LibTIFF Buffer Overflow Vulnerability (CNVD-2018-14919)

Libtiff is a library for reading and writing Tagged Image File Format abbreviated TIFF files. A buffer overflow vulnerability exists in TIFFRGBAImageOK in tifgetimage.c in LibTIFF 4.0.9. An attacker can exploit this vulnerability to cause a denial of service via TIFFReadRGBAImage, TIFFRGBAImageOK...

LibTIFF Buffer Overflow Vulnerability (CNVD-2018-14918)

Libtiff is a library for reading and writing Tagged Image File Format abbreviated TIFF files. A buffer overflow vulnerability exists in the unixErrorHandler in tifunix.c in LibTIFF 4.0.9. An attacker can exploit this vulnerability via TIFFClientOpen, TIFFFdOpen, TIFFRawStripSize, TIFFCheckTile,...

LibTIFF Buffer Overflow Vulnerability (CNVD-2018-14917)

Libtiff is a library for reading and writing Tagged Image File Format abbreviated TIFF files. A buffer overflow vulnerability exists in TIFFFindField in tifdirinfo.c in LibTIFF 4.0.9. An attacker can exploit this vulnerability via TIFFVGetField, TIFFVGetFieldDefaulted, TIFFVStripSize,...

[SECURITY] Fedora 28 Update: mingw-libtiff-4.0.9-1.fc28

The libtiff package contains a library of functions for manipulating TIFF Tagged Image File Format image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if yo...

Little CMS out-of-bounds write vulnerability (CNVD-2018-16277)

Little CMS is a small color management engine. An out-of-bounds write vulnerability exists in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a in tificc in Little CMS 2.9. An attacker can exploit this vulnerability to cause an out-of-bounds write via a specially crafted TIFF file...

Memory Corruption Vulnerability in Nikon ViewNX-i in Japan

Nikon is a famous camera manufacturer in Japan.ViewNX-i is an image processing software from Nikon. A memory corruption vulnerability exists in Nikon ViewNX-i when processing TIFF images. An attacker can cause the program to crash by constructing a malformed TIFF image, which if successfully...

PT-2018-16255 · Talos +1 · Computerinsel Photoline +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a...

USN-3602-1: LibTIFF vulnerabilities

It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges...

DEBIAN-CVE-2017-18229

An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline, strip, and tile...

GraphicsMagick Assignment Failure Vulnerability

GraphicsMagick has been called the Swiss Army Knife of image processing. The short and compact code provides a robust and efficient collection of tools and libraries to handle reading, writing and manipulating images, supporting over 88 image formats, including the important DPX, GIF, JPEG,...

DEBIAN-CVE-2018-7728

An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileHandlers/TIFFHandler.cpp mishandles a case of a zero length, leading to a heap-based buffer over-read in the MD5Update function in third-party/zuid/interfaces/MD5.cpp...

Silicon Graphics LibTIFF 'TIFFPrintDirectory' Function Null Pointer Dereference Vulnerability

Silicon Graphics LibTIFF is a library for reading and writing TIFF Tagged Image File Format files from Silicon Graphics, USA. The library contains a number of command-line tools for processing TIFF files. A security vulnerability exists in the 'TIFFPrintDirectory' function of the tifprint.c file ...

Acme CADSee Handles TIFF Files with Denial of Service Vulnerability

Acme CADSee is a specialized viewer for CAD drawing files. Acme CADSee suffers from a memory corruption vulnerability when handling TIFF format files, which can cause an attacker to crash the program by constructing a TIFF format file, and if successfully exploited, can cause arbitrary code...

PYSEC-2017-141

Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file...

ImageMagick memory leak vulnerability (CNVD-2018-00100)

ImageMagick is a software for creating, editing, and compositing images that can read, convert, and write images in many formats. A memory leak vulnerability exists in the GetImagePixelCache function in magick/cache.c in ImageMagick version 7.0.7-12 Q16. An attacker can exploit this vulnerability...

IrfanView buffer overflow vulnerability (CNVD-2017-32317)

IrfanView is an image viewer developed by Irfan Skiljan, a software developer from Bosnia and Herzegovina, which supports image browsing, image editing, image format conversion and more. A buffer overflow vulnerability exists in IrfanView version 4.50 64-bit. A remote attacker can exploit this...

libTIFF: Multiple vulnerabilities

Background The TIFF library contains encoding and decoding routines for the Tag Image File Format. It is called by numerous programs, including GNOME and KDE applications, to interpret TIFF images. Description Multiple vulnerabilities have been discovered in LibTIFF. Please review the referenced...

DEBIAN-CVE-2017-14528

The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service use-after-free after an invalid call to TIFFSetField,...

ImageMagick Remote Code Execution Vulnerability (CNVD-2017-25059)

ImageMagick is a set of open-source image processing software from the U.S. company ImageMagick Studio. The software can read, convert and write pictures in a variety of formats. A remote code execution vulnerability exists in the 'ReadOneMNGImage' function in the coders/png.c file in versions of...

PT-2017-4104 · Imagemagick +4 · Imagemagick +4

Name of the Vulnerable Software and Affected Versions: ImageMagick version 7.0.6-6 Description: A memory exhaustion issue was found in the ReadTIFFImage function, allowing attackers to cause a denial of service. The vulnerability is related to an error in the resource control mechanism, which can...