All the vulnerabilites related to libtiff - libtiff
cve-2022-0907
Vulnerability from cvelistv5
Published
2022-03-11 00:00
Modified
2024-08-02 23:47
Summary
Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.
Impacted products
libtifflibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:47:42.626Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/392"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/314"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0907.json"
          },
          {
            "name": "DSA-5108",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5108"
          },
          {
            "name": "FEDORA-2022-e2996202a0",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/"
          },
          {
            "name": "FEDORA-2022-c39720a0ed",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220506-0002/"
          },
          {
            "name": "GLSA-202210-10",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-10"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "libtiff",
          "versions": [
            {
              "status": "affected",
              "version": "=4.3.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "wangdw.augustus@gmail.com"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Vulnerability in libtiff",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-31T00:00:00",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/392"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/314"
        },
        {
          "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0907.json"
        },
        {
          "name": "DSA-5108",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5108"
        },
        {
          "name": "FEDORA-2022-e2996202a0",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/"
        },
        {
          "name": "FEDORA-2022-c39720a0ed",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220506-0002/"
        },
        {
          "name": "GLSA-202210-10",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-10"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2022-0907",
    "datePublished": "2022-03-11T00:00:00",
    "dateReserved": "2022-03-10T00:00:00",
    "dateUpdated": "2024-08-02T23:47:42.626Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-1916
Vulnerability from cvelistv5
Published
2023-04-10 00:00
Modified
2024-08-02 06:05
Severity ?
Summary
A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x.
Impacted products
n/alibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:05:26.709Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/536%2C"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/537"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213844"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "libtiff versions 4.x and newer are affected"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-23T07:06:24.612122",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/536%2C"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/537"
        },
        {
          "url": "https://support.apple.com/kb/HT213844"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-1916",
    "datePublished": "2023-04-10T00:00:00",
    "dateReserved": "2023-04-06T00:00:00",
    "dateUpdated": "2024-08-02T06:05:26.709Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-7554
Vulnerability from cvelistv5
Published
2016-01-08 19:00
Modified
2024-08-06 07:51
Severity ?
Summary
The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:51:28.543Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "name": "openSUSE-SU-2016:0212",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00078.html"
          },
          {
            "name": "RHSA-2016:1547",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "name": "79699",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/79699"
          },
          {
            "name": "openSUSE-SU-2016:0215",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00081.html"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "name": "20151226 libtiff: invalid write (CVE-2015-7554)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/537205/100/0/threaded"
          },
          {
            "name": "20151226 libtiff: invalid write (CVE-2015-7554)",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2015/Dec/119"
          },
          {
            "name": "RHSA-2016:1546",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/135078/libtiff-4.0.6-Invalid-Write.html"
          },
          {
            "name": "openSUSE-SU-2016:0252",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00100.html"
          },
          {
            "name": "[oss-security] 20151226 libtiff: invalid write (CVE-2015-7554)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/12/26/7"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "name": "openSUSE-SU-2016:0212",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00078.html"
        },
        {
          "name": "RHSA-2016:1547",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "name": "79699",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/79699"
        },
        {
          "name": "openSUSE-SU-2016:0215",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00081.html"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "name": "20151226 libtiff: invalid write (CVE-2015-7554)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/537205/100/0/threaded"
        },
        {
          "name": "20151226 libtiff: invalid write (CVE-2015-7554)",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2015/Dec/119"
        },
        {
          "name": "RHSA-2016:1546",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/135078/libtiff-4.0.6-Invalid-Write.html"
        },
        {
          "name": "openSUSE-SU-2016:0252",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00100.html"
        },
        {
          "name": "[oss-security] 20151226 libtiff: invalid write (CVE-2015-7554)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/12/26/7"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-7554",
    "datePublished": "2016-01-08T19:00:00",
    "dateReserved": "2015-09-29T00:00:00",
    "dateUpdated": "2024-08-06T07:51:28.543Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-7598
Vulnerability from cvelistv5
Published
2017-04-09 14:00
Modified
2024-08-05 16:04
Severity ?
Summary
tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.
References
https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashesx_refsource_MISC
http://www.debian.org/security/2017/dsa-3844vendor-advisory, x_refsource_DEBIAN
https://security.gentoo.org/glsa/201709-27vendor-advisory, x_refsource_GENTOO
https://usn.ubuntu.com/3602-1/vendor-advisory, x_refsource_UBUNTU
http://www.securityfocus.com/bid/97499vdb-entry, x_refsource_BID
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:04:12.046Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes"
          },
          {
            "name": "DSA-3844",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3844"
          },
          {
            "name": "GLSA-201709-27",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-27"
          },
          {
            "name": "USN-3602-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3602-1/"
          },
          {
            "name": "97499",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97499"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-04-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-21T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes"
        },
        {
          "name": "DSA-3844",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3844"
        },
        {
          "name": "GLSA-201709-27",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-27"
        },
        {
          "name": "USN-3602-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3602-1/"
        },
        {
          "name": "97499",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97499"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-7598",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes",
              "refsource": "MISC",
              "url": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes"
            },
            {
              "name": "DSA-3844",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3844"
            },
            {
              "name": "GLSA-201709-27",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-27"
            },
            {
              "name": "USN-3602-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3602-1/"
            },
            {
              "name": "97499",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97499"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-7598",
    "datePublished": "2017-04-09T14:00:00",
    "dateReserved": "2017-04-09T00:00:00",
    "dateUpdated": "2024-08-05T16:04:12.046Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-9117
Vulnerability from cvelistv5
Published
2017-05-21 19:00
Modified
2024-08-05 16:55
Severity ?
Summary
In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff.
References
https://usn.ubuntu.com/3606-1/vendor-advisory, x_refsource_UBUNTU
http://www.securityfocus.com/bid/98581vdb-entry, x_refsource_BID
http://bugzilla.maptools.org/show_bug.cgi?id=2690x_refsource_MISC
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:55:22.239Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3606-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3606-1/"
          },
          {
            "name": "98581",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98581"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2690"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-05-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-27T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3606-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3606-1/"
        },
        {
          "name": "98581",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98581"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2690"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-9117",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3606-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3606-1/"
            },
            {
              "name": "98581",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98581"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2690",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2690"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-9117",
    "datePublished": "2017-05-21T19:00:00",
    "dateReserved": "2017-05-21T00:00:00",
    "dateUpdated": "2024-08-05T16:55:22.239Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-4232
Vulnerability from cvelistv5
Published
2013-09-10 19:00
Modified
2024-08-06 16:38
Severity ?
Summary
Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted TIFF image.
References
http://bugzilla.maptools.org/show_bug.cgi?id=2449x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2014-0223.htmlvendor-advisory, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=995975x_refsource_CONFIRM
http://www.debian.org/security/2013/dsa-2744vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/54543third-party-advisory, x_refsource_SECUNIA
http://www.asmail.be/msg0055359936.htmlmailing-list, x_refsource_MLIST
http://secunia.com/advisories/54628third-party-advisory, x_refsource_SECUNIA
http://www.openwall.com/lists/oss-security/2013/08/10/2mailing-list, x_refsource_MLIST
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:38:01.631Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2449"
          },
          {
            "name": "RHSA-2014:0223",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0223.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=995975"
          },
          {
            "name": "DSA-2744",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2744"
          },
          {
            "name": "54543",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/54543"
          },
          {
            "name": "[tiff] 20130801 Vulnerabilities in libtiff 4.0.3",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.asmail.be/msg0055359936.html"
          },
          {
            "name": "54628",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/54628"
          },
          {
            "name": "[oss-security] 20130809 Re: CVE Request -- Four (stack-based) buffer overflows  and one use-after-free in libtiff v4.0.3 reported by Pedro Ribeiro",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/08/10/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-08-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted TIFF image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-06-29T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2449"
        },
        {
          "name": "RHSA-2014:0223",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0223.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=995975"
        },
        {
          "name": "DSA-2744",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2744"
        },
        {
          "name": "54543",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/54543"
        },
        {
          "name": "[tiff] 20130801 Vulnerabilities in libtiff 4.0.3",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.asmail.be/msg0055359936.html"
        },
        {
          "name": "54628",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/54628"
        },
        {
          "name": "[oss-security] 20130809 Re: CVE Request -- Four (stack-based) buffer overflows  and one use-after-free in libtiff v4.0.3 reported by Pedro Ribeiro",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/08/10/2"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4232",
    "datePublished": "2013-09-10T19:00:00",
    "dateReserved": "2013-06-12T00:00:00",
    "dateUpdated": "2024-08-06T16:38:01.631Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-6128
Vulnerability from cvelistv5
Published
2019-01-11 05:00
Modified
2024-08-04 20:16
Severity ?
Summary
The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:16:23.937Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3906-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3906-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2836"
          },
          {
            "name": "USN-3906-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3906-2/"
          },
          {
            "name": "openSUSE-SU-2019:1161",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/commit/0c74a9f49b8d7a36b17b54a7428b3526d20f88a8"
          },
          {
            "name": "20191104 [slackware-security] libtiff (SSA:2019-308-01)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Nov/5"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/155095/Slackware-Security-Advisory-libtiff-Updates.html"
          },
          {
            "name": "[debian-lts-announce] 20191126 [SECURITY] [DLA 2009-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html"
          },
          {
            "name": "GLSA-202003-25",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-25"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-01-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-15T16:06:04",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3906-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3906-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2836"
        },
        {
          "name": "USN-3906-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3906-2/"
        },
        {
          "name": "openSUSE-SU-2019:1161",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://gitlab.com/libtiff/libtiff/commit/0c74a9f49b8d7a36b17b54a7428b3526d20f88a8"
        },
        {
          "name": "20191104 [slackware-security] libtiff (SSA:2019-308-01)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Nov/5"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/155095/Slackware-Security-Advisory-libtiff-Updates.html"
        },
        {
          "name": "[debian-lts-announce] 20191126 [SECURITY] [DLA 2009-1] tiff security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html"
        },
        {
          "name": "GLSA-202003-25",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202003-25"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-6128",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3906-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3906-1/"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2836",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2836"
            },
            {
              "name": "USN-3906-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3906-2/"
            },
            {
              "name": "openSUSE-SU-2019:1161",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html"
            },
            {
              "name": "https://gitlab.com/libtiff/libtiff/commit/0c74a9f49b8d7a36b17b54a7428b3526d20f88a8",
              "refsource": "CONFIRM",
              "url": "https://gitlab.com/libtiff/libtiff/commit/0c74a9f49b8d7a36b17b54a7428b3526d20f88a8"
            },
            {
              "name": "20191104 [slackware-security] libtiff (SSA:2019-308-01)",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Nov/5"
            },
            {
              "name": "http://packetstormsecurity.com/files/155095/Slackware-Security-Advisory-libtiff-Updates.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/155095/Slackware-Security-Advisory-libtiff-Updates.html"
            },
            {
              "name": "[debian-lts-announce] 20191126 [SECURITY] [DLA 2009-1] tiff security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html"
            },
            {
              "name": "GLSA-202003-25",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202003-25"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-6128",
    "datePublished": "2019-01-11T05:00:00",
    "dateReserved": "2019-01-10T00:00:00",
    "dateUpdated": "2024-08-04T20:16:23.937Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-5318
Vulnerability from cvelistv5
Published
2017-01-20 15:00
Modified
2024-08-06 01:00
Severity ?
Summary
Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff.
References
https://usn.ubuntu.com/3606-1/vendor-advisory, x_refsource_UBUNTU
https://security.gentoo.org/glsa/201701-16vendor-advisory, x_refsource_GENTOO
http://www.securityfocus.com/bid/88604vdb-entry, x_refsource_BID
http://www.openwall.com/lists/oss-security/2016/04/27/6mailing-list, x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2016/06/07/1mailing-list, x_refsource_MLIST
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:00:59.916Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3606-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3606-1/"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "name": "88604",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/88604"
          },
          {
            "name": "[oss-security] 20160427 3 bugs refer to buffer overflow in in libtiff 4.0.6",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/04/27/6"
          },
          {
            "name": "[oss-security] 20160606 3 bugs refer to buffer overflow in in libtiff 4.0.6",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/07/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-27T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3606-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3606-1/"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "name": "88604",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/88604"
        },
        {
          "name": "[oss-security] 20160427 3 bugs refer to buffer overflow in in libtiff 4.0.6",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/04/27/6"
        },
        {
          "name": "[oss-security] 20160606 3 bugs refer to buffer overflow in in libtiff 4.0.6",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/07/1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-5318",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3606-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3606-1/"
            },
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "88604",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/88604"
            },
            {
              "name": "[oss-security] 20160427 3 bugs refer to buffer overflow in in libtiff 4.0.6",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/04/27/6"
            },
            {
              "name": "[oss-security] 20160606 3 bugs refer to buffer overflow in in libtiff 4.0.6",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/06/07/1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-5318",
    "datePublished": "2017-01-20T15:00:00",
    "dateReserved": "2016-06-06T00:00:00",
    "dateUpdated": "2024-08-06T01:00:59.916Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-10270
Vulnerability from cvelistv5
Published
2017-03-24 19:00
Modified
2024-08-06 03:14
Severity ?
Summary
LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 8" and libtiff/tif_read.c:523:22.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:14:42.883Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/"
          },
          {
            "name": "DSA-3844",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3844"
          },
          {
            "name": "97200",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97200"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/vadz/libtiff/commit/9a72a69e035ee70ff5c41541c8c61cd97990d018"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-03-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to \"READ of size 8\" and libtiff/tif_read.c:523:22."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-03T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/"
        },
        {
          "name": "DSA-3844",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3844"
        },
        {
          "name": "97200",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97200"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vadz/libtiff/commit/9a72a69e035ee70ff5c41541c8c61cd97990d018"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-10270",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to \"READ of size 8\" and libtiff/tif_read.c:523:22."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/",
              "refsource": "MISC",
              "url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/"
            },
            {
              "name": "DSA-3844",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3844"
            },
            {
              "name": "97200",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97200"
            },
            {
              "name": "https://github.com/vadz/libtiff/commit/9a72a69e035ee70ff5c41541c8c61cd97990d018",
              "refsource": "MISC",
              "url": "https://github.com/vadz/libtiff/commit/9a72a69e035ee70ff5c41541c8c61cd97990d018"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-10270",
    "datePublished": "2017-03-24T19:00:00",
    "dateReserved": "2017-03-24T00:00:00",
    "dateUpdated": "2024-08-06T03:14:42.883Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-3990
Vulnerability from cvelistv5
Published
2016-09-21 18:00
Modified
2024-08-06 00:10
Severity ?
Summary
Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:10:32.027Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "name": "86000",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/86000"
          },
          {
            "name": "RHSA-2016:1547",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2544"
          },
          {
            "name": "[oss-security] 20160412 CVE-2016-3990 : out-of-bounds write in horizontalDifference8() in tiffcp tool",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/04/12/2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "name": "openSUSE-SU-2016:2275",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00039.html"
          },
          {
            "name": "RHSA-2016:1546",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
          },
          {
            "name": "DSA-3762",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3762"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326246"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "name": "86000",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/86000"
        },
        {
          "name": "RHSA-2016:1547",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2544"
        },
        {
          "name": "[oss-security] 20160412 CVE-2016-3990 : out-of-bounds write in horizontalDifference8() in tiffcp tool",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/04/12/2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "name": "openSUSE-SU-2016:2275",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00039.html"
        },
        {
          "name": "RHSA-2016:1546",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
        },
        {
          "name": "DSA-3762",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3762"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326246"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-3990",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "name": "86000",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/86000"
            },
            {
              "name": "RHSA-2016:1547",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2544",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2544"
            },
            {
              "name": "[oss-security] 20160412 CVE-2016-3990 : out-of-bounds write in horizontalDifference8() in tiffcp tool",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/04/12/2"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "openSUSE-SU-2016:2275",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00039.html"
            },
            {
              "name": "RHSA-2016:1546",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
            },
            {
              "name": "DSA-3762",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3762"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1326246",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326246"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-3990",
    "datePublished": "2016-09-21T18:00:00",
    "dateReserved": "2016-04-08T00:00:00",
    "dateUpdated": "2024-08-06T00:10:32.027Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-3597
Vulnerability from cvelistv5
Published
2022-10-21 00:00
Modified
2024-08-03 01:14
Summary
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
Impacted products
libtifflibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:14:01.975Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/413"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3597.json"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230110-0001/"
          },
          {
            "name": "[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
          },
          {
            "name": "DSA-5333",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5333"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "libtiff",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c=4.4.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "wangdw.augustus@gmail.com"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bounds read in libtiff",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-30T00:00:00",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/413"
        },
        {
          "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3597.json"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230110-0001/"
        },
        {
          "name": "[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
        },
        {
          "name": "DSA-5333",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5333"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2022-3597",
    "datePublished": "2022-10-21T00:00:00",
    "dateReserved": "2022-10-19T00:00:00",
    "dateUpdated": "2024-08-03T01:14:01.975Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-3624
Vulnerability from cvelistv5
Published
2016-10-03 16:00
Modified
2024-08-06 00:03
Severity ?
Summary
The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the "-v" option to -1.
References
http://www.openwall.com/lists/oss-security/2016/04/08/4mailing-list, x_refsource_MLIST
https://security.gentoo.org/glsa/201701-16vendor-advisory, x_refsource_GENTOO
http://www.securityfocus.com/bid/85956vdb-entry, x_refsource_BID
http://bugzilla.maptools.org/show_bug.cgi?id=2568x_refsource_MISC
http://www.debian.org/security/2017/dsa-3762vendor-advisory, x_refsource_DEBIAN
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:03:34.095Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20160408 CVE-2016-3624 libtiff: Out-of-bounds Write in the rgb2ycbcr tool",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/04/08/4"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "name": "85956",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/85956"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2568"
          },
          {
            "name": "DSA-3762",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3762"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the \"-v\" option to -1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-03T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[oss-security] 20160408 CVE-2016-3624 libtiff: Out-of-bounds Write in the rgb2ycbcr tool",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/04/08/4"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "name": "85956",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/85956"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2568"
        },
        {
          "name": "DSA-3762",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3762"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-3624",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the \"-v\" option to -1."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20160408 CVE-2016-3624 libtiff: Out-of-bounds Write in the rgb2ycbcr tool",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/04/08/4"
            },
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "85956",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/85956"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2568",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2568"
            },
            {
              "name": "DSA-3762",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3762"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-3624",
    "datePublished": "2016-10-03T16:00:00",
    "dateReserved": "2016-03-21T00:00:00",
    "dateUpdated": "2024-08-06T00:03:34.095Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-5317
Vulnerability from cvelistv5
Published
2017-01-20 15:00
Modified
2024-08-06 01:01
Severity ?
Summary
Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file.
References
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:01:00.165Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "91208",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91208"
          },
          {
            "name": "openSUSE-SU-2016:2321",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00060.html"
          },
          {
            "name": "[oss-security] 20160614 CVE-2016-5317: GNOME nautilus: crash occurs when generating a thumbnail for a crafted TIFF image",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/15/10"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "name": "openSUSE-SU-2016:1889",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00087.html"
          },
          {
            "name": "[oss-security] 20160615 CVE-2016-5317: GNOME nautilus: crash occurs when generating a thumbnail for a crafted TIFF image",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/15/5"
          },
          {
            "name": "openSUSE-SU-2016:2375",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00090.html"
          },
          {
            "name": "DSA-3762",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3762"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-06-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-03T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "91208",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91208"
        },
        {
          "name": "openSUSE-SU-2016:2321",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00060.html"
        },
        {
          "name": "[oss-security] 20160614 CVE-2016-5317: GNOME nautilus: crash occurs when generating a thumbnail for a crafted TIFF image",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/15/10"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "name": "openSUSE-SU-2016:1889",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00087.html"
        },
        {
          "name": "[oss-security] 20160615 CVE-2016-5317: GNOME nautilus: crash occurs when generating a thumbnail for a crafted TIFF image",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/15/5"
        },
        {
          "name": "openSUSE-SU-2016:2375",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00090.html"
        },
        {
          "name": "DSA-3762",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3762"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-5317",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "91208",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91208"
            },
            {
              "name": "openSUSE-SU-2016:2321",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00060.html"
            },
            {
              "name": "[oss-security] 20160614 CVE-2016-5317: GNOME nautilus: crash occurs when generating a thumbnail for a crafted TIFF image",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/06/15/10"
            },
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "openSUSE-SU-2016:1889",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00087.html"
            },
            {
              "name": "[oss-security] 20160615 CVE-2016-5317: GNOME nautilus: crash occurs when generating a thumbnail for a crafted TIFF image",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/06/15/5"
            },
            {
              "name": "openSUSE-SU-2016:2375",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00090.html"
            },
            {
              "name": "DSA-3762",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3762"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-5317",
    "datePublished": "2017-01-20T15:00:00",
    "dateReserved": "2016-06-06T00:00:00",
    "dateUpdated": "2024-08-06T01:01:00.165Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-0799
Vulnerability from cvelistv5
Published
2023-02-13 00:00
Modified
2024-08-02 05:24
Summary
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
Impacted products
libtifflibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:24:34.278Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/494"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0799.json"
          },
          {
            "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"
          },
          {
            "name": "DSA-5361",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5361"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230316-0003/"
          },
          {
            "name": "GLSA-202305-31",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-31"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "libtiff",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c=4.4.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "wangdw.augustus@gmail.com"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bounds read in libtiff",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-30T00:00:00",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/494"
        },
        {
          "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0799.json"
        },
        {
          "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"
        },
        {
          "name": "DSA-5361",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5361"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230316-0003/"
        },
        {
          "name": "GLSA-202305-31",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202305-31"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2023-0799",
    "datePublished": "2023-02-13T00:00:00",
    "dateReserved": "2023-02-12T00:00:00",
    "dateUpdated": "2024-08-02T05:24:34.278Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-1308
Vulnerability from cvelistv5
Published
2004-12-22 05:00
Modified
2024-08-08 00:46
Severity ?
Summary
Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow.
