/85996
- https://bugzilla.redhat.com/show_bug.cgi?id=1326249
- https://security.gentoo.org/glsa/201701-16
- http://bugzilla.maptools.org/show_bug.cgi?id=2543
- http://lists.opensuse.org/opensuse-updates/2016-09/msg00039.html
- http://rhn.redhat.com/errata/RHSA-2016-1546.html
- http://rhn.redhat.com/errata/RHSA-2016-1547.html
- http://www.debian.org/security/2017/dsa-3762
- http://www.openwall.com/lists/oss-security/2016/04/12/3
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/85996
- https://bugzilla.redhat.com/show_bug.cgi?id=1326249
- https://security.gentoo.org/glsa/201701-16
MEDIUM5.5
Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file.
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PCVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HReferences
- http://bugzilla.maptools.org/show_bug.cgi?id=2552
- http://www.securityfocus.com/bid/96049
- https://bugzilla.redhat.com/show_bug.cgi?id=1343407
- https://security.gentoo.org/glsa/201701-16
- https://usn.ubuntu.com/3606-1/
- http://bugzilla.maptools.org/show_bug.cgi?id=2552
- http://www.securityfocus.com/bid/96049
- https://bugzilla.redhat.com/show_bug.cgi?id=1343407
- https://security.gentoo.org/glsa/201701-16
- https://usn.ubuntu.com/3606-1/
HIGH8.8
Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr.
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:PCVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- http://bugzilla.maptools.org/show_bug.cgi?id=2554
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html
- http://lists.opensuse.org/opensuse-updates/2016-07/msg00087.html
- http://lists.opensuse.org/opensuse-updates/2016-09/msg00060.html
- http://lists.opensuse.org/opensuse-updates/2016-09/msg00090.html
- http://www.openwall.com/lists/oss-security/2016/06/15/1
- http://www.openwall.com/lists/oss-security/2016/06/15/9
- http://www.openwall.com/lists/oss-security/2016/06/30/3
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/91195
- http://www.securityfocus.com/bid/91245
- https://bugzilla.redhat.com/show_bug.cgi?id=1346687
- https://github.com/vadz/libtiff/commit/391e77fcd217e78b2c51342ac3ddb7100ecacdd2
- https://security.gentoo.org/glsa/201701-16
- https://www.debian.org/security/2017/dsa-3762
- http://bugzilla.maptools.org/show_bug.cgi?id=2554
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html
- http://lists.opensuse.org/opensuse-updates/2016-07/msg00087.html
- http://lists.opensuse.org/opensuse-updates/2016-09/msg00060.html
- http://lists.opensuse.org/opensuse-updates/2016-09/msg00090.html
- http://www.openwall.com/lists/oss-security/2016/06/15/1
- http://www.openwall.com/lists/oss-security/2016/06/15/9
- http://www.openwall.com/lists/oss-security/2016/06/30/3
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/91195
- http://www.securityfocus.com/bid/91245
- https://bugzilla.redhat.com/show_bug.cgi?id=1346687
- https://github.com/vadz/libtiff/commit/391e77fcd217e78b2c51342ac3ddb7100ecacdd2
- https://security.gentoo.org/glsa/201701-16
- https://www.debian.org/security/2017/dsa-3762
MEDIUM5.5
The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PCVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HReferences
- http://www.debian.org/security/2017/dsa-3762
- http://www.openwall.com/lists/oss-security/2016/06/15/2
- http://www.securityfocus.com/bid/91204
- https://bugzilla.redhat.com/show_bug.cgi?id=1346694
- https://security.gentoo.org/glsa/201701-16
- http://www.debian.org/security/2017/dsa-3762
- http://www.openwall.com/lists/oss-security/2016/06/15/2
- http://www.securityfocus.com/bid/91204
- https://bugzilla.redhat.com/show_bug.cgi?id=1346694
- https://security.gentoo.org/glsa/201701-16
MEDIUM6.5
Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool.
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PCVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HReferences
- http://lists.opensuse.org/opensuse-updates/2016-07/msg00087.html
- http://lists.opensuse.org/opensuse-updates/2016-09/msg00060.html
- http://lists.opensuse.org/opensuse-updates/2016-09/msg00090.html
- http://www.debian.org/security/2017/dsa-3762
- http://www.openwall.com/lists/oss-security/2016/06/15/3
- http://www.securityfocus.com/bid/91203
- https://security.gentoo.org/glsa/201701-16
- http://lists.opensuse.org/opensuse-updates/2016-07/msg00087.html
- http://lists.opensuse.org/opensuse-updates/2016-09/msg00060.html
- http://lists.opensuse.org/opensuse-updates/2016-09/msg00090.html
- http://www.debian.org/security/2017/dsa-3762
- http://www.openwall.com/lists/oss-security/2016/06/15/3
- http://www.securityfocus.com/bid/91203
- https://security.gentoo.org/glsa/201701-16
MEDIUM6.5
Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff.
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PCVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HReferences
- http://www.openwall.com/lists/oss-security/2016/04/27/6
- http://www.openwall.com/lists/oss-security/2016/06/07/1
- http://www.securityfocus.com/bid/88604
- https://security.gentoo.org/glsa/201701-16
- https://usn.ubuntu.com/3606-1/
- http://www.openwall.com/lists/oss-security/2016/04/27/6
- http://www.openwall.com/lists/oss-security/2016/06/07/1
- http://www.securityfocus.com/bid/88604
- https://security.gentoo.org/glsa/201701-16
- https://usn.ubuntu.com/3606-1/
MEDIUM6.5
Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file.
