F5 Networks BIG-IP : LibTIFF vulnerability (K70117303)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K70117303 advisory. LibTIFF 3.9.3, 3.9.4, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta,...

Oracle Linux 7 : libtiff (ELSA-2019-2053)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2053 advisory. - Fix compiler warning introduced by patch for CVE-2018-18661 - Fix CVE-2016-3186 - Fix CVE-2018-7456 - Fix CVE-2018-8905 - Fix CVE-2018-10779 - Fix...

Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2020-1447)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Medium: libtiff

Issue Overview: Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service application crash via a crafted GIF file.CVE-2016-3186 An integer overflow has been discovered in libtiff in TIFFSetupStrips:tifwrite.c, which could le...

The vulnerability of the JBIGDecode function in the library for viewing, editing, and converting TIFF files into LibTIFF files, related to writing beyond the buffer memory, allows attackers to cause service failures or execute arbitrary code.

The vulnerability of the JBIGDecode function “tifjbig.c” in the library for viewing, editing, and converting TIFF files related to LibTIFF is associated with errors that allow the execution of write operations beyond the buffer memory. Exploiting this vulnerability can enable an attacker to cause...

[ASA-201811-17] libtiff: multiple issues

Arch Linux Security Advisory ASA-201811-17 ========================================== Severity: High Date : 2018-11-20 CVE-ID : CVE-2017-9935 CVE-2017-11613 CVE-2018-18557 CVE-2018-18661 Package : libtiff Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-790 Summary...

libtiff 4.0.9 - Decodes Arbitrarily Sized JBIG into a Target Buffer

libtiff 4.0.9 - Decodes Arbitrarily Sized JBIG into a Target Buffer / libtiff up to and including 4.0.9 decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size. The issue occurs because JBIGDecode entirely ignores the size of the buffer that is passed to it: static int JBIGDecodeTI...

Buffer Overflow

libtiff.so is vulnerable to buffer overflow. When JBIG is enabled, the JBIGDecode function in tifjbig.c ignores the buffer size when decoding JBIG objects with arbitrary size, which can lead to an out-of-bounds write...

Out-of-bounds

LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 with JBIG enabled decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tifjbig.c...

CVE-2018-18557

LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 with JBIG enabled decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tifjbig.c...

CVE-2018-18557

LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 with JBIG enabled decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tifjbig.c...