References
http://www.redhat.com/support/errata/RHSA-2005-019.htmlvendor-advisory, x_refsource_REDHAT
https://exchange.xforce.ibmcloud.com/vulnerabilities/18637vdb-entry, x_refsource_XF
http://www.debian.org/security/2004/dsa-617vendor-advisory, x_refsource_DEBIAN
http://www.us-cert.gov/cas/techalerts/TA05-136A.htmlthird-party-advisory, x_refsource_CERT
http://www.novell.com/linux/security/advisories/2005_01_libtiff_tiff.htmlvendor-advisory, x_refsource_SUSE
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1vendor-advisory, x_refsource_SUNALERT
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1vendor-advisory, x_refsource_SUNALERT
http://lists.apple.com/archives/security-announce/2005/May/msg00001.htmlvendor-advisory, x_refsource_APPLE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9392vdb-entry, signature, x_refsource_OVAL
http://www.mandriva.com/security/advisories?name=MDKSA-2005:052vendor-advisory, x_refsource_MANDRAKE
http://www.idefense.com/application/poi/display?id=174&type=vulnerabilitiesthird-party-advisory, x_refsource_IDEFENSE
http://www.kb.cert.org/vuls/id/125598third-party-advisory, x_refsource_CERT-VN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100117vdb-entry, signature, x_refsource_OVAL
http://www.redhat.com/support/errata/RHSA-2005-035.htmlvendor-advisory, x_refsource_REDHAT
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000920vendor-advisory, x_refsource_CONECTIVA
http://secunia.com/advisories/13776third-party-advisory, x_refsource_SECUNIA
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:46:12.421Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2005:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-019.html"
          },
          {
            "name": "libtiff-tiff-tdircount-bo(18637)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18637"
          },
          {
            "name": "DSA-617",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2004/dsa-617"
          },
          {
            "name": "TA05-136A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html"
          },
          {
            "name": "SUSE-SA:2005:001",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2005_01_libtiff_tiff.html"
          },
          {
            "name": "201072",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1"
          },
          {
            "name": "101677",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1"
          },
          {
            "name": "APPLE-SA-2005-05-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html"
          },
          {
            "name": "oval:org.mitre.oval:def:9392",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9392"
          },
          {
            "name": "MDKSA-2005:052",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:052"
          },
          {
            "name": "20041221 libtiff Directory Entry Count Integer Overflow Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://www.idefense.com/application/poi/display?id=174\u0026type=vulnerabilities"
          },
          {
            "name": "VU#125598",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/125598"
          },
          {
            "name": "oval:org.mitre.oval:def:100117",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100117"
          },
          {
            "name": "RHSA-2005:035",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-035.html"
          },
          {
            "name": "CLA-2005:920",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000920"
          },
          {
            "name": "13776",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/13776"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-12-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2005:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-019.html"
        },
        {
          "name": "libtiff-tiff-tdircount-bo(18637)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18637"
        },
        {
          "name": "DSA-617",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2004/dsa-617"
        },
        {
          "name": "TA05-136A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html"
        },
        {
          "name": "SUSE-SA:2005:001",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2005_01_libtiff_tiff.html"
        },
        {
          "name": "201072",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1"
        },
        {
          "name": "101677",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1"
        },
        {
          "name": "APPLE-SA-2005-05-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html"
        },
        {
          "name": "oval:org.mitre.oval:def:9392",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9392"
        },
        {
          "name": "MDKSA-2005:052",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:052"
        },
        {
          "name": "20041221 libtiff Directory Entry Count Integer Overflow Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://www.idefense.com/application/poi/display?id=174\u0026type=vulnerabilities"
        },
        {
          "name": "VU#125598",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/125598"
        },
        {
          "name": "oval:org.mitre.oval:def:100117",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100117"
        },
        {
          "name": "RHSA-2005:035",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-035.html"
        },
        {
          "name": "CLA-2005:920",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000920"
        },
        {
          "name": "13776",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/13776"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-1308",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2005:019",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2005-019.html"
            },
            {
              "name": "libtiff-tiff-tdircount-bo(18637)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18637"
            },
            {
              "name": "DSA-617",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2004/dsa-617"
            },
            {
              "name": "TA05-136A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html"
            },
            {
              "name": "SUSE-SA:2005:001",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2005_01_libtiff_tiff.html"
            },
            {
              "name": "201072",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1"
            },
            {
              "name": "101677",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1"
            },
            {
              "name": "APPLE-SA-2005-05-03",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html"
            },
            {
              "name": "oval:org.mitre.oval:def:9392",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9392"
            },
            {
              "name": "MDKSA-2005:052",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:052"
            },
            {
              "name": "20041221 libtiff Directory Entry Count Integer Overflow Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://www.idefense.com/application/poi/display?id=174\u0026type=vulnerabilities"
            },
            {
              "name": "VU#125598",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/125598"
            },
            {
              "name": "oval:org.mitre.oval:def:100117",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100117"
            },
            {
              "name": "RHSA-2005:035",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2005-035.html"
            },
            {
              "name": "CLA-2005:920",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000920"
            },
            {
              "name": "13776",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/13776"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-1308",
    "datePublished": "2004-12-22T05:00:00",
    "dateReserved": "2004-12-21T00:00:00",
    "dateUpdated": "2024-08-08T00:46:12.421Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-2120
Vulnerability from cvelistv5
Published
2006-05-01 22:00
Modified
2024-08-07 17:35
Severity ?
Summary
The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read.
References
http://secunia.com/advisories/20210third-party-advisory, x_refsource_SECUNIA
http://bugzilla.remotesensing.org/show_bug.cgi?id=1065x_refsource_CONFIRM
http://secunia.com/advisories/19949third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/17809vdb-entry, x_refsource_BID
https://usn.ubuntu.com/277-1/vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/20667third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/19936third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/19964third-party-advisory, x_refsource_SECUNIA
http://www.trustix.org/errata/2006/0024vendor-advisory, x_refsource_TRUSTIX
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189974x_refsource_CONFIRM
http://secunia.com/advisories/20330third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2006/dsa-1078vendor-advisory, x_refsource_DEBIAN
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.ascvendor-advisory, x_refsource_SGI
http://support.avaya.com/elmodocs2/security/ASA-2006-119.htmx_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2006-0425.htmlvendor-advisory, x_refsource_REDHAT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9572vdb-entry, signature, x_refsource_OVAL
http://www.mandriva.com/security/advisories?name=MDKSA-2006:082vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/20023third-party-advisory, x_refsource_SECUNIA
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:35:31.420Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20210"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1065"
          },
          {
            "name": "19949",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19949"
          },
          {
            "name": "17809",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/17809"
          },
          {
            "name": "USN-277-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/277-1/"
          },
          {
            "name": "20667",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20667"
          },
          {
            "name": "19936",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19936"
          },
          {
            "name": "19964",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19964"
          },
          {
            "name": "2006-0024",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://www.trustix.org/errata/2006/0024"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189974"
          },
          {
            "name": "20330",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20330"
          },
          {
            "name": "DSA-1078",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1078"
          },
          {
            "name": "20060501-01-U",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm"
          },
          {
            "name": "RHSA-2006:0425",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0425.html"
          },
          {
            "name": "oval:org.mitre.oval:def:9572",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9572"
          },
          {
            "name": "MDKSA-2006:082",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:082"
          },
          {
            "name": "20023",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20023"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-04-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-03T20:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "20210",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20210"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1065"
        },
        {
          "name": "19949",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19949"
        },
        {
          "name": "17809",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/17809"
        },
        {
          "name": "USN-277-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/277-1/"
        },
        {
          "name": "20667",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20667"
        },
        {
          "name": "19936",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19936"
        },
        {
          "name": "19964",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19964"
        },
        {
          "name": "2006-0024",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://www.trustix.org/errata/2006/0024"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189974"
        },
        {
          "name": "20330",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20330"
        },
        {
          "name": "DSA-1078",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1078"
        },
        {
          "name": "20060501-01-U",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm"
        },
        {
          "name": "RHSA-2006:0425",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0425.html"
        },
        {
          "name": "oval:org.mitre.oval:def:9572",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9572"
        },
        {
          "name": "MDKSA-2006:082",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:082"
        },
        {
          "name": "20023",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20023"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2006-2120",
    "datePublished": "2006-05-01T22:00:00",
    "dateReserved": "2006-05-01T00:00:00",
    "dateUpdated": "2024-08-07T17:35:31.420Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-4447
Vulnerability from cvelistv5
Published
2012-10-28 15:00
Modified
2024-08-06 20:35
Severity ?
Summary
Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format.
References
http://secunia.com/advisories/51049third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2012/dsa-2561vendor-advisory, x_refsource_DEBIAN
http://www.openwall.com/lists/oss-security/2012/09/25/9mailing-list, x_refsource_MLIST
http://www.ubuntu.com/usn/USN-1631-1vendor-advisory, x_refsource_UBUNTU
http://www.remotesensing.org/libtiff/v4.0.3.htmlx_refsource_MISC
http://secunia.com/advisories/49938third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.htmlvendor-advisory, x_refsource_SUSE
http://www.openwall.com/lists/oss-security/2012/09/25/14mailing-list, x_refsource_MLIST
http://www.securityfocus.com/bid/55673vdb-entry, x_refsource_BID
http://rhn.redhat.com/errata/RHSA-2012-1590.htmlvendor-advisory, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=860198x_refsource_MISC
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:35:09.663Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "51049",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51049"
          },
          {
            "name": "DSA-2561",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2561"
          },
          {
            "name": "[oss-security] 20120925 CVE Request: libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/09/25/9"
          },
          {
            "name": "USN-1631-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1631-1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.remotesensing.org/libtiff/v4.0.3.html"
          },
          {
            "name": "49938",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49938"
          },
          {
            "name": "openSUSE-SU-2013:0187",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.html"
          },
          {
            "name": "[oss-security] 20120925 Re: CVE Request: libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/09/25/14"
          },
          {
            "name": "55673",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/55673"
          },
          {
            "name": "RHSA-2012:1590",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1590.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=860198"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-09-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-12-05T10:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "51049",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51049"
        },
        {
          "name": "DSA-2561",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2561"
        },
        {
          "name": "[oss-security] 20120925 CVE Request: libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/09/25/9"
        },
        {
          "name": "USN-1631-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1631-1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.remotesensing.org/libtiff/v4.0.3.html"
        },
        {
          "name": "49938",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49938"
        },
        {
          "name": "openSUSE-SU-2013:0187",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.html"
        },
        {
          "name": "[oss-security] 20120925 Re: CVE Request: libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/09/25/14"
        },
        {
          "name": "55673",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/55673"
        },
        {
          "name": "RHSA-2012:1590",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1590.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=860198"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-4447",
    "datePublished": "2012-10-28T15:00:00",
    "dateReserved": "2012-08-21T00:00:00",
    "dateUpdated": "2024-08-06T20:35:09.663Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-0865
Vulnerability from cvelistv5
Published
2022-03-07 00:00
Modified
2024-08-02 23:40
Summary
Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.
Impacted products
libtifflibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:40:04.554Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/385"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/306"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0865.json"
          },
          {
            "name": "DSA-5108",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5108"
          },
          {
            "name": "FEDORA-2022-e2996202a0",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/"
          },
          {
            "name": "FEDORA-2022-c39720a0ed",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/"
          },
          {
            "name": "GLSA-202210-10",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-10"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20221228-0008/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "libtiff",
          "versions": [
            {
              "status": "affected",
              "version": "=4.3.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "wangdw.augustus@gmail.com"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Reachable assertion in libtiff",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-28T00:00:00",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/385"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/306"
        },
        {
          "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0865.json"
        },
        {
          "name": "DSA-5108",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5108"
        },
        {
          "name": "FEDORA-2022-e2996202a0",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/"
        },
        {
          "name": "FEDORA-2022-c39720a0ed",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/"
        },
        {
          "name": "GLSA-202210-10",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-10"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20221228-0008/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2022-0865",
    "datePublished": "2022-03-07T00:00:00",
    "dateReserved": "2022-03-04T00:00:00",
    "dateUpdated": "2024-08-02T23:40:04.554Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-8683
Vulnerability from cvelistv5
Published
2016-04-13 17:00
Modified
2024-08-06 08:29
Severity ?
Summary
The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:29:20.823Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1035508",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035508"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "name": "RHSA-2016:1547",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "name": "[oss-security] 20151225 Re: CVE request libtiff: out-of-bounds read in CIE Lab image format",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/12/26/1"
          },
          {
            "name": "USN-2939-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2939-1"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "79718",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/79718"
          },
          {
            "name": "RHSA-2016:1546",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
          },
          {
            "name": "[oss-security] 20151225 CVE request libtiff: out-of-bounds read in CIE Lab image format",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/12/25/1"
          },
          {
            "name": "DSA-3467",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3467"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1035508",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035508"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "name": "RHSA-2016:1547",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "name": "[oss-security] 20151225 Re: CVE request libtiff: out-of-bounds read in CIE Lab image format",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/12/26/1"
        },
        {
          "name": "USN-2939-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2939-1"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "name": "79718",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/79718"
        },
        {
          "name": "RHSA-2016:1546",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
        },
        {
          "name": "[oss-security] 20151225 CVE request libtiff: out-of-bounds read in CIE Lab image format",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/12/25/1"
        },
        {
          "name": "DSA-3467",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3467"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8683",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1035508",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035508"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "name": "RHSA-2016:1547",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "[oss-security] 20151225 Re: CVE request libtiff: out-of-bounds read in CIE Lab image format",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/12/26/1"
            },
            {
              "name": "USN-2939-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2939-1"
            },
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "79718",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/79718"
            },
            {
              "name": "RHSA-2016:1546",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
            },
            {
              "name": "[oss-security] 20151225 CVE request libtiff: out-of-bounds read in CIE Lab image format",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/12/25/1"
            },
            {
              "name": "DSA-3467",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3467"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8683",
    "datePublished": "2016-04-13T17:00:00",
    "dateReserved": "2015-12-25T00:00:00",
    "dateUpdated": "2024-08-06T08:29:20.823Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-9448
Vulnerability from cvelistv5
Published
2017-01-27 17:00
Modified
2024-08-06 02:50
Severity ?
Summary
The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting the tags TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII to values that access 0-byte arrays. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9297.
References
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:50:38.368Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2016:3035",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "name": "94420",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94420"
          },
          {
            "name": "[oss-security] 20161118 Re: CVE-2016-9297 LibTIFF regression",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/11/18/15"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2593"
          },
          {
            "name": "DSA-3762",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3762"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-11-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting the tags TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII to values that access 0-byte arrays.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9297."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-03T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "openSUSE-SU-2016:3035",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "name": "94420",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94420"
        },
        {
          "name": "[oss-security] 20161118 Re: CVE-2016-9297 LibTIFF regression",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/11/18/15"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2593"
        },
        {
          "name": "DSA-3762",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3762"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-9448",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting the tags TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII to values that access 0-byte arrays.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9297."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2016:3035",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html"
            },
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "94420",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94420"
            },
            {
              "name": "[oss-security] 20161118 Re: CVE-2016-9297 LibTIFF regression",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/11/18/15"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2593",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2593"
            },
            {
              "name": "DSA-3762",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3762"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-9448",
    "datePublished": "2017-01-27T17:00:00",
    "dateReserved": "2016-11-18T00:00:00",
    "dateUpdated": "2024-08-06T02:50:38.368Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-10963
Vulnerability from cvelistv5
Published
2018-05-10 02:00
Modified
2024-08-05 07:54
Severity ?
Summary
The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726.
References
http://bugzilla.maptools.org/show_bug.cgi?id=2795x_refsource_MISC
https://usn.ubuntu.com/3864-1/vendor-advisory, x_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4349vendor-advisory, x_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2018/07/msg00002.htmlmailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:2053vendor-advisory, x_refsource_REDHAT
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:54:36.220Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2795"
          },
          {
            "name": "USN-3864-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3864-1/"
          },
          {
            "name": "DSA-4349",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4349"
          },
          {
            "name": "[debian-lts-announce] 20180702 [SECURITY] [DLA 1411-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html"
          },
          {
            "name": "RHSA-2019:2053",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2053"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-05-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-06T16:06:33",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2795"
        },
        {
          "name": "USN-3864-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3864-1/"
        },
        {
          "name": "DSA-4349",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4349"
        },
        {
          "name": "[debian-lts-announce] 20180702 [SECURITY] [DLA 1411-1] tiff security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html"
        },
        {
          "name": "RHSA-2019:2053",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2053"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-10963",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2795",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2795"
            },
            {
              "name": "USN-3864-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3864-1/"
            },
            {
              "name": "DSA-4349",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4349"
            },
            {
              "name": "[debian-lts-announce] 20180702 [SECURITY] [DLA 1411-1] tiff security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html"
            },
            {
              "name": "RHSA-2019:2053",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2053"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-10963",
    "datePublished": "2018-05-10T02:00:00",
    "dateReserved": "2018-05-09T00:00:00",
    "dateUpdated": "2024-08-05T07:54:36.220Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-8128
Vulnerability from cvelistv5
Published
2020-02-12 02:15
Modified
2024-08-06 13:10
Severity ?
Summary
LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image.
Impacted products
n/aLibTIFF
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:10:51.039Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2015/01/24/15"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT204941"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT204942"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185812"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "LibTIFF",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "prior to 4.0.4"
            }
          ]
        }
      ],
      "datePublic": "2015-06-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Other",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-12T02:15:44",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://openwall.com/lists/oss-security/2015/01/24/15"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://support.apple.com/kb/HT204941"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://support.apple.com/kb/HT204942"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185812"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-8128",
    "datePublished": "2020-02-12T02:15:44",
    "dateReserved": "2014-10-10T00:00:00",
    "dateUpdated": "2024-08-06T13:10:51.039Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-4645
Vulnerability from cvelistv5
Published
2023-03-03 00:00
Modified
2024-08-03 01:48
Summary
LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.
Impacted products
libtifflibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:48:39.676Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/277"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4645.json"
          },
          {
            "name": "FEDORA-2023-6c1200da3d",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BA6GRCAQ7NR2OK5N44UQRGUJBIYKWJJH/"
          },
          {
            "name": "FEDORA-2023-f5d075f7f2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZTFA6GGOKFPIQNHDBMXYUR4XUXUJESE/"
          },
          {
            "name": "FEDORA-2023-40b675d7ae",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OLM763GGZVVOAXIQXG6YGTYJ5VFYNECQ/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230331-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "libtiff",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c=4.4.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "wangdw.augustus@gmail.com"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bounds read in libtiff",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-31T00:00:00",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/277"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246"
        },
        {
          "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4645.json"
        },
        {
          "name": "FEDORA-2023-6c1200da3d",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BA6GRCAQ7NR2OK5N44UQRGUJBIYKWJJH/"
        },
        {
          "name": "FEDORA-2023-f5d075f7f2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZTFA6GGOKFPIQNHDBMXYUR4XUXUJESE/"
        },
        {
          "name": "FEDORA-2023-40b675d7ae",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OLM763GGZVVOAXIQXG6YGTYJ5VFYNECQ/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230331-0001/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2022-4645",
    "datePublished": "2023-03-03T00:00:00",
    "dateReserved": "2022-12-22T00:00:00",
    "dateUpdated": "2024-08-03T01:48:39.676Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-17973
Vulnerability from cvelistv5
Published
2017-12-29 21:00
Modified
2024-08-05 21:06
Summary
In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2017-17973",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-22T20:05:47.692364Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:11:54.292Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T21:06:49.813Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2769"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.novell.com/show_bug.cgi?id=1074318"
          },
          {
            "name": "102331",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102331"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1530912"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-12-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-11T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2769"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.novell.com/show_bug.cgi?id=1074318"
        },
        {
          "name": "102331",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102331"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1530912"
        }
      ],
      "tags": [
        "disputed"
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-17973",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "** DISPUTED ** In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2769",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2769"
            },
            {
              "name": "https://bugzilla.novell.com/show_bug.cgi?id=1074318",
              "refsource": "MISC",
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=1074318"
            },
            {
              "name": "102331",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102331"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1530912",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1530912"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-17973",
    "datePublished": "2017-12-29T21:00:00",
    "dateReserved": "2017-12-29T00:00:00",
    "dateUpdated": "2024-08-05T21:06:49.813Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-8905
Vulnerability from cvelistv5
Published
2018-03-22 04:00
Modified
2024-08-05 07:10
Severity ?
Summary
In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:10:46.630Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2780"
          },
          {
            "name": "[debian-lts-announce] 20180514 [SECURITY] [DLA 1378-1] tiff3 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00009.html"
          },
          {
            "name": "[debian-lts-announce] 20180514 [SECURITY] [DLA 1377-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00008.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/halfbitteam/POCs/tree/master/libtiff-4.08_tiff2ps_heap_overflow"
          },
          {
            "name": "USN-3864-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3864-1/"
          },
          {
            "name": "DSA-4349",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4349"
          },
          {
            "name": "[debian-lts-announce] 20180702 [SECURITY] [DLA 1411-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/commit/58a898cb4459055bb488ca815c23b880c242a27d"
          },
          {
            "name": "RHSA-2019:2053",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2053"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-03-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-06T16:06:33",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2780"
        },
        {
          "name": "[debian-lts-announce] 20180514 [SECURITY] [DLA 1378-1] tiff3 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00009.html"
        },
        {
          "name": "[debian-lts-announce] 20180514 [SECURITY] [DLA 1377-1] tiff security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00008.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/halfbitteam/POCs/tree/master/libtiff-4.08_tiff2ps_heap_overflow"
        },
        {
          "name": "USN-3864-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3864-1/"
        },
        {
          "name": "DSA-4349",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4349"
        },
        {
          "name": "[debian-lts-announce] 20180702 [SECURITY] [DLA 1411-1] tiff security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://gitlab.com/libtiff/libtiff/commit/58a898cb4459055bb488ca815c23b880c242a27d"
        },
        {
          "name": "RHSA-2019:2053",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2053"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-8905",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2780",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2780"
            },
            {
              "name": "[debian-lts-announce] 20180514 [SECURITY] [DLA 1378-1] tiff3 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00009.html"
            },
            {
              "name": "[debian-lts-announce] 20180514 [SECURITY] [DLA 1377-1] tiff security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00008.html"
            },
            {
              "name": "https://github.com/halfbitteam/POCs/tree/master/libtiff-4.08_tiff2ps_heap_overflow",
              "refsource": "MISC",
              "url": "https://github.com/halfbitteam/POCs/tree/master/libtiff-4.08_tiff2ps_heap_overflow"
            },
            {
              "name": "USN-3864-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3864-1/"
            },
            {
              "name": "DSA-4349",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4349"
            },
            {
              "name": "[debian-lts-announce] 20180702 [SECURITY] [DLA 1411-1] tiff security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html"
            },
            {
              "name": "https://gitlab.com/libtiff/libtiff/commit/58a898cb4459055bb488ca815c23b880c242a27d",
              "refsource": "CONFIRM",
              "url": "https://gitlab.com/libtiff/libtiff/commit/58a898cb4459055bb488ca815c23b880c242a27d"
            },
            {
              "name": "RHSA-2019:2053",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2053"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-8905",
    "datePublished": "2018-03-22T04:00:00",
    "dateReserved": "2018-03-21T00:00:00",
    "dateUpdated": "2024-08-05T07:10:46.630Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-34526
Vulnerability from cvelistv5
Published
2022-07-29 00:00
Modified
2024-08-03 09:15
Severity ?
Summary
A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the "tiffsplit" or "tiffcrop" utilities.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:15:15.727Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/433"
          },
          {
            "name": "FEDORA-2022-83b9a5bf0f",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FC6LWPAEKYJ57LSHX4SBFMLRMLOZTHIJ/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220930-0002/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/486"
          },
          {
            "name": "[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
          },
          {
            "name": "DSA-5333",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5333"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the \"tiffsplit\" or \"tiffcrop\" utilities."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-30T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/433"
        },
        {
          "name": "FEDORA-2022-83b9a5bf0f",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FC6LWPAEKYJ57LSHX4SBFMLRMLOZTHIJ/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220930-0002/"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/486"
        },
        {
          "name": "[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
        },
        {
          "name": "DSA-5333",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5333"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-34526",
    "datePublished": "2022-07-29T00:00:00",
    "dateReserved": "2022-06-26T00:00:00",
    "dateUpdated": "2024-08-03T09:15:15.727Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-9147
Vulnerability from cvelistv5
Published
2017-05-22 18:00
Modified
2024-08-05 16:55
Severity ?
Summary
LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file.
References
https://usn.ubuntu.com/3606-1/vendor-advisory, x_refsource_UBUNTU
http://bugzilla.maptools.org/show_bug.cgi?id=2693x_refsource_MISC
https://www.exploit-db.com/exploits/42301/exploit, x_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/98594vdb-entry, x_refsource_BID
http://www.debian.org/security/2017/dsa-3903vendor-advisory, x_refsource_DEBIAN
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:55:22.365Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3606-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3606-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2693"
          },
          {
            "name": "42301",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/42301/"
          },
          {
            "name": "98594",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98594"
          },
          {
            "name": "DSA-3903",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3903"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-05-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-27T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3606-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3606-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2693"
        },
        {
          "name": "42301",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/42301/"
        },
        {
          "name": "98594",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98594"
        },
        {
          "name": "DSA-3903",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3903"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-9147",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3606-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3606-1/"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2693",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2693"
            },
            {
              "name": "42301",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/42301/"
            },
            {
              "name": "98594",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98594"
            },
            {
              "name": "DSA-3903",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3903"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-9147",
    "datePublished": "2017-05-22T18:00:00",
    "dateReserved": "2017-05-22T00:00:00",
    "dateUpdated": "2024-08-05T16:55:22.365Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-3945
Vulnerability from cvelistv5
Published
2016-09-21 18:00
Modified
2024-08-06 00:10
Severity ?
