K45593826: LibTIFF vulnerabilities CVE-2015-8870, CVE-2016-5652, CVE-2016-9536, CVE-2016-9537, and CVE-2016-9540

Security Advisory Description CVE-2015-8870 Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service heap-based buffer over-read, or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or...

Denial Of Service (DoS)

libtiff.so is vulnerable to denial of service DoS attacks. A malicious user can pass a tiff file to the t2preadwritepdfimagetile function in tiff2pdf.c to cause a invalid memory read that can crash the application...

Denial Of Service (DoS) Through Heap Buffer Overflow

libtiff.so is vulnerable to denial of service DoS through heap-based buffer overflow attacks. The vulnerability exists in the t2preadtiffdata function of tiff2pdf.c when processing a PlanarConfig=Contig image can cause an out-of-bounds write, causing a DoS attack...

Out-of-bounds

LibTIFF 4.0.3 allows remote attackers to cause a denial of service out-of-bounds write or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tifnext.c to verify that the BitsPerSample value is 2, and the t2psamplelabsignedtounsigned function in tiff2pdf...

CVE-2014-8129

LibTIFF 4.0.3 allows remote attackers to cause a denial of service out-of-bounds write or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tifnext.c to verify that the BitsPerSample value is 2, and the t2psamplelabsignedtounsigned function in tiff2pdf...

CVE-2014-8129

LibTIFF 4.0.3 allows remote attackers to cause a denial of service out-of-bounds write or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tifnext.c to verify that the BitsPerSample value is 2, and the t2psamplelabsignedtounsigned function in tiff2pdf...

CVE-2014-8129

LibTIFF 4.0.3 allows remote attackers to cause a denial of service out-of-bounds write or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tifnext.c to verify that the BitsPerSample value is 2, and the t2psamplelabsignedtounsigned function in tiff2pdf...

LibTIFF Memory Misreference Vulnerability

Libtiff is a library for reading and writing Tagged Image File Format abbreviated TIFF files. A memory misreference vulnerability exists in the t2pwriteproc function in tiff2pdf.c in LibTIFF. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service...

Heap overflow

There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred bytes out-of-bounds write related to the ZIPDecode function in tifzip.c. A crafted input may lead to a remote denial of service attack or an arbitrary...

CVE-2017-11335

There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred bytes out-of-bounds write related to the ZIPDecode function in tifzip.c. A crafted input may lead to a remote denial of service attack or an arbitrary...

Heap overflow

tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2pprocessjpegstrip. Reported as MSVR 35098, aka "t2pprocessjpegstrip heap-buffer-overflow."...

LibTIFF 'tiff2pdf.c' Denial of Service Vulnerability

Silicon Graphics LibTIFF is a library for reading and writing TIFF Tagged Image File Format files from Silicon Graphics, USA. The library contains a number of command-line tools for processing TIFF files. A denial of service vulnerability exists in LibTIFF 'tiff2pdf.c', which can be exploited by ...