Lucene search
+L

6592 matches found

RedHat Linux
RedHat Linux
added 2026/06/10 7:50 a.m.13 views

libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing

A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations,...

7.8CVSS5.9AI score0.00553EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/10 7:50 a.m.14 views

Important: Red Hat Security Advisory: compat-libtiff3 security update

An update for compat-libtiff3 is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.8CVSS6AI score0.00553EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 10:23 a.m.9 views

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload through the image decoding process. An attacker can cause the server process to crash by uploading a specially crafted TIFF file that triggers excessive memory allocation. Remediation Upgrade...

7.1CVSS5.4AI score0.00479EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 9:16 a.m.15 views

CVE-2026-33582

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. A crafted TIFF image could trigger excessive memory allocation during image decoding, allowing an authenticated user to cause the server process to crash. Users are...

6.5CVSS0.00479EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 7:34 a.m.8 views

CVE-2026-33582 Apache Answer: Uploading specially crafted TIFF files causes an Out-of-Memory error

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. A crafted TIFF image could trigger excessive memory allocation during image decoding, allowing an authenticated user to cause the server process to crash. Users are...

5.4AI score0.00479EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 7:34 a.m.45 views

CVE-2026-33582

The CVE-2026-33582 issue affects Apache Answer up to version 2.0.0, where a crafted TIFF image can trigger excessive memory allocation during decoding, allowing an authenticated user to crash the server process. Upgrade to version 2.0.1 to fix the issue. The reported CVSS vector indicates MEDIUM ...

6.5CVSS5.4AI score0.00479EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/09 7:34 a.m.40 views

CVE-2026-33582 Apache Answer: Uploading specially crafted TIFF files causes an Out-of-Memory error

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. A crafted TIFF image could trigger excessive memory allocation during image decoding, allowing an authenticated user to cause the server process to crash. Users are...

0.00479EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 7:34 a.m.2 views

CVE-2026-33582 Apache Answer: Uploading specially crafted TIFF files causes an Out-of-Memory error

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. A crafted TIFF image could trigger excessive memory allocation during image decoding, allowing an authenticated user to cause the server process to crash. Users are...

6.5CVSS5.9AI score0.00479EPSS
Exploits0References4
Zero Day Initiative
Zero Day Initiative
added 2026/06/09 12:0 a.m.15 views

Adobe Acrobat Reader DC TIF File Parsing Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

7.8CVSS5.9AI score0.00239EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.21 views

PT-2026-47715

Name of the Vulnerable Software and Affected Versions Apache Answer versions prior to 2.0.1 Description An unrestricted upload of files with dangerous types allows an authenticated user to cause a server process crash. This occurs when a crafted TIFF image triggers excessive memory allocation...

6.5CVSS5.2AI score0.00479EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/08 8:59 p.m.16 views

CVE-2026-46599

A flaw was found in the golang.org/x/image/tiff package's TIFF decoder. This vulnerability occurs because the decoder does not properly limit the size of PackBits-compressed data. A remote attacker could exploit this by providing a maliciously-crafted image, leading to the decoder processing...

7.5CVSS5.8AI score0.00353EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.10 views

CVE-2026-5755

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.2, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate the TIFF IFD offset in the image header before allocating memory, which allows authenticated users with file upload or posting permissions to cause a denial of service serve...

6.5CVSS5.5AI score0.00245EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.12 views

MiracleLinux 8 : compat-libtiff3-3.9.4-15.el8_10 (AXSA:2026-739:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2026-739:01 advisory. libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing CVE-2026-4775 Tenable has extracted the...

7.8CVSS6.3AI score0.00553EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/01 12:0 a.m.11 views

Ubuntu 14.04 LTS / 16.04 LTS : GDAL vulnerability (USN-8345-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8345-1 advisory. It was discovered that the vendored LibTIFF in GDAL incorrectly handled memory when parsing malformed TIFF image metadata. An attacker could possibly...

8.8CVSS6.7AI score0.00739EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/30 12:0 a.m.19 views

Linux Distros Unpatched Vulnerability : CVE-2026-46599

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image both in ter...

7.5CVSS5.8AI score0.00353EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/29 9:14 p.m.10 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of limits on the size of PackBits-compressed data during decompression. An attacker can cause excessive resource consumption by submitting a specially crafted image...

8.7CVSS5.8AI score0.00353EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/29 9:14 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of limits on the size of PackBits-compressed data during decompression. An attacker can cause excessive resource consumption by submitting a specially crafted image...

8.7CVSS5.8AI score0.00353EPSS
Exploits0References2
OSV
OSV
added 2026/05/29 8:16 p.m.10 views

DEBIAN-CVE-2026-46599

The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image both in terms of pixel width/height and encoded size to make the decoder decode large amounts of compressed data...

7.5CVSS5.8AI score0.00353EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 7:35 p.m.48 views

CVE-2026-46599

The CVE-2026-46599 entry corresponds to excessive resource consumption in the TIFF PackBits decompression in golang.org/x/image/tiff. The root cause is that the TIFF decoder does not place a limit on the size of PackBits-compressed data, enabling a malicious image (even small in dimensions) to dr...

7.5CVSS5.8AI score0.00353EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/29 7:35 p.m.13 views

CVE-2026-46599

The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image both in terms of pixel width/height and encoded size to make the decoder decode large amounts of compressed data...

5.8AI score0.00353EPSS
Exploits0References5
Rows per page
Query Builder