Summary
Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:10:31.904Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "name": "[oss-security] 20160408 CVE-2016-3945 libtiff: Out-of-bounds Write in the tiff2rgba tool",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/04/08/6"
          },
          {
            "name": "RHSA-2016:1547",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1325093"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "name": "openSUSE-SU-2016:2275",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00039.html"
          },
          {
            "name": "RHSA-2016:1546",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
          },
          {
            "name": "85960",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/85960"
          },
          {
            "name": "DSA-3762",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3762"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2545"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "name": "[oss-security] 20160408 CVE-2016-3945 libtiff: Out-of-bounds Write in the tiff2rgba tool",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/04/08/6"
        },
        {
          "name": "RHSA-2016:1547",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1325093"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "name": "openSUSE-SU-2016:2275",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00039.html"
        },
        {
          "name": "RHSA-2016:1546",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
        },
        {
          "name": "85960",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/85960"
        },
        {
          "name": "DSA-3762",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3762"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2545"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-3945",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "name": "[oss-security] 20160408 CVE-2016-3945 libtiff: Out-of-bounds Write in the tiff2rgba tool",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/04/08/6"
            },
            {
              "name": "RHSA-2016:1547",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1325093",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1325093"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "openSUSE-SU-2016:2275",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00039.html"
            },
            {
              "name": "RHSA-2016:1546",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
            },
            {
              "name": "85960",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/85960"
            },
            {
              "name": "DSA-3762",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3762"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2545",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2545"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-3945",
    "datePublished": "2016-09-21T18:00:00",
    "dateReserved": "2016-04-01T00:00:00",
    "dateUpdated": "2024-08-06T00:10:31.904Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-0802
Vulnerability from cvelistv5
Published
2023-02-13 00:00
Modified
2024-08-02 05:24
Summary
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
Impacted products
libtifflibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:24:34.508Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/500"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0802.json"
          },
          {
            "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"
          },
          {
            "name": "DSA-5361",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5361"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230316-0002/"
          },
          {
            "name": "GLSA-202305-31",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-31"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "libtiff",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c=4.4.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "wangdw.augustus@gmail.com"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bounds write in libtiff",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-30T00:00:00",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/500"
        },
        {
          "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0802.json"
        },
        {
          "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"
        },
        {
          "name": "DSA-5361",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5361"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230316-0002/"
        },
        {
          "name": "GLSA-202305-31",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202305-31"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2023-0802",
    "datePublished": "2023-02-13T00:00:00",
    "dateReserved": "2023-02-12T00:00:00",
    "dateUpdated": "2024-08-02T05:24:34.508Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-4244
Vulnerability from cvelistv5
Published
2013-09-28 19:00
Modified
2024-08-06 16:38
Severity ?
Summary
The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:38:01.735Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2014:0223",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0223.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/vadz/libtiff/commit/ce6841d9e41d621ba23cf18b190ee6a23b2cc833"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2452"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=996468"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-08-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-03-04T15:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2014:0223",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0223.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vadz/libtiff/commit/ce6841d9e41d621ba23cf18b190ee6a23b2cc833"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2452"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=996468"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4244",
    "datePublished": "2013-09-28T19:00:00",
    "dateReserved": "2013-06-12T00:00:00",
    "dateUpdated": "2024-08-06T16:38:01.735Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-2868
Vulnerability from cvelistv5
Published
2022-08-17 00:00
Modified
2024-08-03 00:52
Severity ?
Summary
libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop.
Impacted products
n/alibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:52:59.323Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118863"
          },
          {
            "name": "[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
          },
          {
            "name": "DSA-5333",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5333"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "libtiff 4.4.0rc1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "libtiff\u0027s tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20-\u003eCWE-125",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-30T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118863"
        },
        {
          "name": "[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
        },
        {
          "name": "DSA-5333",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5333"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-2868",
    "datePublished": "2022-08-17T00:00:00",
    "dateReserved": "2022-08-16T00:00:00",
    "dateUpdated": "2024-08-03T00:52:59.323Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-2596
Vulnerability from cvelistv5
Published
2010-07-01 18:00
Modified
2024-08-07 02:39
Severity ?
Summary
The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2, as used in tiff2ps, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF image, related to "downsampled OJPEG input."
References
http://marc.info/?l=oss-security&m=127731610612908&w=2mailing-list, x_refsource_MLIST
http://bugzilla.maptools.org/show_bug.cgi?id=2209x_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-201209-02.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/40422third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/50726third-party-advisory, x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=583081x_refsource_CONFIRM
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:39:37.528Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20100623 CVE requests: LibTIFF",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=127731610612908\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2209"
          },
          {
            "name": "GLSA-201209-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
          },
          {
            "name": "40422",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40422"
          },
          {
            "name": "50726",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50726"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=583081"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-06-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2, as used in tiff2ps, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF image, related to \"downsampled OJPEG input.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-07-08T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[oss-security] 20100623 CVE requests: LibTIFF",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=127731610612908\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2209"
        },
        {
          "name": "GLSA-201209-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
        },
        {
          "name": "40422",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40422"
        },
        {
          "name": "50726",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50726"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=583081"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-2596",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2, as used in tiff2ps, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF image, related to \"downsampled OJPEG input.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20100623 CVE requests: LibTIFF",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=oss-security\u0026m=127731610612908\u0026w=2"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2209",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2209"
            },
            {
              "name": "GLSA-201209-02",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
            },
            {
              "name": "40422",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40422"
            },
            {
              "name": "50726",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50726"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=583081",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=583081"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-2596",
    "datePublished": "2010-07-01T18:00:00",
    "dateReserved": "2010-07-01T00:00:00",
    "dateUpdated": "2024-08-07T02:39:37.528Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-3459
Vulnerability from cvelistv5
Published
2006-08-03 01:00
Modified
2024-08-07 18:30
Severity ?
Summary
Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c.
References
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-Pvendor-advisory, x_refsource_SGI
http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.htmlvendor-advisory, x_refsource_APPLE
http://www.vupen.com/english/advisories/2007/3486vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/21501third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:136vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/21537third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21632third-party-advisory, x_refsource_SECUNIA
http://www.gentoo.org/security/en/glsa/glsa-200608-07.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/21338third-party-advisory, x_refsource_SECUNIA
http://www.ubuntu.com/usn/usn-330-1vendor-advisory, x_refsource_UBUNTU
http://support.avaya.com/elmodocs2/security/ASA-2006-166.htmx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2006/3101vdb-entry, x_refsource_VUPEN
http://securitytracker.com/id?1016628vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/21253third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2006/dsa-1137vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/21370third-party-advisory, x_refsource_SECUNIA
http://securitytracker.com/id?1016671vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/21598third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2006-0648.htmlvendor-advisory, x_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDKSA-2006:137vendor-advisory, x_refsource_MANDRIVA
http://www.securityfocus.com/bid/19289vdb-entry, x_refsource_BID
http://secunia.com/advisories/27222third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/4034vdb-entry, x_refsource_VUPEN
http://www.us-cert.gov/cas/techalerts/TA06-214A.htmlthird-party-advisory, x_refsource_CERT
http://www.novell.com/linux/security/advisories/2006_44_libtiff.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/21290third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11497vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/21274third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/3105vdb-entry, x_refsource_VUPEN
http://secunia.com/blog/76x_refsource_MISC
http://secunia.com/advisories/27181third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2006-0603.htmlvendor-advisory, x_refsource_REDHAT
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.ascvendor-advisory, x_refsource_SGI
http://secunia.com/advisories/21304third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/19283vdb-entry, x_refsource_BID
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600vendor-advisory, x_refsource_SLACKWARE
https://issues.rpath.com/browse/RPL-558x_refsource_CONFIRM
http://secunia.com/advisories/27832third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21346third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1vendor-advisory, x_refsource_SUNALERT
http://secunia.com/advisories/21319third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21392third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21334third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22036third-party-advisory, x_refsource_SECUNIA
http://www.osvdb.org/27723vdb-entry, x_refsource_OSVDB
http://lwn.net/Alerts/194228/vendor-advisory, x_refsource_TRUSTIX
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1vendor-advisory, x_refsource_SUNALERT
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:30:33.954Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20060801-01-P",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"
          },
          {
            "name": "APPLE-SA-2006-08-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
          },
          {
            "name": "ADV-2007-3486",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3486"
          },
          {
            "name": "21501",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21501"
          },
          {
            "name": "MDKSA-2006:136",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:136"
          },
          {
            "name": "21537",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21537"
          },
          {
            "name": "21632",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21632"
          },
          {
            "name": "GLSA-200608-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml"
          },
          {
            "name": "21338",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21338"
          },
          {
            "name": "USN-330-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-330-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm"
          },
          {
            "name": "ADV-2006-3101",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3101"
          },
          {
            "name": "1016628",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016628"
          },
          {
            "name": "21253",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21253"
          },
          {
            "name": "DSA-1137",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1137"
          },
          {
            "name": "21370",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21370"
          },
          {
            "name": "1016671",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016671"
          },
          {
            "name": "21598",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21598"
          },
          {
            "name": "RHSA-2006:0648",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0648.html"
          },
          {
            "name": "MDKSA-2006:137",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:137"
          },
          {
            "name": "19289",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19289"
          },
          {
            "name": "27222",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27222"
          },
          {
            "name": "ADV-2007-4034",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4034"
          },
          {
            "name": "TA06-214A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
          },
          {
            "name": "SUSE-SA:2006:044",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_44_libtiff.html"
          },
          {
            "name": "21290",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21290"
          },
          {
            "name": "oval:org.mitre.oval:def:11497",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11497"
          },
          {
            "name": "21274",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21274"
          },
          {
            "name": "ADV-2006-3105",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3105"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/blog/76"
          },
          {
            "name": "27181",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27181"
          },
          {
            "name": "RHSA-2006:0603",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0603.html"
          },
          {
            "name": "20060901-01-P",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
          },
          {
            "name": "21304",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21304"
          },
          {
            "name": "19283",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19283"
          },
          {
            "name": "SSA:2006-230-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.536600"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-558"
          },
          {
            "name": "27832",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27832"
          },
          {
            "name": "21346",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21346"
          },
          {
            "name": "201331",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1"
          },
          {
            "name": "21319",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21319"
          },
          {
            "name": "21392",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21392"
          },
          {
            "name": "21334",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21334"
          },
          {
            "name": "22036",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22036"
          },
          {
            "name": "27723",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/27723"
          },
          {
            "name": "2006-0044",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://lwn.net/Alerts/194228/"
          },
          {
            "name": "103160",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-08-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "20060801-01-P",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"
        },
        {
          "name": "APPLE-SA-2006-08-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
        },
        {
          "name": "ADV-2007-3486",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3486"
        },
        {
          "name": "21501",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21501"
        },
        {
          "name": "MDKSA-2006:136",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:136"
        },
        {
          "name": "21537",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21537"
        },
        {
          "name": "21632",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21632"
        },
        {
          "name": "GLSA-200608-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml"
        },
        {
          "name": "21338",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21338"
        },
        {
          "name": "USN-330-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-330-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm"
        },
        {
          "name": "ADV-2006-3101",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3101"
        },
        {
          "name": "1016628",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016628"
        },
        {
          "name": "21253",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21253"
        },
        {
          "name": "DSA-1137",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1137"
        },
        {
          "name": "21370",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21370"
        },
        {
          "name": "1016671",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016671"
        },
        {
          "name": "21598",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21598"
        },
        {
          "name": "RHSA-2006:0648",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0648.html"
        },
        {
          "name": "MDKSA-2006:137",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:137"
        },
        {
          "name": "19289",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19289"
        },
        {
          "name": "27222",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27222"
        },
        {
          "name": "ADV-2007-4034",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4034"
        },
        {
          "name": "TA06-214A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
        },
        {
          "name": "SUSE-SA:2006:044",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_44_libtiff.html"
        },
        {
          "name": "21290",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21290"
        },
        {
          "name": "oval:org.mitre.oval:def:11497",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11497"
        },
        {
          "name": "21274",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21274"
        },
        {
          "name": "ADV-2006-3105",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3105"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/blog/76"
        },
        {
          "name": "27181",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27181"
        },
        {
          "name": "RHSA-2006:0603",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0603.html"
        },
        {
          "name": "20060901-01-P",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
        },
        {
          "name": "21304",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21304"
        },
        {
          "name": "19283",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19283"
        },
        {
          "name": "SSA:2006-230-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.536600"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-558"
        },
        {
          "name": "27832",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27832"
        },
        {
          "name": "21346",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21346"
        },
        {
          "name": "201331",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1"
        },
        {
          "name": "21319",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21319"
        },
        {
          "name": "21392",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21392"
        },
        {
          "name": "21334",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21334"
        },
        {
          "name": "22036",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22036"
        },
        {
          "name": "27723",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/27723"
        },
        {
          "name": "2006-0044",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://lwn.net/Alerts/194228/"
        },
        {
          "name": "103160",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2006-3459",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20060801-01-P",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"
            },
            {
              "name": "APPLE-SA-2006-08-01",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
            },
            {
              "name": "ADV-2007-3486",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3486"
            },
            {
              "name": "21501",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21501"
            },
            {
              "name": "MDKSA-2006:136",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:136"
            },
            {
              "name": "21537",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21537"
            },
            {
              "name": "21632",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21632"
            },
            {
              "name": "GLSA-200608-07",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml"
            },
            {
              "name": "21338",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21338"
            },
            {
              "name": "USN-330-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-330-1"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm"
            },
            {
              "name": "ADV-2006-3101",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3101"
            },
            {
              "name": "1016628",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016628"
            },
            {
              "name": "21253",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21253"
            },
            {
              "name": "DSA-1137",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1137"
            },
            {
              "name": "21370",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21370"
            },
            {
              "name": "1016671",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016671"
            },
            {
              "name": "21598",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21598"
            },
            {
              "name": "RHSA-2006:0648",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0648.html"
            },
            {
              "name": "MDKSA-2006:137",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:137"
            },
            {
              "name": "19289",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19289"
            },
            {
              "name": "27222",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27222"
            },
            {
              "name": "ADV-2007-4034",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4034"
            },
            {
              "name": "TA06-214A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
            },
            {
              "name": "SUSE-SA:2006:044",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2006_44_libtiff.html"
            },
            {
              "name": "21290",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21290"
            },
            {
              "name": "oval:org.mitre.oval:def:11497",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11497"
            },
            {
              "name": "21274",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21274"
            },
            {
              "name": "ADV-2006-3105",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3105"
            },
            {
              "name": "http://secunia.com/blog/76",
              "refsource": "MISC",
              "url": "http://secunia.com/blog/76"
            },
            {
              "name": "27181",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27181"
            },
            {
              "name": "RHSA-2006:0603",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0603.html"
            },
            {
              "name": "20060901-01-P",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
            },
            {
              "name": "21304",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21304"
            },
            {
              "name": "19283",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19283"
            },
            {
              "name": "SSA:2006-230-01",
              "refsource": "SLACKWARE",
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.536600"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-558",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-558"
            },
            {
              "name": "27832",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27832"
            },
            {
              "name": "21346",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21346"
            },
            {
              "name": "201331",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1"
            },
            {
              "name": "21319",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21319"
            },
            {
              "name": "21392",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21392"
            },
            {
              "name": "21334",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21334"
            },
            {
              "name": "22036",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22036"
            },
            {
              "name": "27723",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/27723"
            },
            {
              "name": "2006-0044",
              "refsource": "TRUSTIX",
              "url": "http://lwn.net/Alerts/194228/"
            },
            {
              "name": "103160",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2006-3459",
    "datePublished": "2006-08-03T01:00:00",
    "dateReserved": "2006-07-10T00:00:00",
    "dateUpdated": "2024-08-07T18:30:33.954Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-3460
Vulnerability from cvelistv5
Published
2006-08-03 01:00
Modified
2024-08-07 18:30
Severity ?
Summary
Heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an encoded JPEG stream that is longer than the scan line size (TiffScanLineSize).
References
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-Pvendor-advisory, x_refsource_SGI
http://www.vupen.com/english/advisories/2007/3486vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/21501third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:136vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/21537third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21632third-party-advisory, x_refsource_SECUNIA
http://www.gentoo.org/security/en/glsa/glsa-200608-07.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/21338third-party-advisory, x_refsource_SECUNIA
http://www.ubuntu.com/usn/usn-330-1vendor-advisory, x_refsource_UBUNTU
http://support.avaya.com/elmodocs2/security/ASA-2006-166.htmx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2006/3101vdb-entry, x_refsource_VUPEN
http://securitytracker.com/id?1016628vdb-entry, x_refsource_SECTRACK
http://www.debian.org/security/2006/dsa-1137vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/21370third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21598third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2006-0648.htmlvendor-advisory, x_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDKSA-2006:137vendor-advisory, x_refsource_MANDRIVA
http://www.securityfocus.com/bid/19289vdb-entry, x_refsource_BID
http://secunia.com/advisories/27222third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/4034vdb-entry, x_refsource_VUPEN
http://www.novell.com/linux/security/advisories/2006_44_libtiff.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/21290third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21274third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/3105vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/27181third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2006-0603.htmlvendor-advisory, x_refsource_REDHAT
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.ascvendor-advisory, x_refsource_SGI
http://secunia.com/advisories/21304third-party-advisory, x_refsource_SECUNIA
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600vendor-advisory, x_refsource_SLACKWARE
https://issues.rpath.com/browse/RPL-558x_refsource_CONFIRM
http://secunia.com/advisories/27832third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21346third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1vendor-advisory, x_refsource_SUNALERT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11265vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/21319third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21392third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21334third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/19288vdb-entry, x_refsource_BID
http://secunia.com/advisories/22036third-party-advisory, x_refsource_SECUNIA
http://lwn.net/Alerts/194228/vendor-advisory, x_refsource_TRUSTIX
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1vendor-advisory, x_refsource_SUNALERT
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:30:33.586Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20060801-01-P",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"
          },
          {
            "name": "ADV-2007-3486",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3486"
          },
          {
            "name": "21501",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21501"
          },
          {
            "name": "MDKSA-2006:136",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:136"
          },
          {
            "name": "21537",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21537"
          },
          {
            "name": "21632",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21632"
          },
          {
            "name": "GLSA-200608-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml"
          },
          {
            "name": "21338",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21338"
          },
          {
            "name": "USN-330-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-330-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm"
          },
          {
            "name": "ADV-2006-3101",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3101"
          },
          {
            "name": "1016628",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016628"
          },
          {
            "name": "DSA-1137",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1137"
          },
          {
            "name": "21370",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21370"
          },
          {
            "name": "21598",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21598"
          },
          {
            "name": "RHSA-2006:0648",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0648.html"
          },
          {
            "name": "MDKSA-2006:137",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:137"
          },
          {
            "name": "19289",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19289"
          },
          {
            "name": "27222",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27222"
          },
          {
            "name": "ADV-2007-4034",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4034"
          },
          {
            "name": "SUSE-SA:2006:044",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_44_libtiff.html"
          },
          {
            "name": "21290",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21290"
          },
          {
            "name": "21274",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21274"
          },
          {
            "name": "ADV-2006-3105",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3105"
          },
          {
            "name": "27181",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27181"
          },
          {
            "name": "RHSA-2006:0603",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0603.html"
          },
          {
            "name": "20060901-01-P",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
          },
          {
            "name": "21304",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21304"
          },
          {
            "name": "SSA:2006-230-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.536600"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-558"
          },
          {
            "name": "27832",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27832"
          },
          {
            "name": "21346",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21346"
          },
          {
            "name": "201331",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1"
          },
          {
            "name": "oval:org.mitre.oval:def:11265",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11265"
          },
          {
            "name": "21319",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21319"
          },
          {
            "name": "21392",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21392"
          },
          {
            "name": "21334",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21334"
          },
          {
            "name": "19288",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19288"
          },
          {
            "name": "22036",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22036"
          },
          {
            "name": "2006-0044",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://lwn.net/Alerts/194228/"
          },
          {
            "name": "103160",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-08-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an encoded JPEG stream that is longer than the scan line size (TiffScanLineSize)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "20060801-01-P",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"
        },
        {
          "name": "ADV-2007-3486",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3486"
        },
        {
          "name": "21501",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21501"
        },
        {
          "name": "MDKSA-2006:136",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:136"
        },
        {
          "name": "21537",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21537"
        },
        {
          "name": "21632",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21632"
        },
        {
          "name": "GLSA-200608-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml"
        },
        {
          "name": "21338",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21338"
        },
        {
          "name": "USN-330-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-330-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm"
        },
        {
          "name": "ADV-2006-3101",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3101"
        },
        {
          "name": "1016628",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016628"
        },
        {
          "name": "DSA-1137",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1137"
        },
        {
          "name": "21370",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21370"
        },
        {
          "name": "21598",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21598"
        },
        {
          "name": "RHSA-2006:0648",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0648.html"
        },
        {
          "name": "MDKSA-2006:137",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:137"
        },
        {
          "name": "19289",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19289"
        },
        {
          "name": "27222",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27222"
        },
        {
          "name": "ADV-2007-4034",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4034"
        },
        {
          "name": "SUSE-SA:2006:044",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_44_libtiff.html"
        },
        {
          "name": "21290",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21290"
        },
        {
          "name": "21274",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21274"
        },
        {
          "name": "ADV-2006-3105",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3105"
        },
        {
          "name": "27181",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27181"
        },
        {
          "name": "RHSA-2006:0603",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0603.html"
        },
        {
          "name": "20060901-01-P",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
        },
        {
          "name": "21304",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21304"
        },
        {
          "name": "SSA:2006-230-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.536600"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-558"
        },
        {
          "name": "27832",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27832"
        },
        {
          "name": "21346",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21346"
        },
        {
          "name": "201331",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1"
        },
        {
          "name": "oval:org.mitre.oval:def:11265",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11265"
        },
        {
          "name": "21319",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21319"
        },
        {
          "name": "21392",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21392"
        },
        {
          "name": "21334",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21334"
        },
        {
          "name": "19288",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19288"
        },
        {
          "name": "22036",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22036"
        },
        {
          "name": "2006-0044",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://lwn.net/Alerts/194228/"
        },
        {
          "name": "103160",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2006-3460",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an encoded JPEG stream that is longer than the scan line size (TiffScanLineSize)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20060801-01-P",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"
            },
            {
              "name": "ADV-2007-3486",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3486"
            },
            {
              "name": "21501",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21501"
            },
            {
              "name": "MDKSA-2006:136",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:136"
            },
            {
              "name": "21537",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21537"
            },
            {
              "name": "21632",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21632"
            },
            {
              "name": "GLSA-200608-07",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml"
            },
            {
              "name": "21338",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21338"
            },
            {
              "name": "USN-330-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-330-1"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm"
            },
            {
              "name": "ADV-2006-3101",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3101"
            },
            {
              "name": "1016628",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016628"
            },
            {
              "name": "DSA-1137",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1137"
            },
            {
              "name": "21370",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21370"
            },
            {
              "name": "21598",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21598"
            },
            {
              "name": "RHSA-2006:0648",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0648.html"
            },
            {
              "name": "MDKSA-2006:137",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:137"
            },
            {
              "name": "19289",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19289"
            },
            {
              "name": "27222",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27222"
            },
            {
              "name": "ADV-2007-4034",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4034"
            },
            {
              "name": "SUSE-SA:2006:044",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2006_44_libtiff.html"
            },
            {
              "name": "21290",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21290"
            },
            {
              "name": "21274",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21274"
            },
            {
              "name": "ADV-2006-3105",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3105"
            },
            {
              "name": "27181",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27181"
            },
            {
              "name": "RHSA-2006:0603",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0603.html"
            },
            {
              "name": "20060901-01-P",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
            },
            {
              "name": "21304",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21304"
            },
            {
              "name": "SSA:2006-230-01",
              "refsource": "SLACKWARE",
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.536600"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-558",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-558"
            },
            {
              "name": "27832",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27832"
            },
            {
              "name": "21346",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21346"
            },
            {
              "name": "201331",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1"
            },
            {
              "name": "oval:org.mitre.oval:def:11265",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11265"
            },
            {
              "name": "21319",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21319"
            },
            {
              "name": "21392",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21392"
            },
            {
              "name": "21334",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21334"
            },
            {
              "name": "19288",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19288"
            },
            {
              "name": "22036",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22036"
            },
            {
              "name": "2006-0044",
              "refsource": "TRUSTIX",
              "url": "http://lwn.net/Alerts/194228/"
            },
            {
              "name": "103160",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2006-3460",
    "datePublished": "2006-08-03T01:00:00",
    "dateReserved": "2006-07-10T00:00:00",
    "dateUpdated": "2024-08-07T18:30:33.586Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-0886
Vulnerability from cvelistv5
Published
2004-10-26 04:00
Modified
2024-08-08 00:31
Severity ?