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PCVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HReferences
- http://www.openwall.com/lists/oss-security/2016/04/27/6
- http://www.openwall.com/lists/oss-security/2016/06/07/1
- http://www.securityfocus.com/bid/88604
- https://security.gentoo.org/glsa/201701-16
- http://www.openwall.com/lists/oss-security/2016/04/27/6
- http://www.openwall.com/lists/oss-security/2016/06/07/1
- http://www.securityfocus.com/bid/88604
- https://security.gentoo.org/glsa/201701-16
MEDIUM6.5
The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image.
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PCVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HReferences
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html
- http://www.debian.org/security/2017/dsa-3762
- http://www.securityfocus.com/bid/91209
- https://security.gentoo.org/glsa/201701-16
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html
- http://www.debian.org/security/2017/dsa-3762
- http://www.securityfocus.com/bid/91209
- https://security.gentoo.org/glsa/201701-16
MEDIUM5.5
The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PCVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HReferences
- http://www.debian.org/security/2017/dsa-3762
- http://www.openwall.com/lists/oss-security/2016/06/15/2
- http://www.securityfocus.com/bid/91204
- http://www.securityfocus.com/bid/91205
- https://bugzilla.redhat.com/show_bug.cgi?id=1346694
- https://security.gentoo.org/glsa/201701-16
- http://www.debian.org/security/2017/dsa-3762
- http://www.openwall.com/lists/oss-security/2016/06/15/2
- http://www.securityfocus.com/bid/91204
- http://www.securityfocus.com/bid/91205
- https://bugzilla.redhat.com/show_bug.cgi?id=1346694
- https://security.gentoo.org/glsa/201701-16
HIGH7.5
The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image.
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:PCVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HReferences
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html
- http://www.debian.org/security/2017/dsa-3762
- http://www.openwall.com/lists/oss-security/2016/06/15/6
- http://www.securityfocus.com/bid/91196
- https://security.gentoo.org/glsa/201701-16
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html
- http://www.debian.org/security/2017/dsa-3762
- http://www.openwall.com/lists/oss-security/2016/06/15/6
- http://www.securityfocus.com/bid/91196
- https://security.gentoo.org/glsa/201701-16
CRITICAL9.1
The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a negative index in a file-content buffer.
CVSS 2.0MEDIUM 6.4
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:PCVSS 3.xCRITICAL 9.1
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HReferences
- http://libtiff.maptools.org/v4.0.7.html
- http://www.debian.org/security/2017/dsa-3762
- http://www.openwall.com/lists/oss-security/2016/07/13/3
- http://www.openwall.com/lists/oss-security/2016/07/14/4
- http://www.securityfocus.com/bid/91741
- https://security.gentoo.org/glsa/201701-16
- http://libtiff.maptools.org/v4.0.7.html
- http://www.debian.org/security/2017/dsa-3762
- http://www.openwall.com/lists/oss-security/2016/07/13/3
- http://www.openwall.com/lists/oss-security/2016/07/14/4
- http://www.securityfocus.com/bid/91741
- https://security.gentoo.org/glsa/201701-16
HIGH7.8
The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one.
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:PCVSS 3.xHIGH 7.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- http://bugzilla.maptools.org/show_bug.cgi?id=2579
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html
- http://www.debian.org/security/2017/dsa-3762
- http://www.openwall.com/lists/oss-security/2016/11/19/1
- http://www.securityfocus.com/bid/94406
- https://security.gentoo.org/glsa/201701-16
- http://bugzilla.maptools.org/show_bug.cgi?id=2579
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html
- http://www.debian.org/security/2017/dsa-3762
- http://www.openwall.com/lists/oss-security/2016/11/19/1
- http://www.securityfocus.com/bid/94406
- https://security.gentoo.org/glsa/201701-16
MEDIUM5.5
Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file.
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PCVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HReferences
- http://bugzilla.maptools.org/show_bug.cgi?id=2592
- http://www.debian.org/security/2017/dsa-3762
- http://www.openwall.com/lists/oss-security/2016/11/11/14
- http://www.openwall.com/lists/oss-security/2016/11/21/1
- http://www.openwall.com/lists/oss-security/2016/11/22/1
- http://www.securityfocus.com/bid/94424
- https://bugzilla.redhat.com/show_bug.cgi?id=1397726
- https://security.gentoo.org/glsa/201701-16
- http://bugzilla.maptools.org/show_bug.cgi?id=2592
- http://www.debian.org/security/2017/dsa-3762
- http://www.openwall.com/lists/oss-security/2016/11/11/14
- http://www.openwall.com/lists/oss-security/2016/11/21/1
- http://www.openwall.com/lists/oss-security/2016/11/22/1
- http://www.securityfocus.com/bid/94424
- https://bugzilla.redhat.com/show_bug.cgi?id=1397726
- https://security.gentoo.org/glsa/201701-16
HIGH8.8
LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27.
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:PCVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- http://bugzilla.maptools.org/show_bug.cgi?id=2500
- https://gitlab.com/libtiff/libtiff/commit/739dcd28a061738b317c1e9f91029d9cbc157159
- https://sourceforge.net/p/graphicsmagick/bugs/540/
- http://bugzilla.maptools.org/show_bug.cgi?id=2500
- https://gitlab.com/libtiff/libtiff/commit/739dcd28a061738b317c1e9f91029d9cbc157159
- https://sourceforge.net/p/graphicsmagick/bugs/540/