Summary
Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.
References
http://www.redhat.com/support/errata/RHSA-2004-577.htmlvendor-advisory, x_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDKSA-2004:109vendor-advisory, x_refsource_MANDRAKE
http://www.redhat.com/support/errata/RHSA-2005-021.htmlvendor-advisory, x_refsource_REDHAT
http://www.ciac.org/ciac/bulletins/p-015.shtmlthird-party-advisory, government-resource, x_refsource_CIAC
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1vendor-advisory, x_refsource_SUNALERT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9907vdb-entry, signature, x_refsource_OVAL
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1vendor-advisory, x_refsource_SUNALERT
http://www.novell.com/linux/security/advisories/2004_38_libtiff.htmlvendor-advisory, x_refsource_SUSE
http://www.kb.cert.org/vuls/id/687568third-party-advisory, x_refsource_CERT-VN
http://securitytracker.com/id?1011674vdb-entry, x_refsource_SECTRACK
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888vendor-advisory, x_refsource_CONECTIVA
http://www.mandriva.com/security/advisories?name=MDKSA-2005:052vendor-advisory, x_refsource_MANDRAKE
https://exchange.xforce.ibmcloud.com/vulnerabilities/17715vdb-entry, x_refsource_XF
http://www.trustix.org/errata/2004/0054/vendor-advisory, x_refsource_TRUSTIX
http://www.kde.org/info/security/advisory-20041209-2.txtx_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2005-354.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/12818third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/11406vdb-entry, x_refsource_BID
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100116vdb-entry, signature, x_refsource_OVAL
http://www.debian.org/security/2004/dsa-567vendor-advisory, x_refsource_DEBIAN
http://marc.info/?l=bugtraq&m=109779465621929&w=2vendor-advisory, x_refsource_OPENPKG
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:31:47.875Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2004:577",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-577.html"
          },
          {
            "name": "MDKSA-2004:109",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:109"
          },
          {
            "name": "RHSA-2005:021",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-021.html"
          },
          {
            "name": "P-015",
            "tags": [
              "third-party-advisory",
              "government-resource",
              "x_refsource_CIAC",
              "x_transferred"
            ],
            "url": "http://www.ciac.org/ciac/bulletins/p-015.shtml"
          },
          {
            "name": "201072",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1"
          },
          {
            "name": "oval:org.mitre.oval:def:9907",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9907"
          },
          {
            "name": "101677",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1"
          },
          {
            "name": "SUSE-SA:2004:038",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2004_38_libtiff.html"
          },
          {
            "name": "VU#687568",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/687568"
          },
          {
            "name": "1011674",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1011674"
          },
          {
            "name": "CLA-2004:888",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000888"
          },
          {
            "name": "MDKSA-2005:052",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:052"
          },
          {
            "name": "libtiff-bo(17715)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17715"
          },
          {
            "name": "2004-0054",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://www.trustix.org/errata/2004/0054/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kde.org/info/security/advisory-20041209-2.txt"
          },
          {
            "name": "RHSA-2005:354",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-354.html"
          },
          {
            "name": "12818",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/12818"
          },
          {
            "name": "11406",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11406"
          },
          {
            "name": "oval:org.mitre.oval:def:100116",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100116"
          },
          {
            "name": "DSA-567",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2004/dsa-567"
          },
          {
            "name": "OpenPKG-SA-2004.043",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENPKG",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=109779465621929\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-10-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2004:577",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-577.html"
        },
        {
          "name": "MDKSA-2004:109",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:109"
        },
        {
          "name": "RHSA-2005:021",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-021.html"
        },
        {
          "name": "P-015",
          "tags": [
            "third-party-advisory",
            "government-resource",
            "x_refsource_CIAC"
          ],
          "url": "http://www.ciac.org/ciac/bulletins/p-015.shtml"
        },
        {
          "name": "201072",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1"
        },
        {
          "name": "oval:org.mitre.oval:def:9907",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9907"
        },
        {
          "name": "101677",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1"
        },
        {
          "name": "SUSE-SA:2004:038",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2004_38_libtiff.html"
        },
        {
          "name": "VU#687568",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/687568"
        },
        {
          "name": "1011674",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1011674"
        },
        {
          "name": "CLA-2004:888",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000888"
        },
        {
          "name": "MDKSA-2005:052",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:052"
        },
        {
          "name": "libtiff-bo(17715)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17715"
        },
        {
          "name": "2004-0054",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://www.trustix.org/errata/2004/0054/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kde.org/info/security/advisory-20041209-2.txt"
        },
        {
          "name": "RHSA-2005:354",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-354.html"
        },
        {
          "name": "12818",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/12818"
        },
        {
          "name": "11406",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11406"
        },
        {
          "name": "oval:org.mitre.oval:def:100116",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100116"
        },
        {
          "name": "DSA-567",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2004/dsa-567"
        },
        {
          "name": "OpenPKG-SA-2004.043",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENPKG"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=109779465621929\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0886",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2004:577",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-577.html"
            },
            {
              "name": "MDKSA-2004:109",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:109"
            },
            {
              "name": "RHSA-2005:021",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2005-021.html"
            },
            {
              "name": "P-015",
              "refsource": "CIAC",
              "url": "http://www.ciac.org/ciac/bulletins/p-015.shtml"
            },
            {
              "name": "201072",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1"
            },
            {
              "name": "oval:org.mitre.oval:def:9907",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9907"
            },
            {
              "name": "101677",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1"
            },
            {
              "name": "SUSE-SA:2004:038",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2004_38_libtiff.html"
            },
            {
              "name": "VU#687568",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/687568"
            },
            {
              "name": "1011674",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1011674"
            },
            {
              "name": "CLA-2004:888",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000888"
            },
            {
              "name": "MDKSA-2005:052",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:052"
            },
            {
              "name": "libtiff-bo(17715)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17715"
            },
            {
              "name": "2004-0054",
              "refsource": "TRUSTIX",
              "url": "http://www.trustix.org/errata/2004/0054/"
            },
            {
              "name": "http://www.kde.org/info/security/advisory-20041209-2.txt",
              "refsource": "CONFIRM",
              "url": "http://www.kde.org/info/security/advisory-20041209-2.txt"
            },
            {
              "name": "RHSA-2005:354",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2005-354.html"
            },
            {
              "name": "12818",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/12818"
            },
            {
              "name": "11406",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11406"
            },
            {
              "name": "oval:org.mitre.oval:def:100116",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100116"
            },
            {
              "name": "DSA-567",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2004/dsa-567"
            },
            {
              "name": "OpenPKG-SA-2004.043",
              "refsource": "OPENPKG",
              "url": "http://marc.info/?l=bugtraq\u0026m=109779465621929\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0886",
    "datePublished": "2004-10-26T04:00:00",
    "dateReserved": "2004-09-22T00:00:00",
    "dateUpdated": "2024-08-08T00:31:47.875Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-0801
Vulnerability from cvelistv5
Published
2023-02-13 00:00
Modified
2024-08-02 05:24
Summary
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
Impacted products
libtifflibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:24:34.481Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/498"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0801.json"
          },
          {
            "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"
          },
          {
            "name": "DSA-5361",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5361"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230316-0002/"
          },
          {
            "name": "GLSA-202305-31",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-31"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "libtiff",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c=4.4.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "wangdw.augustus@gmail.com"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bounds write in libtiff",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-30T00:00:00",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/498"
        },
        {
          "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0801.json"
        },
        {
          "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"
        },
        {
          "name": "DSA-5361",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5361"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230316-0002/"
        },
        {
          "name": "GLSA-202305-31",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202305-31"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2023-0801",
    "datePublished": "2023-02-13T00:00:00",
    "dateReserved": "2023-02-12T00:00:00",
    "dateUpdated": "2024-08-02T05:24:34.481Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-1183
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-08 00:46
Severity ?
Summary
Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF file.
References
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:46:10.559Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2005:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-019.html"
          },
          {
            "name": "MDKSA-2005:001",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:001"
          },
          {
            "name": "oval:org.mitre.oval:def:9743",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9743"
          },
          {
            "name": "MDKSA-2005:002",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:002"
          },
          {
            "name": "12173",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/12173"
          },
          {
            "name": "DSA-626",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2004/dsa-626"
          },
          {
            "name": "13728",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/13728/"
          },
          {
            "name": "libtiff-tiffdump-bo(18782)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18782"
          },
          {
            "name": "SUSE-SA:2005:001",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2005_01_libtiff_tiff.html"
          },
          {
            "name": "20050106 [USN-54-1] TIFF library tool vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=110503635113419\u0026w=2"
          },
          {
            "name": "MDKSA-2005:052",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:052"
          },
          {
            "name": "GLSA-200501-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200501-06.xml"
          },
          {
            "name": "RHSA-2005:035",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-035.html"
          },
          {
            "name": "CLA-2005:920",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000920"
          },
          {
            "name": "13776",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/13776"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-01-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2005:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-019.html"
        },
        {
          "name": "MDKSA-2005:001",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:001"
        },
        {
          "name": "oval:org.mitre.oval:def:9743",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9743"
        },
        {
          "name": "MDKSA-2005:002",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:002"
        },
        {
          "name": "12173",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/12173"
        },
        {
          "name": "DSA-626",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2004/dsa-626"
        },
        {
          "name": "13728",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/13728/"
        },
        {
          "name": "libtiff-tiffdump-bo(18782)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18782"
        },
        {
          "name": "SUSE-SA:2005:001",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2005_01_libtiff_tiff.html"
        },
        {
          "name": "20050106 [USN-54-1] TIFF library tool vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=110503635113419\u0026w=2"
        },
        {
          "name": "MDKSA-2005:052",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:052"
        },
        {
          "name": "GLSA-200501-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200501-06.xml"
        },
        {
          "name": "RHSA-2005:035",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-035.html"
        },
        {
          "name": "CLA-2005:920",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000920"
        },
        {
          "name": "13776",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/13776"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-1183",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2005:019",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2005-019.html"
            },
            {
              "name": "MDKSA-2005:001",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:001"
            },
            {
              "name": "oval:org.mitre.oval:def:9743",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9743"
            },
            {
              "name": "MDKSA-2005:002",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:002"
            },
            {
              "name": "12173",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/12173"
            },
            {
              "name": "DSA-626",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2004/dsa-626"
            },
            {
              "name": "13728",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/13728/"
            },
            {
              "name": "libtiff-tiffdump-bo(18782)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18782"
            },
            {
              "name": "SUSE-SA:2005:001",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2005_01_libtiff_tiff.html"
            },
            {
              "name": "20050106 [USN-54-1] TIFF library tool vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=110503635113419\u0026w=2"
            },
            {
              "name": "MDKSA-2005:052",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:052"
            },
            {
              "name": "GLSA-200501-06",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200501-06.xml"
            },
            {
              "name": "RHSA-2005:035",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2005-035.html"
            },
            {
              "name": "CLA-2005:920",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000920"
            },
            {
              "name": "13776",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/13776"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-1183",
    "datePublished": "2005-01-19T05:00:00",
    "dateReserved": "2004-12-13T00:00:00",
    "dateUpdated": "2024-08-08T00:46:10.559Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-10266
Vulnerability from cvelistv5
Published
2017-03-24 19:00
Modified
2024-08-06 03:14
Severity ?
Summary
LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:14:42.922Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-3844",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3844"
          },
          {
            "name": "USN-3602-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3602-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-divide-by-zero"
          },
          {
            "name": "97115",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97115"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/vadz/libtiff/commit/438274f938e046d33cb0e1230b41da32ffe223e1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-03-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-21T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-3844",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3844"
        },
        {
          "name": "USN-3602-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3602-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-divide-by-zero"
        },
        {
          "name": "97115",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97115"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vadz/libtiff/commit/438274f938e046d33cb0e1230b41da32ffe223e1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-10266",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-3844",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3844"
            },
            {
              "name": "USN-3602-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3602-1/"
            },
            {
              "name": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-divide-by-zero",
              "refsource": "MISC",
              "url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-divide-by-zero"
            },
            {
              "name": "97115",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97115"
            },
            {
              "name": "https://github.com/vadz/libtiff/commit/438274f938e046d33cb0e1230b41da32ffe223e1",
              "refsource": "MISC",
              "url": "https://github.com/vadz/libtiff/commit/438274f938e046d33cb0e1230b41da32ffe223e1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-10266",
    "datePublished": "2017-03-24T19:00:00",
    "dateReserved": "2017-03-24T00:00:00",
    "dateUpdated": "2024-08-06T03:14:42.922Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-8782
Vulnerability from cvelistv5
Published
2016-02-01 21:00
Modified
2024-08-06 08:29
Severity ?
Summary
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:29:21.997Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "name": "openSUSE-SU-2016:0414",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00064.html"
          },
          {
            "name": "RHSA-2016:1547",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "name": "81730",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/81730"
          },
          {
            "name": "openSUSE-SU-2016:0405",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00058.html"
          },
          {
            "name": "USN-2939-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2939-1"
          },
          {
            "name": "[oss-security] 20160124 Re: CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/01/24/7"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2522"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "RHSA-2016:1546",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
          },
          {
            "name": "[oss-security] 20160124 CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/01/24/3"
          },
          {
            "name": "DSA-3467",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3467"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-01-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "name": "openSUSE-SU-2016:0414",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00064.html"
        },
        {
          "name": "RHSA-2016:1547",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "name": "81730",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/81730"
        },
        {
          "name": "openSUSE-SU-2016:0405",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00058.html"
        },
        {
          "name": "USN-2939-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2939-1"
        },
        {
          "name": "[oss-security] 20160124 Re: CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/01/24/7"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2522"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "name": "RHSA-2016:1546",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
        },
        {
          "name": "[oss-security] 20160124 CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/01/24/3"
        },
        {
          "name": "DSA-3467",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3467"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2015-8782",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "name": "openSUSE-SU-2016:0414",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00064.html"
            },
            {
              "name": "RHSA-2016:1547",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "81730",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/81730"
            },
            {
              "name": "openSUSE-SU-2016:0405",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00058.html"
            },
            {
              "name": "USN-2939-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2939-1"
            },
            {
              "name": "[oss-security] 20160124 Re: CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/01/24/7"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2522",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2522"
            },
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "RHSA-2016:1546",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
            },
            {
              "name": "[oss-security] 20160124 CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/01/24/3"
            },
            {
              "name": "DSA-3467",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3467"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2015-8782",
    "datePublished": "2016-02-01T21:00:00",
    "dateReserved": "2016-01-24T00:00:00",
    "dateUpdated": "2024-08-06T08:29:21.997Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-0800
Vulnerability from cvelistv5
Published
2023-02-13 00:00
Modified
2024-08-02 05:24
Summary
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
Impacted products
libtifflibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:24:34.290Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/496"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0800.json"
          },
          {
            "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"
          },
          {
            "name": "DSA-5361",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5361"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230316-0002/"
          },
          {
            "name": "GLSA-202305-31",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-31"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "libtiff",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c=4.4.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "wangdw.augustus@gmail.com"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bounds write in libtiff",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-30T00:00:00",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/496"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00"
        },
        {
          "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0800.json"
        },
        {
          "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"
        },
        {
          "name": "DSA-5361",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5361"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230316-0002/"
        },
        {
          "name": "GLSA-202305-31",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202305-31"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2023-0800",
    "datePublished": "2023-02-13T00:00:00",
    "dateReserved": "2023-02-12T00:00:00",
    "dateUpdated": "2024-08-02T05:24:34.290Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-7600
Vulnerability from cvelistv5
Published
2017-04-09 14:00
Modified
2024-08-05 16:04
Severity ?
Summary
LibTIFF 4.0.7 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
References
https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashesx_refsource_MISC
http://www.debian.org/security/2017/dsa-3844vendor-advisory, x_refsource_DEBIAN
https://security.gentoo.org/glsa/201709-27vendor-advisory, x_refsource_GENTOO
https://usn.ubuntu.com/3602-1/vendor-advisory, x_refsource_UBUNTU
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:04:11.876Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes"
          },
          {
            "name": "DSA-3844",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3844"
          },
          {
            "name": "GLSA-201709-27",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-27"
          },
          {
            "name": "USN-3602-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3602-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-04-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF 4.0.7 has an \"outside the range of representable values of type unsigned char\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-21T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes"
        },
        {
          "name": "DSA-3844",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3844"
        },
        {
          "name": "GLSA-201709-27",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-27"
        },
        {
          "name": "USN-3602-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3602-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-7600",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "LibTIFF 4.0.7 has an \"outside the range of representable values of type unsigned char\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes",
              "refsource": "MISC",
              "url": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes"
            },
            {
              "name": "DSA-3844",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3844"
            },
            {
              "name": "GLSA-201709-27",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-27"
            },
            {
              "name": "USN-3602-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3602-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-7600",
    "datePublished": "2017-04-09T14:00:00",
    "dateReserved": "2017-04-09T00:00:00",
    "dateUpdated": "2024-08-05T16:04:11.876Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-3622
Vulnerability from cvelistv5
Published
2016-10-03 16:00
Modified
2024-08-06 00:03
Severity ?
Summary
The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image.
References
http://www.securitytracker.com/id/1035508vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/85917vdb-entry, x_refsource_BID
https://security.gentoo.org/glsa/201701-16vendor-advisory, x_refsource_GENTOO
http://www.openwall.com/lists/oss-security/2016/04/07/4mailing-list, x_refsource_MLIST
http://www.debian.org/security/2017/dsa-3762vendor-advisory, x_refsource_DEBIAN
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:03:34.340Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1035508",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035508"
          },
          {
            "name": "85917",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/85917"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "name": "[oss-security] 20160407 CVE-2016-3622 libtiff: Divide By Zero in the tiff2rgba tool",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/04/07/4"
          },
          {
            "name": "DSA-3762",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3762"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-03T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1035508",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035508"
        },
        {
          "name": "85917",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/85917"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "name": "[oss-security] 20160407 CVE-2016-3622 libtiff: Divide By Zero in the tiff2rgba tool",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/04/07/4"
        },
        {
          "name": "DSA-3762",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3762"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-3622",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1035508",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035508"
            },
            {
              "name": "85917",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/85917"
            },
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "[oss-security] 20160407 CVE-2016-3622 libtiff: Divide By Zero in the tiff2rgba tool",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/04/07/4"
            },
            {
              "name": "DSA-3762",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3762"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-3622",
    "datePublished": "2016-10-03T16:00:00",
    "dateReserved": "2016-03-21T00:00:00",
    "dateUpdated": "2024-08-06T00:03:34.340Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-40745
Vulnerability from cvelistv5
Published
2023-10-05 18:55
Modified
2024-11-06 14:41
Summary
Libtiff: integer overflow in tiffcp.c
References
https://access.redhat.com/errata/RHSA-2024:2289vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-40745vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2235265issue-tracking, x_refsource_REDHAT
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:46:10.366Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:2289",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2289"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-40745"
          },
          {
            "name": "RHBZ#2235265",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235265"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231110-0005/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://gitlab.com/libtiff/libtiff",
          "defaultStatus": "unaffected",
          "packageName": "libtiff",
          "versions": [
            {
              "lessThan": "4.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/a:redhat:enterprise_linux:9::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.4.0-12.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "compact-libtiff",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "compat-libtiff3",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "mingw-libtiff",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Arie Haenel (Intel ASSERT), Polina Frolov (Intel ASSERT), Yaakov Cohen (Intel ASSERT), and Yocheved Butterman (Intel ASSERT) for reporting this issue."
        }
      ],
      "datePublic": "2023-07-21T00:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-06T14:41:15.854Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:2289",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2289"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-40745"
        },
        {
          "name": "RHBZ#2235265",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235265"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-07-24T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-07-21T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Libtiff: integer overflow in tiffcp.c",
      "x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-40745",
    "datePublished": "2023-10-05T18:55:26.192Z",
    "dateReserved": "2023-08-25T09:21:36.657Z",
    "dateUpdated": "2024-11-06T14:41:15.854Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-3633
Vulnerability from cvelistv5
Published
2016-10-03 16:00
Modified
2024-08-06 00:03
Severity ?
Summary
The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the src variable.
References
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:03:34.108Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2548"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "name": "[oss-security] 20160408 CVE-2016-3633 - libtiff 4.0.6 illegel read",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/04/08/11"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the src variable."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-06-30T16:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2548"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "name": "[oss-security] 20160408 CVE-2016-3633 - libtiff 4.0.6 illegel read",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/04/08/11"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-3633",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the src variable."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2548",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2548"
            },
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "[oss-security] 20160408 CVE-2016-3633 - libtiff 4.0.6 illegel read",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/04/08/11"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-3633",
    "datePublished": "2016-10-03T16:00:00",
    "dateReserved": "2016-03-22T00:00:00",
    "dateUpdated": "2024-08-06T00:03:34.108Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-3627
Vulnerability from cvelistv5
Published
2022-10-21 00:00
Modified
2024-08-03 01:14
Summary
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
Impacted products
libtifflibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:14:02.492Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/411"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3627.json"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230110-0001/"
          },
          {
            "name": "[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
          },
          {
            "name": "DSA-5333",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5333"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "libtiff",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c=4.4.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "wangdw.augustus@gmail.com"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bounds read in libtiff",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-30T00:00:00",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/411"
        },
        {
          "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3627.json"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230110-0001/"
        },
        {
          "name": "[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
        },
        {
          "name": "DSA-5333",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5333"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2022-3627",
    "datePublished": "2022-10-21T00:00:00",
    "dateReserved": "2022-10-21T00:00:00",
    "dateUpdated": "2024-08-03T01:14:02.492Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-9935
Vulnerability from cvelistv5
Published
2017-06-26 12:00
Modified
2024-08-05 17:24
Severity ?
Summary
In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution.
References
https://usn.ubuntu.com/3606-1/vendor-advisory, x_refsource_UBUNTU
http://bugzilla.maptools.org/show_bug.cgi?id=2704x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2017/12/msg00008.htmlmailing-list, x_refsource_MLIST
http://www.securityfocus.com/bid/99296vdb-entry, x_refsource_BID
https://www.debian.org/security/2018/dsa-4100vendor-advisory, x_refsource_DEBIAN
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:24:59.733Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3606-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3606-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2704"
          },
          {
            "name": "[debian-lts-announce] 20171213 [SECURITY] [DLA 1206-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00008.html"
          },
          {
            "name": "99296",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99296"
          },
          {
            "name": "DSA-4100",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4100"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-06-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-27T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3606-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3606-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2704"
        },
        {
          "name": "[debian-lts-announce] 20171213 [SECURITY] [DLA 1206-1] tiff security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00008.html"
        },
        {
          "name": "99296",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99296"
        },
        {
          "name": "DSA-4100",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4100"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-9935",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3606-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3606-1/"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2704",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2704"
            },
            {
              "name": "[debian-lts-announce] 20171213 [SECURITY] [DLA 1206-1] tiff security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00008.html"
            },
            {
              "name": "99296",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99296"
            },
            {
              "name": "DSA-4100",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4100"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-9935",
    "datePublished": "2017-06-26T12:00:00",
    "dateReserved": "2017-06-26T00:00:00",
    "dateUpdated": "2024-08-05T17:24:59.733Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-2113
Vulnerability from cvelistv5
Published
2012-07-22 17:00
Modified
2024-08-06 19:26
Severity ?
Summary
Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.
References
http://www.securityfocus.com/bid/54076vdb-entry, x_refsource_BID
http://secunia.com/advisories/49493third-party-advisory, x_refsource_SECUNIA
http://www.remotesensing.org/libtiff/v4.0.2.htmlx_refsource_CONFIRM
https://hermes.opensuse.org/messages/15083566vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00010.htmlvendor-advisory, x_refsource_SUSE
http://www.debian.org/security/2012/dsa-2552vendor-advisory, x_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2012-1054.htmlvendor-advisory, x_refsource_REDHAT
http://security.gentoo.org/glsa/glsa-201209-02.xmlvendor-advisory, x_refsource_GENTOO
https://bugzilla.redhat.com/show_bug.cgi?id=810551x_refsource_MISC
http://www.mandriva.com/security/advisories?name=MDVSA-2012:101vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/49686third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/50726third-party-advisory, x_refsource_SECUNIA
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:26:07.716Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "54076",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/54076"
          },
          {
            "name": "49493",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49493"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.remotesensing.org/libtiff/v4.0.2.html"
          },
          {
            "name": "openSUSE-SU-2012:0829",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "https://hermes.opensuse.org/messages/15083566"
          },
          {
            "name": "SUSE-SU-2012:0894",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00010.html"
          },
          {
            "name": "DSA-2552",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2552"
          },
          {
            "name": "RHSA-2012:1054",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1054.html"
          },
          {
            "name": "GLSA-201209-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=810551"
          },
          {
            "name": "MDVSA-2012:101",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:101"
          },
          {
            "name": "49686",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49686"
          },
          {
            "name": "50726",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50726"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-06-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-28T20:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "54076",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/54076"
        },
        {
          "name": "49493",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49493"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.remotesensing.org/libtiff/v4.0.2.html"
        },
        {
          "name": "openSUSE-SU-2012:0829",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "https://hermes.opensuse.org/messages/15083566"
        },
        {
          "name": "SUSE-SU-2012:0894",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00010.html"
        },
        {
          "name": "DSA-2552",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2552"
        },
        {
          "name": "RHSA-2012:1054",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1054.html"
        },
        {
          "name": "GLSA-201209-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=810551"
        },
        {
          "name": "MDVSA-2012:101",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:101"
        },
        {
          "name": "49686",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49686"
        },
        {
          "name": "50726",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50726"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-2113",
    "datePublished": "2012-07-22T17:00:00",
    "dateReserved": "2012-04-04T00:00:00",
    "dateUpdated": "2024-08-06T19:26:07.716Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-5581
Vulnerability from cvelistv5
Published
2013-01-04 22:00
Modified
2024-08-06 21:14
Severity ?
Summary
Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/80339vdb-entry, x_refsource_XF
http://www.debian.org/security/2012/dsa-2589vendor-advisory, x_refsource_DEBIAN
http://www.securityfocus.com/bid/56715vdb-entry, x_refsource_BID
http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/51491third-party-advisory, x_refsource_SECUNIA
http://www.ubuntu.com/usn/USN-1655-1vendor-advisory, x_refsource_UBUNTU
https://bugzilla.redhat.com/show_bug.cgi?id=867235x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/11/28/1mailing-list, x_refsource_MLIST
http://rhn.redhat.com/errata/RHSA-2012-1590.htmlvendor-advisory, x_refsource_REDHAT
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:14:15.873Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "libtiff-dotrange-bo(80339)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80339"
          },
          {
            "name": "DSA-2589",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2589"
          },
          {
            "name": "56715",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/56715"
          },
          {
            "name": "openSUSE-SU-2013:0187",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.html"
          },
          {
            "name": "51491",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51491"
          },
          {
            "name": "USN-1655-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1655-1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=867235"
          },
          {
            "name": "[oss-security] 20121128 libtiff: Stack based buffer overflow when handling DOTRANGE tags",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/11/28/1"
          },
          {
            "name": "RHSA-2012:1590",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1590.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-11-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-29T19:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "libtiff-dotrange-bo(80339)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80339"
        },
        {
          "name": "DSA-2589",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2589"
        },
        {
          "name": "56715",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/56715"
        },
        {
          "name": "openSUSE-SU-2013:0187",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.html"
        },
        {
          "name": "51491",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51491"
        },
        {
          "name": "USN-1655-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1655-1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=867235"
        },
        {
          "name": "[oss-security] 20121128 libtiff: Stack based buffer overflow when handling DOTRANGE tags",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/11/28/1"
        },
        {
          "name": "RHSA-2012:1590",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1590.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-5581",
    "datePublished": "2013-01-04T22:00:00",
    "dateReserved": "2012-10-24T00:00:00",
    "dateUpdated": "2024-08-06T21:14:15.873Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-3625
Vulnerability from cvelistv5
Published
2016-10-03 16:00
Modified
2024-08-06 00:03
Severity ?
Summary
tif_read.c in the tiff2bw tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.
References
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:03:34.326Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "name": "[oss-security] 20160408 CVE-2016-3625 libtiff: Out-of-bounds Read in the tiff2bw tool",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/04/08/5"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2566"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "tif_read.c in the tiff2bw tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-06-30T16:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "name": "[oss-security] 20160408 CVE-2016-3625 libtiff: Out-of-bounds Read in the tiff2bw tool",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/04/08/5"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2566"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-3625",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "tif_read.c in the tiff2bw tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "[oss-security] 20160408 CVE-2016-3625 libtiff: Out-of-bounds Read in the tiff2bw tool",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/04/08/5"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2566",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2566"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-3625",
    "datePublished": "2016-10-03T16:00:00",
    "dateReserved": "2016-03-21T00:00:00",
    "dateUpdated": "2024-08-06T00:03:34.326Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-0803
Vulnerability from cvelistv5
Published
2023-02-13 00:00
Modified
2024-08-02 05:24
Summary
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
Impacted products
libtifflibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:24:34.591Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/501"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0803.json"
          },
          {
            "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"
          },
          {
            "name": "DSA-5361",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5361"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230316-0002/"
          },
          {
            "name": "GLSA-202305-31",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-31"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "libtiff",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c=4.4.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "wangdw.augustus@gmail.com"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bounds write in libtiff",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-30T00:00:00",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/501"
        },
        {
          "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0803.json"
        },
        {
          "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"
        },
        {
          "name": "DSA-5361",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5361"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230316-0002/"
        },
        {
          "name": "GLSA-202305-31",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202305-31"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2023-0803",
    "datePublished": "2023-02-13T00:00:00",
    "dateReserved": "2023-02-12T00:00:00",
    "dateUpdated": "2024-08-02T05:24:34.591Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-3401
Vulnerability from cvelistv5
Published
2012-08-13 20:00
Modified
2024-08-06 20:05
Severity ?
Summary
The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow.
References
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:05:12.257Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=837577"
          },
          {
            "name": "openSUSE-SU-2012:0955",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00011.html"
          },
          {
            "name": "[oss-security] 20120719 tiff2pdf: Heap-based buffer overflow due to improper initialization of T2P context struct pointer",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/07/19/1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://libjpeg-turbo.svn.sourceforge.net/viewvc/libjpeg-turbo?view=revision\u0026revision=830"
          },
          {
            "name": "54601",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/54601"
          },
          {
            "name": "[oss-security] 20120719 Re: tiff2pdf: Heap-based buffer overflow due to improper initialization of T2P context struct pointer",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/07/19/4"
          },
          {
            "name": "DSA-2552",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2552"
          },
          {
            "name": "49938",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49938"
          },
          {
            "name": "50007",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50007"
          },
          {
            "name": "USN-1511-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1511-1"
          },
          {
            "name": "GLSA-201209-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
          },
          {
            "name": "84090",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/84090"
          },
          {
            "name": "libtiff-t2preadtiffinit-bo(77088)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77088"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/attachment.cgi?id=596457"
          },
          {
            "name": "MDVSA-2012:127",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:127"
          },
          {
            "name": "RHSA-2012:1590",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1590.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
          },
          {
            "name": "50726",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50726"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-07-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=837577"
        },
        {
          "name": "openSUSE-SU-2012:0955",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00011.html"
        },
        {
          "name": "[oss-security] 20120719 tiff2pdf: Heap-based buffer overflow due to improper initialization of T2P context struct pointer",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/07/19/1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://libjpeg-turbo.svn.sourceforge.net/viewvc/libjpeg-turbo?view=revision\u0026revision=830"
        },
        {
          "name": "54601",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/54601"
        },
        {
          "name": "[oss-security] 20120719 Re: tiff2pdf: Heap-based buffer overflow due to improper initialization of T2P context struct pointer",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/07/19/4"
        },
        {
          "name": "DSA-2552",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2552"
        },
        {
          "name": "49938",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49938"
        },
        {
          "name": "50007",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50007"
        },
        {
          "name": "USN-1511-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1511-1"
        },
        {
          "name": "GLSA-201209-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
        },
        {
          "name": "84090",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/84090"
        },
        {
          "name": "libtiff-t2preadtiffinit-bo(77088)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77088"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/attachment.cgi?id=596457"
        },
        {
          "name": "MDVSA-2012:127",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:127"
        },
        {
          "name": "RHSA-2012:1590",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1590.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
        },
        {
          "name": "50726",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50726"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-3401",
    "datePublished": "2012-08-13T20:00:00",
    "dateReserved": "2012-06-14T00:00:00",
    "dateUpdated": "2024-08-06T20:05:12.257Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-1307
Vulnerability from cvelistv5
Published
2005-05-04 04:00
Modified
2024-08-08 00:46
Severity ?
Summary
Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:46:12.284Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "TA05-136A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html"
          },
          {
            "name": "VU#539110",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/539110"
          },
          {
            "name": "201072",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1"
          },
          {
            "name": "101677",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1"
          },
          {
            "name": "20041221 libtiff STRIPOFFSETS Integer Overflow Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://www.idefense.com/application/poi/display?id=173\u0026type=vulnerabilities\u0026flashstatus=true"
          },
          {
            "name": "APPLE-SA-2005-05-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html"
          },
          {
            "name": "oval:org.mitre.oval:def:11175",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11175"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-12-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "TA05-136A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html"
        },
        {
          "name": "VU#539110",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/539110"
        },
        {
          "name": "201072",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1"
        },
        {
          "name": "101677",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1"
        },
        {
          "name": "20041221 libtiff STRIPOFFSETS Integer Overflow Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://www.idefense.com/application/poi/display?id=173\u0026type=vulnerabilities\u0026flashstatus=true"
        },
        {
          "name": "APPLE-SA-2005-05-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html"
        },
        {
          "name": "oval:org.mitre.oval:def:11175",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11175"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-1307",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA05-136A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html"
            },
            {
              "name": "VU#539110",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/539110"
            },
            {
              "name": "201072",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1"
            },
            {
              "name": "101677",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1"
            },
            {
              "name": "20041221 libtiff STRIPOFFSETS Integer Overflow Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://www.idefense.com/application/poi/display?id=173\u0026type=vulnerabilities\u0026flashstatus=true"
            },
            {
              "name": "APPLE-SA-2005-05-03",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html"
            },
            {
              "name": "oval:org.mitre.oval:def:11175",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11175"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-1307",
    "datePublished": "2005-05-04T04:00:00",
    "dateReserved": "2004-12-21T00:00:00",
    "dateUpdated": "2024-08-08T00:46:12.284Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-17795
Vulnerability from cvelistv5
Published
2018-09-30 20:00
Modified
2024-08-05 10:54
Severity ?
Summary
The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T10:54:10.689Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2816"
          },
          {
            "name": "105445",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105445"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-17795"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-09-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-16T19:15:30",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2816"
        },
        {
          "name": "105445",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105445"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-17795"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-17795",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2816",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2816"
            },
            {
              "name": "105445",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105445"
            },
            {
              "name": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-17795",
              "refsource": "MISC",
              "url": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-17795"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-17795",
    "datePublished": "2018-09-30T20:00:00",
    "dateReserved": "2018-09-30T00:00:00",
    "dateUpdated": "2024-08-05T10:54:10.689Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-2347
Vulnerability from cvelistv5
Published
2009-07-14 20:16
Modified
2024-08-07 05:44
Severity ?
Summary
Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.
References
http://secunia.com/advisories/35817third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/35866third-party-advisory, x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00663.htmlvendor-advisory, x_refsource_FEDORA
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2347x_refsource_CONFIRM
http://osvdb.org/55821vdb-entry, x_refsource_OSVDB
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00724.htmlvendor-advisory, x_refsource_FEDORA
http://www.vupen.com/english/advisories/2009/1870vdb-entry, x_refsource_VUPEN
http://www.ocert.org/advisories/ocert-2009-012.htmlx_refsource_MISC
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10988vdb-entry, signature, x_refsource_OVAL
http://www.securitytracker.com/id?1022539vdb-entry, x_refsource_SECTRACK
http://www.vupen.com/english/advisories/2011/0621vdb-entry, x_refsource_VUPEN
http://www.ubuntu.com/usn/USN-801-1vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/35811third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/35883third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-201209-02.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/36194third-party-advisory, x_refsource_SECUNIA
http://bugzilla.maptools.org/show_bug.cgi?id=2079x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/504892/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.mandriva.com/security/advisories?name=MDVSA-2009:150vendor-advisory, x_refsource_MANDRIVA
http://security.gentoo.org/glsa/glsa-200908-03.xmlvendor-advisory, x_refsource_GENTOO
https://exchange.xforce.ibmcloud.com/vulnerabilities/51688vdb-entry, x_refsource_XF
http://secunia.com/advisories/35911third-party-advisory, x_refsource_SECUNIA
http://article.gmane.org/gmane.linux.debian.devel.changes.unstable/178563/x_refsource_CONFIRM
http://osvdb.org/55822vdb-entry, x_refsource_OSVDB
http://www.redhat.com/support/errata/RHSA-2009-1159.htmlvendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/35652vdb-entry, x_refsource_BID
http://www.debian.org/security/2009/dsa-1835vendor-advisory, x_refsource_DEBIAN
http://www.mandriva.com/security/advisories?name=MDVSA-2011:043vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/50726third-party-advisory, x_refsource_SECUNIA
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:44:55.963Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "35817",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35817"
          },
          {
            "name": "35866",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35866"
          },
          {
            "name": "FEDORA-2009-7724",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00663.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2347"
          },
          {
            "name": "55821",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/55821"
          },
          {
            "name": "FEDORA-2009-7775",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00724.html"
          },
          {
            "name": "ADV-2009-1870",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1870"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.ocert.org/advisories/ocert-2009-012.html"
          },
          {
            "name": "oval:org.mitre.oval:def:10988",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10988"
          },
          {
            "name": "1022539",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022539"
          },
          {
            "name": "ADV-2011-0621",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0621"
          },
          {
            "name": "USN-801-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-801-1"
          },
          {
            "name": "35811",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35811"
          },
          {
            "name": "35883",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35883"
          },
          {
            "name": "GLSA-201209-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
          },
          {
            "name": "36194",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36194"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2079"
          },
          {
            "name": "20090713 [oCERT-2009-012] libtiff tools integer overflows",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/504892/100/0/threaded"
          },
          {
            "name": "MDVSA-2009:150",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:150"
          },
          {
            "name": "GLSA-200908-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200908-03.xml"
          },
          {
            "name": "libtiff-rgb2ycbcr-tiff2rgba-bo(51688)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51688"
          },
          {
            "name": "35911",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35911"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://article.gmane.org/gmane.linux.debian.devel.changes.unstable/178563/"
          },
          {
            "name": "55822",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/55822"
          },
          {
            "name": "RHSA-2009:1159",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1159.html"
          },
          {
            "name": "35652",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35652"
          },
          {
            "name": "DSA-1835",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1835"
          },
          {
            "name": "MDVSA-2011:043",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:043"
          },
          {
            "name": "50726",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50726"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-07-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "35817",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35817"
        },
        {
          "name": "35866",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35866"
        },
        {
          "name": "FEDORA-2009-7724",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00663.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2347"
        },
        {
          "name": "55821",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/55821"
        },
        {
          "name": "FEDORA-2009-7775",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00724.html"
        },
        {
          "name": "ADV-2009-1870",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1870"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.ocert.org/advisories/ocert-2009-012.html"
        },
        {
          "name": "oval:org.mitre.oval:def:10988",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10988"
        },
        {
          "name": "1022539",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022539"
        },
        {
          "name": "ADV-2011-0621",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0621"
        },
        {
          "name": "USN-801-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-801-1"
        },
        {
          "name": "35811",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35811"
        },
        {
          "name": "35883",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35883"
        },
        {
          "name": "GLSA-201209-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
        },
        {
          "name": "36194",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36194"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2079"
        },
        {
          "name": "20090713 [oCERT-2009-012] libtiff tools integer overflows",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/504892/100/0/threaded"
        },
        {
          "name": "MDVSA-2009:150",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:150"
        },
        {
          "name": "GLSA-200908-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200908-03.xml"
        },
        {
          "name": "libtiff-rgb2ycbcr-tiff2rgba-bo(51688)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51688"
        },
        {
          "name": "35911",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35911"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://article.gmane.org/gmane.linux.debian.devel.changes.unstable/178563/"
        },
        {
          "name": "55822",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/55822"
        },
        {
          "name": "RHSA-2009:1159",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1159.html"
        },
        {
          "name": "35652",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35652"
        },
        {
          "name": "DSA-1835",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1835"
        },
        {
          "name": "MDVSA-2011:043",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:043"
        },
        {
          "name": "50726",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50726"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-2347",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "35817",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35817"
            },
            {
              "name": "35866",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35866"
            },
            {
              "name": "FEDORA-2009-7724",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00663.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2347",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2347"
            },
            {
              "name": "55821",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/55821"
            },
            {
              "name": "FEDORA-2009-7775",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00724.html"
            },
            {
              "name": "ADV-2009-1870",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1870"
            },
            {
              "name": "http://www.ocert.org/advisories/ocert-2009-012.html",
              "refsource": "MISC",
              "url": "http://www.ocert.org/advisories/ocert-2009-012.html"
            },
            {
              "name": "oval:org.mitre.oval:def:10988",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10988"
            },
            {
              "name": "1022539",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1022539"
            },
            {
              "name": "ADV-2011-0621",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0621"
            },
            {
              "name": "USN-801-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-801-1"
            },
            {
              "name": "35811",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35811"
            },
            {
              "name": "35883",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35883"
            },
            {
              "name": "GLSA-201209-02",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
            },
            {
              "name": "36194",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36194"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2079",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2079"
            },
            {
              "name": "20090713 [oCERT-2009-012] libtiff tools integer overflows",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/504892/100/0/threaded"
            },
            {
              "name": "MDVSA-2009:150",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:150"
            },
            {
              "name": "GLSA-200908-03",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200908-03.xml"
            },
            {
              "name": "libtiff-rgb2ycbcr-tiff2rgba-bo(51688)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51688"
            },
            {
              "name": "35911",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35911"
            },
            {
              "name": "http://article.gmane.org/gmane.linux.debian.devel.changes.unstable/178563/",
              "refsource": "CONFIRM",
              "url": "http://article.gmane.org/gmane.linux.debian.devel.changes.unstable/178563/"
            },
            {
              "name": "55822",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/55822"
            },
            {
              "name": "RHSA-2009:1159",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1159.html"
            },
            {
              "name": "35652",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/35652"
            },
            {
              "name": "DSA-1835",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2009/dsa-1835"
            },
            {
              "name": "MDVSA-2011:043",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:043"
            },
            {
              "name": "50726",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50726"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-2347",
    "datePublished": "2009-07-14T20:16:00",
    "dateReserved": "2009-07-07T00:00:00",
    "dateUpdated": "2024-08-07T05:44:55.963Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-1167
Vulnerability from cvelistv5
Published
2011-03-28 16:00
Modified
2024-08-06 22:14
Severity ?
Summary
Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.
References
http://www.vupen.com/english/advisories/2011/0795vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/43974third-party-advisory, x_refsource_SECUNIA
http://ubuntu.com/usn/usn-1102-1vendor-advisory, x_refsource_UBUNTU
http://www.vupen.com/english/advisories/2011/0845vdb-entry, x_refsource_VUPEN
https://bugzilla.redhat.com/show_bug.cgi?id=684939x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2011/0860vdb-entry, x_refsource_VUPEN
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.htmlvendor-advisory, x_refsource_SUSE
http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.htmlvendor-advisory, x_refsource_APPLE
http://support.apple.com/kb/HT5503x_refsource_CONFIRM
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.587820vendor-advisory, x_refsource_SLACKWARE
http://support.apple.com/kb/HT5130x_refsource_CONFIRM
http://secunia.com/advisories/43900third-party-advisory, x_refsource_SECUNIA
http://www.osvdb.org/71256vdb-entry, x_refsource_OSVDB
http://secunia.com/advisories/43934third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/46951vdb-entry, x_refsource_BID
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.htmlvendor-advisory, x_refsource_FEDORA
http://www.vupen.com/english/advisories/2011/0905vdb-entry, x_refsource_VUPEN
http://www.debian.org/security/2011/dsa-2210vendor-advisory, x_refsource_DEBIAN
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.htmlvendor-advisory, x_refsource_APPLE
https://exchange.xforce.ibmcloud.com/vulnerabilities/66247vdb-entry, x_refsource_XF
http://blackberry.com/btsc/KB27244x_refsource_CONFIRM
http://www.securitytracker.com/id?1025257vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/archive/1/517101/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://bugzilla.maptools.org/show_bug.cgi?id=2300x_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-201209-02.xmlvendor-advisory, x_refsource_GENTOO
http://www.vupen.com/english/advisories/2011/0930vdb-entry, x_refsource_VUPEN
http://www.zerodayinitiative.com/advisories/ZDI-11-107x_refsource_MISC
http://secunia.com/advisories/44135third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2011/0960vdb-entry, x_refsource_VUPEN
http://securityreason.com/securityalert/8165third-party-advisory, x_refsource_SREASON
http://www.mandriva.com/security/advisories?name=MDVSA-2011:064vendor-advisory, x_refsource_MANDRIVA
http://www.vupen.com/english/advisories/2011/0859vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/44117third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2011-0392.htmlvendor-advisory, x_refsource_REDHAT
http://support.apple.com/kb/HT5281x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.htmlvendor-advisory, x_refsource_FEDORA
http://lists.apple.com/archives/security-announce/2012/May/msg00001.htmlvendor-advisory, x_refsource_APPLE
http://secunia.com/advisories/50726third-party-advisory, x_refsource_SECUNIA
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:14:27.994Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2011-0795",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0795"
          },
          {
            "name": "43974",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43974"
          },
          {
            "name": "USN-1102-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://ubuntu.com/usn/usn-1102-1"
          },
          {
            "name": "ADV-2011-0845",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0845"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=684939"
          },
          {
            "name": "ADV-2011-0860",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0860"
          },
          {
            "name": "SUSE-SR:2011:009",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
          },
          {
            "name": "APPLE-SA-2012-09-19-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5503"
          },
          {
            "name": "SSA:2011-098-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.587820"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5130"
          },
          {
            "name": "43900",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43900"
          },
          {
            "name": "71256",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/71256"
          },
          {
            "name": "43934",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43934"
          },
          {
            "name": "46951",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/46951"
          },
          {
            "name": "FEDORA-2011-3836",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html"
          },
          {
            "name": "ADV-2011-0905",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0905"
          },
          {
            "name": "DSA-2210",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2210"
          },
          {
            "name": "APPLE-SA-2012-02-01-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
          },
          {
            "name": "libtiff-thundercode-decoder-bo(66247)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66247"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blackberry.com/btsc/KB27244"
          },
          {
            "name": "1025257",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025257"
          },
          {
            "name": "20110321 ZDI-11-107: Libtiff ThunderCode Decoder THUNDER_2BITDELTAS Remote Code Execution Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/517101/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2300"
          },
          {
            "name": "GLSA-201209-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
          },
          {
            "name": "ADV-2011-0930",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0930"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-107"
          },
          {
            "name": "44135",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44135"
          },
          {
            "name": "ADV-2011-0960",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0960"
          },
          {
            "name": "8165",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8165"
          },
          {
            "name": "MDVSA-2011:064",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:064"
          },
          {
            "name": "ADV-2011-0859",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0859"
          },
          {
            "name": "44117",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44117"
          },
          {
            "name": "RHSA-2011:0392",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0392.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5281"
          },
          {
            "name": "FEDORA-2011-3827",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html"
          },
          {
            "name": "APPLE-SA-2012-05-09-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
          },
          {
            "name": "50726",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50726"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-03-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "ADV-2011-0795",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0795"
        },
        {
          "name": "43974",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43974"
        },
        {
          "name": "USN-1102-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://ubuntu.com/usn/usn-1102-1"
        },
        {
          "name": "ADV-2011-0845",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0845"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=684939"
        },
        {
          "name": "ADV-2011-0860",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0860"
        },
        {
          "name": "SUSE-SR:2011:009",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
        },
        {
          "name": "APPLE-SA-2012-09-19-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5503"
        },
        {
          "name": "SSA:2011-098-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.587820"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5130"
        },
        {
          "name": "43900",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43900"
        },
        {
          "name": "71256",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/71256"
        },
        {
          "name": "43934",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43934"
        },
        {
          "name": "46951",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/46951"
        },
        {
          "name": "FEDORA-2011-3836",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057763.html"
        },
        {
          "name": "ADV-2011-0905",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0905"
        },
        {
          "name": "DSA-2210",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2210"
        },
        {
          "name": "APPLE-SA-2012-02-01-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
        },
        {
          "name": "libtiff-thundercode-decoder-bo(66247)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66247"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blackberry.com/btsc/KB27244"
        },
        {
          "name": "1025257",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025257"
        },
        {
          "name": "20110321 ZDI-11-107: Libtiff ThunderCode Decoder THUNDER_2BITDELTAS Remote Code Execution Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/517101/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2300"
        },
        {
          "name": "GLSA-201209-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
        },
        {
          "name": "ADV-2011-0930",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0930"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-107"
        },
        {
          "name": "44135",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44135"
        },
        {
          "name": "ADV-2011-0960",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0960"
        },
        {
          "name": "8165",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8165"
        },
        {
          "name": "MDVSA-2011:064",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:064"
        },
        {
          "name": "ADV-2011-0859",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0859"
        },
        {
          "name": "44117",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44117"
        },
        {
          "name": "RHSA-2011:0392",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0392.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5281"
        },
        {
          "name": "FEDORA-2011-3827",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057840.html"
        },
        {
          "name": "APPLE-SA-2012-05-09-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
        },
        {
          "name": "50726",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50726"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-1167",
    "datePublished": "2011-03-28T16:00:00",
    "dateReserved": "2011-03-03T00:00:00",
    "dateUpdated": "2024-08-06T22:14:27.994Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-41175
Vulnerability from cvelistv5
Published
2023-10-05 18:55
Modified
2024-11-06 14:41
Summary
Libtiff: potential integer overflow in raw2tiff.c
References
https://access.redhat.com/errata/RHSA-2024:2289vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-41175vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2235264issue-tracking, x_refsource_REDHAT
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-41175",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-29T19:34:04.451018Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:21:32.785Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:54:04.334Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:2289",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2289"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-41175"
          },
          {
            "name": "RHBZ#2235264",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235264"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://gitlab.com/libtiff/libtiff",
          "defaultStatus": "unaffected",
          "packageName": "libtiff",
          "versions": [
            {
              "lessThan": "4.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.4.0-12.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "compact-libtiff",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "compat-libtiff3",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "mingw-libtiff",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Arie Haenel (Intel ASSERT), Polina Frolov (Intel ASSERT), Yaakov Cohen (Intel ASSERT), and Yocheved Butterman (Intel ASSERT) for reporting this issue."
        }
      ],
      "datePublic": "2023-07-21T00:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-680",
              "description": "Integer Overflow to Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-06T14:41:16.598Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:2289",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2289"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-41175"
        },
        {
          "name": "RHBZ#2235264",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235264"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-07-24T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-07-21T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Libtiff: potential integer overflow in raw2tiff.c",
      "x_redhatCweChain": "CWE-680: Integer Overflow to Buffer Overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-41175",
    "datePublished": "2023-10-05T18:55:26.876Z",
    "dateReserved": "2023-08-25T09:21:36.645Z",
    "dateUpdated": "2024-11-06T14:41:16.598Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-9330
Vulnerability from cvelistv5
Published
2015-01-20 15:00
Modified
2024-08-06 13:40
Severity ?
Summary
Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) via crafted BMP image, related to dimensions, which triggers an out-of-bounds read.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:40:24.952Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "name": "71789",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/71789"
          },
          {
            "name": "RHSA-2016:1547",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "name": "1031442",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031442"
          },
          {
            "name": "DSA-3273",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3273"
          },
          {
            "name": "20141222 CVE-2014-9330: Libtiff integer overflow in bmp2tiff",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Dec/97"
          },
          {
            "name": "RHSA-2016:1546",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2494"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-12-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) via crafted BMP image, related to dimensions, which triggers an out-of-bounds read."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "name": "71789",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/71789"
        },
        {
          "name": "RHSA-2016:1547",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "name": "1031442",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031442"
        },
        {
          "name": "DSA-3273",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3273"
        },
        {
          "name": "20141222 CVE-2014-9330: Libtiff integer overflow in bmp2tiff",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Dec/97"
        },
        {
          "name": "RHSA-2016:1546",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2494"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-9330",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) via crafted BMP image, related to dimensions, which triggers an out-of-bounds read."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "name": "71789",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/71789"
            },
            {
              "name": "RHSA-2016:1547",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "1031442",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031442"
            },
            {
              "name": "DSA-3273",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3273"
            },
            {
              "name": "20141222 CVE-2014-9330: Libtiff integer overflow in bmp2tiff",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/Dec/97"
            },
            {
              "name": "RHSA-2016:1546",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2494",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2494"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-9330",
    "datePublished": "2015-01-20T15:00:00",
    "dateReserved": "2014-12-07T00:00:00",
    "dateUpdated": "2024-08-06T13:40:24.952Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-18661
Vulnerability from cvelistv5
Published
2018-10-26 13:00
Modified
2024-08-05 11:15
Severity ?
Summary
An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.
References
https://usn.ubuntu.com/3864-1/vendor-advisory, x_refsource_UBUNTU
http://bugzilla.maptools.org/show_bug.cgi?id=2819x_refsource_MISC
http://www.securityfocus.com/bid/105762vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2019:2053vendor-advisory, x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2019/11/msg00027.htmlmailing-list, x_refsource_MLIST
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:15:59.945Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3864-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3864-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2819"
          },
          {
            "name": "105762",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105762"
          },
          {
            "name": "RHSA-2019:2053",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2053"
          },
          {
            "name": "[debian-lts-announce] 20191126 [SECURITY] [DLA 2009-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-10-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-26T23:07:16",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3864-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3864-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2819"
        },
        {
          "name": "105762",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105762"
        },
        {
          "name": "RHSA-2019:2053",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2053"
        },
        {
          "name": "[debian-lts-announce] 20191126 [SECURITY] [DLA 2009-1] tiff security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-18661",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3864-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3864-1/"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2819",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2819"
            },
            {
              "name": "105762",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105762"
            },
            {
              "name": "RHSA-2019:2053",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2053"
            },
            {
              "name": "[debian-lts-announce] 20191126 [SECURITY] [DLA 2009-1] tiff security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-18661",
    "datePublished": "2018-10-26T13:00:00",
    "dateReserved": "2018-10-26T00:00:00",
    "dateUpdated": "2024-08-05T11:15:59.945Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-3464
Vulnerability from cvelistv5
Published
2006-08-03 01:00
Modified
2024-08-07 18:30
Severity ?
Summary
TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecified vectors involving "unchecked arithmetic operations".
References
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-Pvendor-advisory, x_refsource_SGI
http://secunia.com/advisories/21501third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:136vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/21537third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21632third-party-advisory, x_refsource_SECUNIA
http://www.gentoo.org/security/en/glsa/glsa-200608-07.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/21338third-party-advisory, x_refsource_SECUNIA
http://www.ubuntu.com/usn/usn-330-1vendor-advisory, x_refsource_UBUNTU
http://support.avaya.com/elmodocs2/security/ASA-2006-166.htmx_refsource_CONFIRM
http://securitytracker.com/id?1016628vdb-entry, x_refsource_SECTRACK
http://www.debian.org/security/2006/dsa-1137vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/21370third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21598third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2006-0648.htmlvendor-advisory, x_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDKSA-2006:137vendor-advisory, x_refsource_MANDRIVA
http://www.vupen.com/english/advisories/2007/4034vdb-entry, x_refsource_VUPEN
http://www.novell.com/linux/security/advisories/2006_44_libtiff.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/21290third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21274third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/3105vdb-entry, x_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2006-0603.htmlvendor-advisory, x_refsource_REDHAT
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.ascvendor-advisory, x_refsource_SGI
http://secunia.com/advisories/21304third-party-advisory, x_refsource_SECUNIA
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600vendor-advisory, x_refsource_SLACKWARE
https://issues.rpath.com/browse/RPL-558x_refsource_CONFIRM
http://secunia.com/advisories/27832third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21346third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1vendor-advisory, x_refsource_SUNALERT
http://www.securityfocus.com/bid/19286vdb-entry, x_refsource_BID
http://secunia.com/advisories/21319third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21392third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21334third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10916vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/22036third-party-advisory, x_refsource_SECUNIA
http://lwn.net/Alerts/194228/vendor-advisory, x_refsource_TRUSTIX
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1vendor-advisory, x_refsource_SUNALERT
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:30:33.995Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20060801-01-P",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"
          },
          {
            "name": "21501",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21501"
          },
          {
            "name": "MDKSA-2006:136",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:136"
          },
          {
            "name": "21537",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21537"
          },
          {
            "name": "21632",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21632"
          },
          {
            "name": "GLSA-200608-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml"
          },
          {
            "name": "21338",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21338"
          },
          {
            "name": "USN-330-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-330-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm"
          },
          {
            "name": "1016628",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016628"
          },
          {
            "name": "DSA-1137",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1137"
          },
          {
            "name": "21370",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21370"
          },
          {
            "name": "21598",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21598"
          },
          {
            "name": "RHSA-2006:0648",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0648.html"
          },
          {
            "name": "MDKSA-2006:137",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:137"
          },
          {
            "name": "ADV-2007-4034",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4034"
          },
          {
            "name": "SUSE-SA:2006:044",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_44_libtiff.html"
          },
          {
            "name": "21290",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21290"
          },
          {
            "name": "21274",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21274"
          },
          {
            "name": "ADV-2006-3105",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3105"
          },
          {
            "name": "RHSA-2006:0603",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0603.html"
          },
          {
            "name": "20060901-01-P",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
          },
          {
            "name": "21304",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21304"
          },
          {
            "name": "SSA:2006-230-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.536600"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-558"
          },
          {
            "name": "27832",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27832"
          },
          {
            "name": "21346",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21346"
          },
          {
            "name": "201331",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1"
          },
          {
            "name": "19286",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19286"
          },
          {
            "name": "21319",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21319"
          },
          {
            "name": "21392",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21392"
          },
          {
            "name": "21334",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21334"
          },
          {
            "name": "oval:org.mitre.oval:def:10916",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10916"
          },
          {
            "name": "22036",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22036"
          },
          {
            "name": "2006-0044",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://lwn.net/Alerts/194228/"
          },
          {
            "name": "103160",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-08-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecified vectors involving \"unchecked arithmetic operations\"."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "20060801-01-P",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"
        },
        {
          "name": "21501",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21501"
        },
        {
          "name": "MDKSA-2006:136",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:136"
        },
        {
          "name": "21537",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21537"
        },
        {
          "name": "21632",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21632"
        },
        {
          "name": "GLSA-200608-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml"
        },
        {
          "name": "21338",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21338"
        },
        {
          "name": "USN-330-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-330-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm"
        },
        {
          "name": "1016628",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016628"
        },
        {
          "name": "DSA-1137",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1137"
        },
        {
          "name": "21370",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21370"
        },
        {
          "name": "21598",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21598"
        },
        {
          "name": "RHSA-2006:0648",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0648.html"
        },
        {
          "name": "MDKSA-2006:137",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:137"
        },
        {
          "name": "ADV-2007-4034",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4034"
        },
        {
          "name": "SUSE-SA:2006:044",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_44_libtiff.html"
        },
        {
          "name": "21290",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21290"
        },
        {
          "name": "21274",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21274"
        },
        {
          "name": "ADV-2006-3105",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3105"
        },
        {
          "name": "RHSA-2006:0603",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0603.html"
        },
        {
          "name": "20060901-01-P",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
        },
        {
          "name": "21304",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21304"
        },
        {
          "name": "SSA:2006-230-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.536600"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-558"
        },
        {
          "name": "27832",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27832"
        },
        {
          "name": "21346",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21346"
        },
        {
          "name": "201331",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1"
        },
        {
          "name": "19286",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19286"
        },
        {
          "name": "21319",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21319"
        },
        {
          "name": "21392",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21392"
        },
        {
          "name": "21334",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21334"
        },
        {
          "name": "oval:org.mitre.oval:def:10916",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10916"
        },
        {
          "name": "22036",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22036"
        },
        {
          "name": "2006-0044",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://lwn.net/Alerts/194228/"
        },
        {
          "name": "103160",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2006-3464",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecified vectors involving \"unchecked arithmetic operations\"."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20060801-01-P",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"
            },
            {
              "name": "21501",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21501"
            },
            {
              "name": "MDKSA-2006:136",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:136"
            },
            {
              "name": "21537",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21537"
            },
            {
              "name": "21632",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21632"
            },
            {
              "name": "GLSA-200608-07",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml"
            },
            {
              "name": "21338",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21338"
            },
            {
              "name": "USN-330-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-330-1"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm"
            },
            {
              "name": "1016628",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016628"
            },
            {
              "name": "DSA-1137",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1137"
            },
            {
              "name": "21370",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21370"
            },
            {
              "name": "21598",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21598"
            },
            {
              "name": "RHSA-2006:0648",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0648.html"
            },
            {
              "name": "MDKSA-2006:137",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:137"
            },
            {
              "name": "ADV-2007-4034",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4034"
            },
            {
              "name": "SUSE-SA:2006:044",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2006_44_libtiff.html"
            },
            {
              "name": "21290",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21290"
            },
            {
              "name": "21274",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21274"
            },
            {
              "name": "ADV-2006-3105",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3105"
            },
            {
              "name": "RHSA-2006:0603",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0603.html"
            },
            {
              "name": "20060901-01-P",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
            },
            {
              "name": "21304",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21304"
            },
            {
              "name": "SSA:2006-230-01",
              "refsource": "SLACKWARE",
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.536600"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-558",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-558"
            },
            {
              "name": "27832",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27832"
            },
            {
              "name": "21346",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21346"
            },
            {
              "name": "201331",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1"
            },
            {
              "name": "19286",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19286"
            },
            {
              "name": "21319",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21319"
            },
            {
              "name": "21392",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21392"
            },
            {
              "name": "21334",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21334"
            },
            {
              "name": "oval:org.mitre.oval:def:10916",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10916"
            },
            {
              "name": "22036",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22036"
            },
            {
              "name": "2006-0044",
              "refsource": "TRUSTIX",
              "url": "http://lwn.net/Alerts/194228/"
            },
            {
              "name": "103160",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2006-3464",
    "datePublished": "2006-08-03T01:00:00",
    "dateReserved": "2006-07-10T00:00:00",
    "dateUpdated": "2024-08-07T18:30:33.995Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-9533
Vulnerability from cvelistv5
Published
2016-11-22 19:00
Modified
2024-08-06 02:50
Severity ?
Summary
tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka "PixarLog horizontalDifference heap-buffer-overflow."
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:50:38.585Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "94742",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94742"
          },
          {
            "name": "RHSA-2017:0225",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html"
          },
          {
            "name": "94484",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94484"
          },
          {
            "name": "DSA-3762",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3762"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-bdc795f6afeb9558c1012b3cfae729ef"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-11-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka \"PixarLog horizontalDifference heap-buffer-overflow.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "94742",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94742"
        },
        {
          "name": "RHSA-2017:0225",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html"
        },
        {
          "name": "94484",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94484"
        },
        {
          "name": "DSA-3762",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3762"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-bdc795f6afeb9558c1012b3cfae729ef"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-9533",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka \"PixarLog horizontalDifference heap-buffer-overflow.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "94742",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94742"
            },
            {
              "name": "RHSA-2017:0225",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html"
            },
            {
              "name": "94484",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94484"
            },
            {
              "name": "DSA-3762",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3762"
            },
            {
              "name": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-bdc795f6afeb9558c1012b3cfae729ef",
              "refsource": "CONFIRM",
              "url": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-bdc795f6afeb9558c1012b3cfae729ef"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-9533",
    "datePublished": "2016-11-22T19:00:00",
    "dateReserved": "2016-11-21T00:00:00",
    "dateUpdated": "2024-08-06T02:50:38.585Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-10268
Vulnerability from cvelistv5
Published
2017-03-24 19:00
Modified
2024-08-06 03:14
Severity ?
Summary
tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 78490" and libtiff/tif_unix.c:115:23.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:14:42.827Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/"
          },
          {
            "name": "GLSA-201709-27",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-27"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/vadz/libtiff/commit/5397a417e61258c69209904e652a1f409ec3b9df"
          },
          {
            "name": "USN-3602-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3602-1/"
          },
          {
            "name": "97202",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97202"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-03-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to \"READ of size 78490\" and libtiff/tif_unix.c:115:23."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-21T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/"
        },
        {
          "name": "GLSA-201709-27",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-27"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vadz/libtiff/commit/5397a417e61258c69209904e652a1f409ec3b9df"
        },
        {
          "name": "USN-3602-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3602-1/"
        },
        {
          "name": "97202",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97202"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-10268",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to \"READ of size 78490\" and libtiff/tif_unix.c:115:23."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/",
              "refsource": "MISC",
              "url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/"
            },
            {
              "name": "GLSA-201709-27",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-27"
            },
            {
              "name": "https://github.com/vadz/libtiff/commit/5397a417e61258c69209904e652a1f409ec3b9df",
              "refsource": "MISC",
              "url": "https://github.com/vadz/libtiff/commit/5397a417e61258c69209904e652a1f409ec3b9df"
            },
            {
              "name": "USN-3602-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3602-1/"
            },
            {
              "name": "97202",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97202"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-10268",
    "datePublished": "2017-03-24T19:00:00",
    "dateReserved": "2017-03-24T00:00:00",
    "dateUpdated": "2024-08-06T03:14:42.827Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-0804
Vulnerability from cvelistv5
Published
2004-10-16 04:00
Modified
2024-08-08 00:31
Severity ?
Summary
Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a denial of service (application crash) via a TIFF image that causes a divide-by-zero error when the number of row bytes is zero, a different vulnerability than CVE-2005-2452.
References
http://www.redhat.com/support/errata/RHSA-2004-577.htmlvendor-advisory, x_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDKSA-2004:109vendor-advisory, x_refsource_MANDRAKE
http://www.redhat.com/support/errata/RHSA-2005-021.htmlvendor-advisory, x_refsource_REDHAT
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1vendor-advisory, x_refsource_SUNALERT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100115vdb-entry, signature, x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11711vdb-entry, signature, x_refsource_OVAL
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1vendor-advisory, x_refsource_SUNALERT
http://www.novell.com/linux/security/advisories/2004_38_libtiff.htmlvendor-advisory, x_refsource_SUSE
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888vendor-advisory, x_refsource_CONECTIVA
http://www.mandriva.com/security/advisories?name=MDKSA-2005:052vendor-advisory, x_refsource_MANDRAKE
http://www.kde.org/info/security/advisory-20041209-2.txtx_refsource_CONFIRM
http://www.kb.cert.org/vuls/id/555304third-party-advisory, x_refsource_CERT-VN
http://www.redhat.com/support/errata/RHSA-2005-354.htmlvendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2004/dsa-567vendor-advisory, x_refsource_DEBIAN
https://exchange.xforce.ibmcloud.com/vulnerabilities/17755vdb-entry, x_refsource_XF
http://bugzilla.remotesensing.org/show_bug.cgi?id=111x_refsource_MISC
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:31:47.053Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2004:577",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-577.html"
          },
          {
            "name": "MDKSA-2004:109",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:109"
          },
          {
            "name": "RHSA-2005:021",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-021.html"
          },
          {
            "name": "201072",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1"
          },
          {
            "name": "oval:org.mitre.oval:def:100115",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100115"
          },
          {
            "name": "oval:org.mitre.oval:def:11711",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11711"
          },
          {
            "name": "101677",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1"
          },
          {
            "name": "SUSE-SA:2004:038",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2004_38_libtiff.html"
          },
          {
            "name": "CLA-2004:888",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000888"
          },
          {
            "name": "MDKSA-2005:052",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:052"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kde.org/info/security/advisory-20041209-2.txt"
          },
          {
            "name": "VU#555304",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/555304"
          },
          {
            "name": "RHSA-2005:354",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-354.html"
          },
          {
            "name": "DSA-567",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2004/dsa-567"
          },
          {
            "name": "libtiff-dos(17755)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17755"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=111"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-10-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a denial of service (application crash) via a TIFF image that causes a divide-by-zero error when the number of row bytes is zero, a different vulnerability than CVE-2005-2452."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2004:577",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-577.html"
        },
        {
          "name": "MDKSA-2004:109",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:109"
        },
        {
          "name": "RHSA-2005:021",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-021.html"
        },
        {
          "name": "201072",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1"
        },
        {
          "name": "oval:org.mitre.oval:def:100115",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100115"
        },
        {
          "name": "oval:org.mitre.oval:def:11711",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11711"
        },
        {
          "name": "101677",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1"
        },
        {
          "name": "SUSE-SA:2004:038",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2004_38_libtiff.html"
        },
        {
          "name": "CLA-2004:888",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000888"
        },
        {
          "name": "MDKSA-2005:052",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:052"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kde.org/info/security/advisory-20041209-2.txt"
        },
        {
          "name": "VU#555304",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/555304"
        },
        {
          "name": "RHSA-2005:354",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-354.html"
        },
        {
          "name": "DSA-567",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2004/dsa-567"
        },
        {
          "name": "libtiff-dos(17755)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17755"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=111"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0804",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a denial of service (application crash) via a TIFF image that causes a divide-by-zero error when the number of row bytes is zero, a different vulnerability than CVE-2005-2452."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2004:577",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-577.html"
            },
            {
              "name": "MDKSA-2004:109",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:109"
            },
            {
              "name": "RHSA-2005:021",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2005-021.html"
            },
            {
              "name": "201072",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1"
            },
            {
              "name": "oval:org.mitre.oval:def:100115",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100115"
            },
            {
              "name": "oval:org.mitre.oval:def:11711",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11711"
            },
            {
              "name": "101677",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1"
            },
            {
              "name": "SUSE-SA:2004:038",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2004_38_libtiff.html"
            },
            {
              "name": "CLA-2004:888",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000888"
            },
            {
              "name": "MDKSA-2005:052",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:052"
            },
            {
              "name": "http://www.kde.org/info/security/advisory-20041209-2.txt",
              "refsource": "CONFIRM",
              "url": "http://www.kde.org/info/security/advisory-20041209-2.txt"
            },
            {
              "name": "VU#555304",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/555304"
            },
            {
              "name": "RHSA-2005:354",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2005-354.html"
            },
            {
              "name": "DSA-567",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2004/dsa-567"
            },
            {
              "name": "libtiff-dos(17755)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17755"
            },
            {
              "name": "http://bugzilla.remotesensing.org/show_bug.cgi?id=111",
              "refsource": "MISC",
              "url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=111"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0804",
    "datePublished": "2004-10-16T04:00:00",
    "dateReserved": "2004-08-25T00:00:00",
    "dateUpdated": "2024-08-08T00:31:47.053Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-30774
Vulnerability from cvelistv5
Published
2023-05-19 00:00
Modified
2024-08-02 14:37
Severity ?
Summary
A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.
Impacted products
n/alibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:37:15.327Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/463"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-30774"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187139"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230703-0002/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213984"
          },
          {
            "name": "20231025 APPLE-SA-10-25-2023-4 macOS Sonoma 14.1",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Oct/24"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-25T23:07:20.204520",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/463"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2023-30774"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187139"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230703-0002/"
        },
        {
          "url": "https://support.apple.com/kb/HT213984"
        },
        {
          "name": "20231025 APPLE-SA-10-25-2023-4 macOS Sonoma 14.1",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2023/Oct/24"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-30774",
    "datePublished": "2023-05-19T00:00:00",
    "dateReserved": "2023-04-17T00:00:00",
    "dateUpdated": "2024-08-02T14:37:15.327Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-2024
Vulnerability from cvelistv5
Published
2006-04-25 23:00
Modified
2024-08-07 17:35
Severity ?
Summary
Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/26133vdb-entry, x_refsource_XF
http://secunia.com/advisories/19851third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/1563vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/20210third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/19949third-party-advisory, x_refsource_SECUNIA
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933x_refsource_CONFIRM
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1vendor-advisory, x_refsource_SUNALERT
https://usn.ubuntu.com/277-1/vendor-advisory, x_refsource_UBUNTU
http://www.gentoo.org/security/en/glsa/glsa-200605-17.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/20667third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9893vdb-entry, signature, x_refsource_OVAL
http://bugzilla.remotesensing.org/show_bug.cgi?id=1102x_refsource_MISC
http://secunia.com/advisories/19936third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/19964third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1vendor-advisory, x_refsource_SUNALERT
http://www.trustix.org/errata/2006/0024vendor-advisory, x_refsource_TRUSTIX
http://secunia.com/advisories/20345third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2006/dsa-1054vendor-advisory, x_refsource_DEBIAN
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.ascvendor-advisory, x_refsource_SGI
http://support.avaya.com/elmodocs2/security/ASA-2006-119.htmx_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2006-0425.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/19838third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/20021third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:082vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/19897third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/20023third-party-advisory, x_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2006_04_28.htmlvendor-advisory, x_refsource_SUSE
http://www.securityfocus.com/bid/17730vdb-entry, x_refsource_BID
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:35:31.058Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "libtiff-tifffetchanyarray-dos(26133)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26133"
          },
          {
            "name": "19851",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19851"
          },
          {
            "name": "ADV-2006-1563",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1563"
          },
          {
            "name": "20210",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20210"
          },
          {
            "name": "19949",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19949"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933"
          },
          {
            "name": "103099",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1"
          },
          {
            "name": "USN-277-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/277-1/"
          },
          {
            "name": "GLSA-200605-17",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml"
          },
          {
            "name": "20667",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20667"
          },
          {
            "name": "oval:org.mitre.oval:def:9893",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9893"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1102"
          },
          {
            "name": "19936",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19936"
          },
          {
            "name": "19964",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19964"
          },
          {
            "name": "201332",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1"
          },
          {
            "name": "2006-0024",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://www.trustix.org/errata/2006/0024"
          },
          {
            "name": "20345",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20345"
          },
          {
            "name": "DSA-1054",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1054"
          },
          {
            "name": "20060501-01-U",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm"
          },
          {
            "name": "RHSA-2006:0425",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0425.html"
          },
          {
            "name": "19838",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19838"
          },
          {
            "name": "20021",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20021"
          },
          {
            "name": "MDKSA-2006:082",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:082"
          },
          {
            "name": "19897",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19897"
          },
          {
            "name": "20023",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20023"
          },
          {
            "name": "SUSE-SR:2006:009",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
          },
          {
            "name": "17730",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/17730"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-04-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain \"codec cleanup methods\" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-03T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "libtiff-tifffetchanyarray-dos(26133)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26133"
        },
        {
          "name": "19851",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19851"
        },
        {
          "name": "ADV-2006-1563",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1563"
        },
        {
          "name": "20210",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20210"
        },
        {
          "name": "19949",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19949"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933"
        },
        {
          "name": "103099",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1"
        },
        {
          "name": "USN-277-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/277-1/"
        },
        {
          "name": "GLSA-200605-17",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml"
        },
        {
          "name": "20667",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20667"
        },
        {
          "name": "oval:org.mitre.oval:def:9893",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9893"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1102"
        },
        {
          "name": "19936",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19936"
        },
        {
          "name": "19964",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19964"
        },
        {
          "name": "201332",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1"
        },
        {
          "name": "2006-0024",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://www.trustix.org/errata/2006/0024"
        },
        {
          "name": "20345",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20345"
        },
        {
          "name": "DSA-1054",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1054"
        },
        {
          "name": "20060501-01-U",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm"
        },
        {
          "name": "RHSA-2006:0425",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0425.html"
        },
        {
          "name": "19838",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19838"
        },
        {
          "name": "20021",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20021"
        },
        {
          "name": "MDKSA-2006:082",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:082"
        },
        {
          "name": "19897",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19897"
        },
        {
          "name": "20023",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20023"
        },
        {
          "name": "SUSE-SR:2006:009",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
        },
        {
          "name": "17730",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/17730"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-2024",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain \"codec cleanup methods\" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "libtiff-tifffetchanyarray-dos(26133)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26133"
            },
            {
              "name": "19851",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19851"
            },
            {
              "name": "ADV-2006-1563",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/1563"
            },
            {
              "name": "20210",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20210"
            },
            {
              "name": "19949",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19949"
            },
            {
              "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933"
            },
            {
              "name": "103099",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1"
            },
            {
              "name": "USN-277-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/277-1/"
            },
            {
              "name": "GLSA-200605-17",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml"
            },
            {
              "name": "20667",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20667"
            },
            {
              "name": "oval:org.mitre.oval:def:9893",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9893"
            },
            {
              "name": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1102",
              "refsource": "MISC",
              "url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1102"
            },
            {
              "name": "19936",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19936"
            },
            {
              "name": "19964",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19964"
            },
            {
              "name": "201332",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1"
            },
            {
              "name": "2006-0024",
              "refsource": "TRUSTIX",
              "url": "http://www.trustix.org/errata/2006/0024"
            },
            {
              "name": "20345",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20345"
            },
            {
              "name": "DSA-1054",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1054"
            },
            {
              "name": "20060501-01-U",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm"
            },
            {
              "name": "RHSA-2006:0425",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0425.html"
            },
            {
              "name": "19838",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19838"
            },
            {
              "name": "20021",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20021"
            },
            {
              "name": "MDKSA-2006:082",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:082"
            },
            {
              "name": "19897",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19897"
            },
            {
              "name": "20023",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20023"
            },
            {
              "name": "SUSE-SR:2006:009",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
            },
            {
              "name": "17730",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/17730"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-2024",
    "datePublished": "2006-04-25T23:00:00",
    "dateReserved": "2006-04-25T00:00:00",
    "dateUpdated": "2024-08-07T17:35:31.058Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-2867
Vulnerability from cvelistv5
Published
2022-08-17 00:00
Modified
2024-08-03 00:52
Severity ?
Summary
libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation.
Impacted products
n/alibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:52:59.602Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118847"
          },
          {
            "name": "[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
          },
          {
            "name": "DSA-5333",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5333"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "libtiff 4.4.0rc1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "libtiff\u0027s tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-191",
              "description": "CWE-191-\u003e(CWE-125|CWE-787)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-30T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118847"
        },
        {
          "name": "[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
        },
        {
          "name": "DSA-5333",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5333"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-2867",
    "datePublished": "2022-08-17T00:00:00",
    "dateReserved": "2022-08-16T00:00:00",
    "dateUpdated": "2024-08-03T00:52:59.602Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-5319
Vulnerability from cvelistv5
Published
2017-01-20 15:00
Modified
2024-08-06 01:00
Severity ?
Summary
Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file.
References
https://security.gentoo.org/glsa/201701-16vendor-advisory, x_refsource_GENTOO
http://www.securityfocus.com/bid/88604vdb-entry, x_refsource_BID
http://www.openwall.com/lists/oss-security/2016/04/27/6mailing-list, x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2016/06/07/1mailing-list, x_refsource_MLIST
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:00:59.968Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "name": "88604",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/88604"
          },
          {
            "name": "[oss-security] 20160427 3 bugs refer to buffer overflow in in libtiff 4.0.6",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/04/27/6"
          },
          {
            "name": "[oss-security] 20160606 3 bugs refer to buffer overflow in in libtiff 4.0.6",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/07/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-06-30T16:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "name": "88604",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/88604"
        },
        {
          "name": "[oss-security] 20160427 3 bugs refer to buffer overflow in in libtiff 4.0.6",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/04/27/6"
        },
        {
          "name": "[oss-security] 20160606 3 bugs refer to buffer overflow in in libtiff 4.0.6",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/07/1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-5319",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "88604",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/88604"
            },
            {
              "name": "[oss-security] 20160427 3 bugs refer to buffer overflow in in libtiff 4.0.6",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/04/27/6"
            },
            {
              "name": "[oss-security] 20160606 3 bugs refer to buffer overflow in in libtiff 4.0.6",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/06/07/1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-5319",
    "datePublished": "2017-01-20T15:00:00",
    "dateReserved": "2016-06-06T00:00:00",
    "dateUpdated": "2024-08-06T01:00:59.968Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-8783
Vulnerability from cvelistv5
Published
2016-02-01 21:00
Modified
2024-08-06 08:29
Severity ?
Summary
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:29:22.010Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "name": "openSUSE-SU-2016:0414",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00064.html"
          },
          {
            "name": "RHSA-2016:1547",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "name": "81730",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/81730"
          },
          {
            "name": "openSUSE-SU-2016:0405",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00058.html"
          },
          {
            "name": "USN-2939-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2939-1"
          },
          {
            "name": "[oss-security] 20160124 Re: CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/01/24/7"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2522"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "RHSA-2016:1546",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
          },
          {
            "name": "[oss-security] 20160124 CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/01/24/3"
          },
          {
            "name": "DSA-3467",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3467"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-01-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "name": "openSUSE-SU-2016:0414",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00064.html"
        },
        {
          "name": "RHSA-2016:1547",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "name": "81730",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/81730"
        },
        {
          "name": "openSUSE-SU-2016:0405",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00058.html"
        },
        {
          "name": "USN-2939-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2939-1"
        },
        {
          "name": "[oss-security] 20160124 Re: CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/01/24/7"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2522"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "name": "RHSA-2016:1546",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
        },
        {
          "name": "[oss-security] 20160124 CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/01/24/3"
        },
        {
          "name": "DSA-3467",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3467"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2015-8783",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "name": "openSUSE-SU-2016:0414",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00064.html"
            },
            {
              "name": "RHSA-2016:1547",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "81730",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/81730"
            },
            {
              "name": "openSUSE-SU-2016:0405",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00058.html"
            },
            {
              "name": "USN-2939-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2939-1"
            },
            {
              "name": "[oss-security] 20160124 Re: CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/01/24/7"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2522",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2522"
            },
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "RHSA-2016:1546",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
            },
            {
              "name": "[oss-security] 20160124 CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/01/24/3"
            },
            {
              "name": "DSA-3467",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3467"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2015-8783",
    "datePublished": "2016-02-01T21:00:00",
    "dateReserved": "2016-01-24T00:00:00",
    "dateUpdated": "2024-08-06T08:29:22.010Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-2483
Vulnerability from cvelistv5
Published
2010-07-06 14:00
Modified
2024-08-07 02:32
Severity ?
Summary
The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values.
References
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:32:16.838Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/591605"
          },
          {
            "name": "[oss-security] 20100624 Re: CVE requests: LibTIFF",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=127736307002102\u0026w=2"
          },
          {
            "name": "40527",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40527"
          },
          {
            "name": "[oss-security] 20100629 Re: CVE requests: LibTIFF",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=127781315415896\u0026w=2"
          },
          {
            "name": "[oss-security] 20100623 CVE requests: LibTIFF",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=127731610612908\u0026w=2"
          },
          {
            "name": "ADV-2010-1761",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1761"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2216"
          },
          {
            "name": "GLSA-201209-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
          },
          {
            "name": "RHSA-2010:0519",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0519.html"
          },
          {
            "name": "40422",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40422"
          },
          {
            "name": "[oss-security] 20100624 Re: CVE requests: LibTIFF",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=127738540902757\u0026w=2"
          },
          {
            "name": "[oss-security] 20100701 Re: CVE requests: LibTIFF",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=127797353202873\u0026w=2"
          },
          {
            "name": "[oss-security] 20100630 Re: CVE requests: LibTIFF",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/06/30/22"
          },
          {
            "name": "50726",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50726"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=603081"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-06-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-07-15T09:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/591605"
        },
        {
          "name": "[oss-security] 20100624 Re: CVE requests: LibTIFF",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=127736307002102\u0026w=2"
        },
        {
          "name": "40527",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40527"
        },
        {
          "name": "[oss-security] 20100629 Re: CVE requests: LibTIFF",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=127781315415896\u0026w=2"
        },
        {
          "name": "[oss-security] 20100623 CVE requests: LibTIFF",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=127731610612908\u0026w=2"
        },
        {
          "name": "ADV-2010-1761",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1761"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2216"
        },
        {
          "name": "GLSA-201209-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
        },
        {
          "name": "RHSA-2010:0519",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0519.html"
        },
        {
          "name": "40422",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40422"
        },
        {
          "name": "[oss-security] 20100624 Re: CVE requests: LibTIFF",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=127738540902757\u0026w=2"
        },
        {
          "name": "[oss-security] 20100701 Re: CVE requests: LibTIFF",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=127797353202873\u0026w=2"
        },
        {
          "name": "[oss-security] 20100630 Re: CVE requests: LibTIFF",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/06/30/22"
        },
        {
          "name": "50726",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50726"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=603081"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-2483",
    "datePublished": "2010-07-06T14:00:00",
    "dateReserved": "2010-06-28T00:00:00",
    "dateUpdated": "2024-08-07T02:32:16.838Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-2597
Vulnerability from cvelistv5
Published
2010-07-01 18:00
Modified
2024-08-07 02:39
Severity ?
Summary
The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image, related to "downsampled OJPEG input" and possibly related to a compiler optimization that triggers a divide-by-zero error.
References
https://bugzilla.redhat.com/show_bug.cgi?id=603703x_refsource_CONFIRM
http://secunia.com/advisories/40527third-party-advisory, x_refsource_SECUNIA
http://bugzilla.maptools.org/show_bug.cgi?id=2215x_refsource_CONFIRM
http://www.debian.org/security/2012/dsa-2552vendor-advisory, x_refsource_DEBIAN
https://bugs.launchpad.net/bugs/593067x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/1761vdb-entry, x_refsource_VUPEN
http://security.gentoo.org/glsa/glsa-201209-02.xmlvendor-advisory, x_refsource_GENTOO
http://www.redhat.com/support/errata/RHSA-2010-0519.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/40422third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/50726third-party-advisory, x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=583081x_refsource_CONFIRM
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:39:37.346Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=603703"
          },
          {
            "name": "40527",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40527"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2215"
          },
          {
            "name": "DSA-2552",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2552"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/bugs/593067"
          },
          {
            "name": "ADV-2010-1761",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1761"
          },
          {
            "name": "GLSA-201209-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
          },
          {
            "name": "RHSA-2010:0519",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0519.html"
          },
          {
            "name": "40422",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40422"
          },
          {
            "name": "50726",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50726"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=583081"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-06-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image, related to \"downsampled OJPEG input\" and possibly related to a compiler optimization that triggers a divide-by-zero error."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-07-08T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=603703"
        },
        {
          "name": "40527",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40527"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2215"
        },
        {
          "name": "DSA-2552",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2552"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.launchpad.net/bugs/593067"
        },
        {
          "name": "ADV-2010-1761",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1761"
        },
        {
          "name": "GLSA-201209-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
        },
        {
          "name": "RHSA-2010:0519",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0519.html"
        },
        {
          "name": "40422",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40422"
        },
        {
          "name": "50726",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50726"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=583081"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-2597",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image, related to \"downsampled OJPEG input\" and possibly related to a compiler optimization that triggers a divide-by-zero error."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=603703",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=603703"
            },
            {
              "name": "40527",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40527"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2215",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2215"
            },
            {
              "name": "DSA-2552",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2552"
            },
            {
              "name": "https://bugs.launchpad.net/bugs/593067",
              "refsource": "CONFIRM",
              "url": "https://bugs.launchpad.net/bugs/593067"
            },
            {
              "name": "ADV-2010-1761",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/1761"
            },
            {
              "name": "GLSA-201209-02",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
            },
            {
              "name": "RHSA-2010:0519",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0519.html"
            },
            {
              "name": "40422",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40422"
            },
            {
              "name": "50726",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50726"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=583081",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=583081"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-2597",
    "datePublished": "2010-07-01T18:00:00",
    "dateReserved": "2010-07-01T00:00:00",
    "dateUpdated": "2024-08-07T02:39:37.346Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-5022
Vulnerability from cvelistv5
Published
2011-05-03 20:00
Modified
2024-08-07 07:24
Severity ?
Summary
Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file.
References
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:24:53.996Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20110412 libtiff CVE assignments",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/04/12/10"
          },
          {
            "name": "DSA-2256",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2256"
          },
          {
            "name": "libtiff-ojpeg-bo(66774)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66774"
          },
          {
            "name": "44271",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44271"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=1999"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=695885"
          },
          {
            "name": "1025380",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1025380"
          },
          {
            "name": "MDVSA-2011:078",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:078"
          },
          {
            "name": "GLSA-201209-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
          },
          {
            "name": "FEDORA-2011-5304",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058478.html"
          },
          {
            "name": "ADV-2011-1014",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/1014"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.remotesensing.org/libtiff/v3.9.5.html"
          },
          {
            "name": "ADV-2011-1082",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/1082"
          },
          {
            "name": "47338",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47338"
          },
          {
            "name": "USN-1120-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1120-1"
          },
          {
            "name": "RHSA-2011:0452",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0452.html"
          },
          {
            "name": "50726",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50726"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-02-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20110412 libtiff CVE assignments",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/04/12/10"
        },
        {
          "name": "DSA-2256",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2256"
        },
        {
          "name": "libtiff-ojpeg-bo(66774)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66774"
        },
        {
          "name": "44271",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44271"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=1999"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=695885"
        },
        {
          "name": "1025380",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1025380"
        },
        {
          "name": "MDVSA-2011:078",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:078"
        },
        {
          "name": "GLSA-201209-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
        },
        {
          "name": "FEDORA-2011-5304",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058478.html"
        },
        {
          "name": "ADV-2011-1014",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/1014"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.remotesensing.org/libtiff/v3.9.5.html"
        },
        {
          "name": "ADV-2011-1082",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/1082"
        },
        {
          "name": "47338",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47338"
        },
        {
          "name": "USN-1120-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1120-1"
        },
        {
          "name": "RHSA-2011:0452",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0452.html"
        },
        {
          "name": "50726",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50726"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-5022",
    "datePublished": "2011-05-03T20:00:00",
    "dateReserved": "2010-12-09T00:00:00",
    "dateUpdated": "2024-08-07T07:24:53.996Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-8665
Vulnerability from cvelistv5
Published
2016-04-13 17:00
Modified
2024-08-06 08:20
Severity ?
Summary
tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:20:43.532Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1035508",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035508"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "name": "RHSA-2016:1547",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "name": "USN-2939-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2939-1"
          },
          {
            "name": "[oss-security] 20151224 Re: CVE request --  Out-of-bounds Read in libtiff",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/12/24/4"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "[oss-security] 20151224 CVE request --  Out-of-bounds Read in libtiff",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/12/24/2"
          },
          {
            "name": "RHSA-2016:1546",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
          },
          {
            "name": "DSA-3467",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3467"
          },
          {
            "name": "79728",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/79728"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1035508",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035508"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "name": "RHSA-2016:1547",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "name": "USN-2939-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2939-1"
        },
        {
          "name": "[oss-security] 20151224 Re: CVE request --  Out-of-bounds Read in libtiff",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/12/24/4"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "name": "[oss-security] 20151224 CVE request --  Out-of-bounds Read in libtiff",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/12/24/2"
        },
        {
          "name": "RHSA-2016:1546",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
        },
        {
          "name": "DSA-3467",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3467"
        },
        {
          "name": "79728",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/79728"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8665",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1035508",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035508"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "name": "RHSA-2016:1547",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "USN-2939-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2939-1"
            },
            {
              "name": "[oss-security] 20151224 Re: CVE request --  Out-of-bounds Read in libtiff",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/12/24/4"
            },
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "[oss-security] 20151224 CVE request --  Out-of-bounds Read in libtiff",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/12/24/2"
            },
            {
              "name": "RHSA-2016:1546",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
            },
            {
              "name": "DSA-3467",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3467"
            },
            {
              "name": "79728",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/79728"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8665",
    "datePublished": "2016-04-13T17:00:00",
    "dateReserved": "2015-12-24T00:00:00",
    "dateUpdated": "2024-08-06T08:20:43.532Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-0797
Vulnerability from cvelistv5
Published
2023-02-13 00:00
Modified
2024-08-02 05:24
Summary
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
Impacted products
libtifflibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:24:34.516Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/495"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0797.json"
          },
          {
            "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"
          },
          {
            "name": "DSA-5361",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5361"
          },
          {
            "name": "GLSA-202305-31",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-31"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "libtiff",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c=4.4.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "wangdw.augustus@gmail.com"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bounds read in libtiff",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-30T00:00:00",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/495"
        },
        {
          "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0797.json"
        },
        {
          "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"
        },
        {
          "name": "DSA-5361",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5361"
        },
        {
          "name": "GLSA-202305-31",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202305-31"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2023-0797",
    "datePublished": "2023-02-13T00:00:00",
    "dateReserved": "2023-02-12T00:00:00",
    "dateUpdated": "2024-08-02T05:24:34.516Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-9532
Vulnerability from cvelistv5
Published
2017-02-06 17:00
Modified
2024-08-06 02:50
Severity ?
Summary
Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:50:38.682Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "94424",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94424"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397726"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "name": "[oss-security] 20161121 Re: CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/11/22/1"
          },
          {
            "name": "[oss-security] 20161111 CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/11/11/14"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2592"
          },
          {
            "name": "DSA-3762",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3762"
          },
          {
            "name": "[oss-security] 20161121 Re: CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/11/21/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-11-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-02-06T16:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "94424",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94424"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397726"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "name": "[oss-security] 20161121 Re: CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/11/22/1"
        },
        {
          "name": "[oss-security] 20161111 CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/11/11/14"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2592"
        },
        {
          "name": "DSA-3762",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3762"
        },
        {
          "name": "[oss-security] 20161121 Re: CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/11/21/1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-9532",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "94424",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94424"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1397726",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397726"
            },
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "[oss-security] 20161121 Re: CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/11/22/1"
            },
            {
              "name": "[oss-security] 20161111 CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/11/11/14"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2592",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2592"
            },
            {
              "name": "DSA-3762",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3762"
            },
            {
              "name": "[oss-security] 20161121 Re: CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/11/21/1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-9532",
    "datePublished": "2017-02-06T17:00:00",
    "dateReserved": "2016-11-21T00:00:00",
    "dateUpdated": "2024-08-06T02:50:38.682Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-0909
Vulnerability from cvelistv5
Published
2022-03-11 00:00
Modified
2024-08-02 23:47
Summary
Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.
Impacted products
libtifflibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:47:42.113Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/393"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/310"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0909.json"
          },
          {
            "name": "DSA-5108",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5108"
          },
          {
            "name": "FEDORA-2022-e2996202a0",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/"
          },
          {
            "name": "FEDORA-2022-c39720a0ed",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220506-0002/"
          },
          {
            "name": "GLSA-202210-10",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-10"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "libtiff",
          "versions": [
            {
              "status": "affected",
              "version": "=4.3.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "wangdw.augustus@gmail.com"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Divide by zero in libtiff",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-31T00:00:00",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/393"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/310"
        },
        {
          "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0909.json"
        },
        {
          "name": "DSA-5108",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5108"
        },
        {
          "name": "FEDORA-2022-e2996202a0",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/"
        },
        {
          "name": "FEDORA-2022-c39720a0ed",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220506-0002/"
        },
        {
          "name": "GLSA-202210-10",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-10"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2022-0909",
    "datePublished": "2022-03-11T00:00:00",
    "dateReserved": "2022-03-10T00:00:00",
    "dateUpdated": "2024-08-02T23:47:42.113Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-2630
Vulnerability from cvelistv5
Published
2010-07-06 15:00
Modified
2024-08-07 02:39
Severity ?
Summary
The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.
References
https://bugzilla.redhat.com/show_bug.cgi?id=554371x_refsource_CONFIRM
http://bugzilla.maptools.org/show_bug.cgi?id=2210x_refsource_CONFIRM
http://www.debian.org/security/2012/dsa-2552vendor-advisory, x_refsource_DEBIAN
http://security.gentoo.org/glsa/glsa-201209-02.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/50726third-party-advisory, x_refsource_SECUNIA
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:39:37.761Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554371"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2210"
          },
          {
            "name": "DSA-2552",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2552"
          },
          {
            "name": "GLSA-201209-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
          },
          {
            "name": "50726",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50726"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-06-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-10-13T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554371"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2210"
        },
        {
          "name": "DSA-2552",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2552"
        },
        {
          "name": "GLSA-201209-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
        },
        {
          "name": "50726",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50726"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-2630",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=554371",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=554371"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2210",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2210"
            },
            {
              "name": "DSA-2552",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2552"
            },
            {
              "name": "GLSA-201209-02",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
            },
            {
              "name": "50726",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50726"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-2630",
    "datePublished": "2010-07-06T15:00:00",
    "dateReserved": "2010-07-06T00:00:00",
    "dateUpdated": "2024-08-07T02:39:37.761Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-8129
Vulnerability from cvelistv5
Published
2018-03-12 02:00
Modified
2024-08-06 13:10
Severity ?
Summary
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:10:50.996Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT204941"
          },
          {
            "name": "RHSA-2016:1547",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2488"
          },
          {
            "name": "APPLE-SA-2015-06-30-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
          },
          {
            "name": "[oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2015/01/24/15"
          },
          {
            "name": "72352",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/72352"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185815"
          },
          {
            "name": "1032760",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032760"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2487"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT204942"
          },
          {
            "name": "APPLE-SA-2015-06-30-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
          },
          {
            "name": "RHSA-2016:1546",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
          },
          {
            "name": "DSA-3273",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2015/dsa-3273"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-06-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-12T09:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT204941"
        },
        {
          "name": "RHSA-2016:1547",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2488"
        },
        {
          "name": "APPLE-SA-2015-06-30-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
        },
        {
          "name": "[oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2015/01/24/15"
        },
        {
          "name": "72352",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/72352"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185815"
        },
        {
          "name": "1032760",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032760"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2487"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT204942"
        },
        {
          "name": "APPLE-SA-2015-06-30-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
        },
        {
          "name": "RHSA-2016:1546",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
        },
        {
          "name": "DSA-3273",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2015/dsa-3273"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-8129",
    "datePublished": "2018-03-12T02:00:00",
    "dateReserved": "2014-10-10T00:00:00",
    "dateUpdated": "2024-08-06T13:10:50.996Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-2193
Vulnerability from cvelistv5
Published
2006-06-08 19:00
Modified
2024-08-07 17:43
Severity ?
Summary
Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character is sign extended to an integer that produces more digits than expected in an sprintf call.
References
http://www.vupen.com/english/advisories/2007/3486vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/31670third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:102vendor-advisory, x_refsource_MANDRIVA
http://www.vupen.com/english/advisories/2006/2197vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/20520third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/20766third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/20488third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200607-03.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/20501third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/27222third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/4034vdb-entry, x_refsource_VUPEN
http://bugzilla.remotesensing.org/show_bug.cgi?id=1196x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9788vdb-entry, signature, x_refsource_OVAL
http://www.debian.org/security/2006/dsa-1091vendor-advisory, x_refsource_DEBIAN
http://www.redhat.com/support/errata/RHSA-2008-0848.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/27181third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/20693third-party-advisory, x_refsource_SECUNIA
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/27832third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/26991vdb-entry, x_refsource_XF
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1vendor-advisory, x_refsource_SUNALERT
http://secunia.com/advisories/21002third-party-advisory, x_refsource_SECUNIA
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=370355x_refsource_CONFIRM
http://www.securityfocus.com/bid/18331vdb-entry, x_refsource_BID
https://usn.ubuntu.com/289-1/vendor-advisory, x_refsource_UBUNTU
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1vendor-advisory, x_refsource_SUNALERT
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:43:27.935Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2007-3486",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3486"
          },
          {
            "name": "31670",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31670"
          },
          {
            "name": "MDKSA-2006:102",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:102"
          },
          {
            "name": "ADV-2006-2197",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2197"
          },
          {
            "name": "20520",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20520"
          },
          {
            "name": "20766",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20766"
          },
          {
            "name": "20488",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20488"
          },
          {
            "name": "GLSA-200607-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200607-03.xml"
          },
          {
            "name": "20501",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20501"
          },
          {
            "name": "27222",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27222"
          },
          {
            "name": "ADV-2007-4034",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4034"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1196"
          },
          {
            "name": "oval:org.mitre.oval:def:9788",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9788"
          },
          {
            "name": "DSA-1091",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1091"
          },
          {
            "name": "RHSA-2008:0848",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0848.html"
          },
          {
            "name": "27181",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27181"
          },
          {
            "name": "20693",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20693"
          },
          {
            "name": "SUSE-SR:2006:014",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html"
          },
          {
            "name": "27832",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27832"
          },
          {
            "name": "libtiff-tiff2pdf-bo(26991)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26991"
          },
          {
            "name": "201331",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1"
          },
          {
            "name": "21002",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21002"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=370355"
          },
          {
            "name": "18331",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/18331"
          },
          {
            "name": "USN-289-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/289-1/"
          },
          {
            "name": "103160",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-06-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character is sign extended to an integer that produces more digits than expected in an sprintf call."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-03T20:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "ADV-2007-3486",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3486"
        },
        {
          "name": "31670",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31670"
        },
        {
          "name": "MDKSA-2006:102",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:102"
        },
        {
          "name": "ADV-2006-2197",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2197"
        },
        {
          "name": "20520",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20520"
        },
        {
          "name": "20766",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20766"
        },
        {
          "name": "20488",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20488"
        },
        {
          "name": "GLSA-200607-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200607-03.xml"
        },
        {
          "name": "20501",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20501"
        },
        {
          "name": "27222",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27222"
        },
        {
          "name": "ADV-2007-4034",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4034"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1196"
        },
        {
          "name": "oval:org.mitre.oval:def:9788",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9788"
        },
        {
          "name": "DSA-1091",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1091"
        },
        {
          "name": "RHSA-2008:0848",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0848.html"
        },
        {
          "name": "27181",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27181"
        },
        {
          "name": "20693",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20693"
        },
        {
          "name": "SUSE-SR:2006:014",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html"
        },
        {
          "name": "27832",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27832"
        },
        {
          "name": "libtiff-tiff2pdf-bo(26991)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26991"
        },
        {
          "name": "201331",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1"
        },
        {
          "name": "21002",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21002"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=370355"
        },
        {
          "name": "18331",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/18331"
        },
        {
          "name": "USN-289-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/289-1/"
        },
        {
          "name": "103160",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2006-2193",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character is sign extended to an integer that produces more digits than expected in an sprintf call."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2007-3486",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3486"
            },
            {
              "name": "31670",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31670"
            },
            {
              "name": "MDKSA-2006:102",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:102"
            },
            {
              "name": "ADV-2006-2197",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2197"
            },
            {
              "name": "20520",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20520"
            },
            {
              "name": "20766",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20766"
            },
            {
              "name": "20488",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20488"
            },
            {
              "name": "GLSA-200607-03",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200607-03.xml"
            },
            {
              "name": "20501",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20501"
            },
            {
              "name": "27222",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27222"
            },
            {
              "name": "ADV-2007-4034",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4034"
            },
            {
              "name": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1196",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1196"
            },
            {
              "name": "oval:org.mitre.oval:def:9788",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9788"
            },
            {
              "name": "DSA-1091",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1091"
            },
            {
              "name": "RHSA-2008:0848",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0848.html"
            },
            {
              "name": "27181",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27181"
            },
            {
              "name": "20693",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20693"
            },
            {
              "name": "SUSE-SR:2006:014",
              "refsource": "SUSE",
              "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html"
            },
            {
              "name": "27832",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27832"
            },
            {
              "name": "libtiff-tiff2pdf-bo(26991)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26991"
            },
            {
              "name": "201331",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1"
            },
            {
              "name": "21002",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21002"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=370355",
              "refsource": "CONFIRM",
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=370355"
            },
            {
              "name": "18331",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/18331"
            },
            {
              "name": "USN-289-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/289-1/"
            },
            {
              "name": "103160",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2006-2193",
    "datePublished": "2006-06-08T19:00:00",
    "dateReserved": "2006-05-04T00:00:00",
    "dateUpdated": "2024-08-07T17:43:27.935Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-35524
Vulnerability from cvelistv5
Published
2021-03-09 19:17
Modified
2024-08-04 17:02
Severity ?
Summary
A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Impacted products
n/alibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:02:08.235Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/rzkn/libtiff/-/commit/7be2e452ddcf6d7abca88f41d3761e6edab72b22"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/159"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932044"
          },
          {
            "name": "DSA-4869",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4869"
          },
          {
            "name": "FEDORA-2021-1bf4f2f13a",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/"
          },
          {
            "name": "GLSA-202104-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202104-06"
          },
          {
            "name": "[debian-lts-announce] 20210627 [SECURITY] [DLA 2694-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00023.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210521-0009/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "libtiff 4.2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff\u0027s TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-08T10:45:33",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/rzkn/libtiff/-/commit/7be2e452ddcf6d7abca88f41d3761e6edab72b22"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/159"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932044"
        },
        {
          "name": "DSA-4869",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4869"
        },
        {
          "name": "FEDORA-2021-1bf4f2f13a",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/"
        },
        {
          "name": "GLSA-202104-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202104-06"
        },
        {
          "name": "[debian-lts-announce] 20210627 [SECURITY] [DLA 2694-1] tiff security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00023.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210521-0009/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-35524",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "libtiff",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "libtiff 4.2.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff\u0027s TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://gitlab.com/rzkn/libtiff/-/commit/7be2e452ddcf6d7abca88f41d3761e6edab72b22",
              "refsource": "MISC",
              "url": "https://gitlab.com/rzkn/libtiff/-/commit/7be2e452ddcf6d7abca88f41d3761e6edab72b22"
            },
            {
              "name": "https://gitlab.com/libtiff/libtiff/-/merge_requests/159",
              "refsource": "MISC",
              "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/159"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1932044",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932044"
            },
            {
              "name": "DSA-4869",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4869"
            },
            {
              "name": "FEDORA-2021-1bf4f2f13a",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/"
            },
            {
              "name": "GLSA-202104-06",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202104-06"
            },
            {
              "name": "[debian-lts-announce] 20210627 [SECURITY] [DLA 2694-1] tiff security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00023.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210521-0009/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210521-0009/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-35524",
    "datePublished": "2021-03-09T19:17:54",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-04T17:02:08.235Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-3658
Vulnerability from cvelistv5
Published
2016-10-03 16:00
Modified
2024-08-06 00:03
Severity ?
Summary
The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving the ma variable.
References
http://www.debian.org/security/2017/dsa-3844vendor-advisory, x_refsource_DEBIAN
http://bugzilla.maptools.org/show_bug.cgi?id=2546x_refsource_MISC
https://security.gentoo.org/glsa/201701-16vendor-advisory, x_refsource_GENTOO
http://www.openwall.com/lists/oss-security/2016/04/08/12mailing-list, x_refsource_MLIST
http://www.securityfocus.com/bid/93331vdb-entry, x_refsource_BID
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:03:34.413Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-3844",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3844"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2546"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "name": "[oss-security] 20160408 CVE-2016-3658 - libtiff 4.0.6 illegel read",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/04/08/12"
          },
          {
            "name": "93331",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93331"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving the ma variable."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-03T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-3844",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3844"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2546"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "name": "[oss-security] 20160408 CVE-2016-3658 - libtiff 4.0.6 illegel read",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/04/08/12"
        },
        {
          "name": "93331",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93331"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-3658",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving the ma variable."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-3844",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3844"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2546",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2546"
            },
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "[oss-security] 20160408 CVE-2016-3658 - libtiff 4.0.6 illegel read",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/04/08/12"
            },
            {
              "name": "93331",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93331"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-3658",
    "datePublished": "2016-10-03T16:00:00",
    "dateReserved": "2016-03-24T00:00:00",
    "dateUpdated": "2024-08-06T00:03:34.413Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-9815
Vulnerability from cvelistv5
Published
2017-06-22 15:00
Modified
2024-08-05 17:18
Severity ?
Summary
In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a denial of service (memory leak within the function _TIFFmalloc in tif_unix.c) via a crafted file.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:18:01.934Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3602-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3602-1/"
          },
          {
            "name": "99235",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99235"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2682"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://somevulnsofadlab.blogspot.jp/2017/06/libtiffmemory-leak-in-tiffmalloc.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-06-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a denial of service (memory leak within the function _TIFFmalloc in tif_unix.c) via a crafted file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-21T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3602-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3602-1/"
        },
        {
          "name": "99235",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99235"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2682"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://somevulnsofadlab.blogspot.jp/2017/06/libtiffmemory-leak-in-tiffmalloc.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-9815",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a denial of service (memory leak within the function _TIFFmalloc in tif_unix.c) via a crafted file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3602-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3602-1/"
            },
            {
              "name": "99235",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99235"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2682",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2682"
            },
            {
              "name": "http://somevulnsofadlab.blogspot.jp/2017/06/libtiffmemory-leak-in-tiffmalloc.html",
              "refsource": "MISC",
              "url": "http://somevulnsofadlab.blogspot.jp/2017/06/libtiffmemory-leak-in-tiffmalloc.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-9815",
    "datePublished": "2017-06-22T15:00:00",
    "dateReserved": "2017-06-22T00:00:00",
    "dateUpdated": "2024-08-05T17:18:01.934Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-17000
Vulnerability from cvelistv5
Published
2018-09-13 16:00
Modified
2024-08-05 10:39
Severity ?
Summary
A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction) in LibTIFF 4.0.9 allows an attacker to cause a denial-of-service through a crafted tiff file. This vulnerability can be triggered by the executable tiffcp.
References
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T10:39:59.522Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2811"
          },
          {
            "name": "105342",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105342"
          },
          {
            "name": "USN-3906-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3906-1/"
          },
          {
            "name": "[debian-lts-announce] 20190218 [SECURITY] [DLA 1680-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00026.html"
          },
          {
            "name": "openSUSE-SU-2019:1161",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html"
          },
          {
            "name": "DSA-4670",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4670"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-09-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction) in LibTIFF 4.0.9 allows an attacker to cause a denial-of-service through a crafted tiff file. This vulnerability can be triggered by the executable tiffcp."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-30T12:06:14",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2811"
        },
        {
          "name": "105342",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105342"
        },
        {
          "name": "USN-3906-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3906-1/"
        },
        {
          "name": "[debian-lts-announce] 20190218 [SECURITY] [DLA 1680-1] tiff security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00026.html"
        },
        {
          "name": "openSUSE-SU-2019:1161",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html"
        },
        {
          "name": "DSA-4670",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4670"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-17000",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction) in LibTIFF 4.0.9 allows an attacker to cause a denial-of-service through a crafted tiff file. This vulnerability can be triggered by the executable tiffcp."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2811",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2811"
            },
            {
              "name": "105342",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105342"
            },
            {
              "name": "USN-3906-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3906-1/"
            },
            {
              "name": "[debian-lts-announce] 20190218 [SECURITY] [DLA 1680-1] tiff security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00026.html"
            },
            {
              "name": "openSUSE-SU-2019:1161",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html"
            },
            {
              "name": "DSA-4670",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4670"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-17000",
    "datePublished": "2018-09-13T16:00:00",
    "dateReserved": "2018-09-13T00:00:00",
    "dateUpdated": "2024-08-05T10:39:59.522Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-1623
Vulnerability from cvelistv5
Published
2022-05-11 00:00
Modified
2024-08-03 00:10
Summary
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.
Impacted products
libtifflibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:10:03.766Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/410"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1623.json"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220616-0005/"
          },
          {
            "name": "FEDORA-2022-ea3ebeff3d",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXAFOP6QQRNZD3HPZ6BMCEZZOM4YIZMK/"
          },
          {
            "name": "FEDORA-2022-e9fe21d102",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7IWZTB4J2N4F5OR5QY4VHDSKWKZSWN3/"
          },
          {
            "name": "GLSA-202210-10",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-10"
          },
          {
            "name": "DSA-5333",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5333"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "libtiff",
          "versions": [
            {
              "status": "affected",
              "version": "3079627ea0dee150e6a208cec8381de611bb842b"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "wangdw.augustus@gmail.com"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bounds read in libtiff",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-30T00:00:00",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/410"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a"
        },
        {
          "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1623.json"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220616-0005/"
        },
        {
          "name": "FEDORA-2022-ea3ebeff3d",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXAFOP6QQRNZD3HPZ6BMCEZZOM4YIZMK/"
        },
        {
          "name": "FEDORA-2022-e9fe21d102",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7IWZTB4J2N4F5OR5QY4VHDSKWKZSWN3/"
        },
        {
          "name": "GLSA-202210-10",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-10"
        },
        {
          "name": "DSA-5333",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5333"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2022-1623",
    "datePublished": "2022-05-11T00:00:00",
    "dateReserved": "2022-05-09T00:00:00",
    "dateUpdated": "2024-08-03T00:10:03.766Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-1355
Vulnerability from cvelistv5
Published
2022-08-31 00:00
Modified
2024-08-03 00:03
Severity ?
Summary
A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service.
Impacted products
n/alibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:03:05.863Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074415"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/400"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/323"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2022-1355"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20221014-0007/"
          },
          {
            "name": "GLSA-202210-10",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-10"
          },
          {
            "name": "[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
          },
          {
            "name": "DSA-5333",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5333"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Not-Known"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A stack buffer overflow flaw was found in Libtiffs\u0027 tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 - Stack-based Buffer Overflow.",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-30T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074415"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/400"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/323"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2022-1355"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20221014-0007/"
        },
        {
          "name": "GLSA-202210-10",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-10"
        },
        {
          "name": "[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
        },
        {
          "name": "DSA-5333",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5333"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-1355",
    "datePublished": "2022-08-31T00:00:00",
    "dateReserved": "2022-04-14T00:00:00",
    "dateUpdated": "2024-08-03T00:03:05.863Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-0798
Vulnerability from cvelistv5
Published
2023-02-13 00:00
Modified
2024-08-02 05:24
Summary
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
Impacted products
libtifflibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:24:34.263Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/492"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0798.json"
          },
          {
            "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"
          },
          {
            "name": "DSA-5361",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5361"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230316-0003/"
          },
          {
            "name": "GLSA-202305-31",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-31"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "libtiff",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c=4.4.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "wangdw.augustus@gmail.com"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bounds read in libtiff",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-30T00:00:00",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/492"
        },
        {
          "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0798.json"
        },
        {
          "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"
        },
        {
          "name": "DSA-5361",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5361"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230316-0003/"
        },
        {
          "name": "GLSA-202305-31",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202305-31"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2023-0798",
    "datePublished": "2023-02-13T00:00:00",
    "dateReserved": "2023-02-12T00:00:00",
    "dateUpdated": "2024-08-02T05:24:34.263Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-0908
Vulnerability from cvelistv5
Published
2022-03-11 00:00
Modified
2024-08-02 23:47
Summary
Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:47:42.818Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/383"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0908.json"
          },
          {
            "name": "DSA-5108",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5108"
          },
          {
            "name": "FEDORA-2022-e2996202a0",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/"
          },
          {
            "name": "FEDORA-2022-c39720a0ed",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220506-0002/"
          },
          {
            "name": "GLSA-202210-10",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-10"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "TIFF Software Distribution",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c=4.3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Null pointer dereference in libtiff",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-31T00:00:00",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/383"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85"
        },
        {
          "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0908.json"
        },
        {
          "name": "DSA-5108",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5108"
        },
        {
          "name": "FEDORA-2022-e2996202a0",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/"
        },
        {
          "name": "FEDORA-2022-c39720a0ed",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220506-0002/"
        },
        {
          "name": "GLSA-202210-10",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-10"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2022-0908",
    "datePublished": "2022-03-11T00:00:00",
    "dateReserved": "2022-03-10T00:00:00",
    "dateUpdated": "2024-08-02T23:47:42.818Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-34266
Vulnerability from cvelistv5
Published
2022-07-19 19:34
Modified
2024-08-03 09:07
Summary
The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 allows attackers to cause a denial of service (application crash), a different vulnerability than CVE-2022-0562. When processing a malicious TIFF file, an invalid range may be passed as an argument to the memset() function within TIFFFetchStripThing() in tif_dirread.c. This will cause TIFFFetchStripThing() to segfault after use of an uninitialized resource.
References
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:07:15.683Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1814.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.gentoo.org/859433"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 allows attackers to cause a denial of service (application crash), a different vulnerability than CVE-2022-0562. When processing a malicious TIFF file, an invalid range may be passed as an argument to the memset() function within TIFFFetchStripThing() in tif_dirread.c. This will cause TIFFFetchStripThing() to segfault after use of an uninitialized resource."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:N/I:N/PR:N/S:U/UI:R",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-02T05:29:24",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1814.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.gentoo.org/859433"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-34266",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 allows attackers to cause a denial of service (application crash), a different vulnerability than CVE-2022-0562. When processing a malicious TIFF file, an invalid range may be passed as an argument to the memset() function within TIFFFetchStripThing() in tif_dirread.c. This will cause TIFFFetchStripThing() to segfault after use of an uninitialized resource."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:N/I:N/PR:N/S:U/UI:R",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://alas.aws.amazon.com/AL2/ALAS-2022-1814.html",
              "refsource": "MISC",
              "url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1814.html"
            },
            {
              "name": "https://bugs.gentoo.org/859433",
              "refsource": "MISC",
              "url": "https://bugs.gentoo.org/859433"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-34266",
    "datePublished": "2022-07-19T19:34:39",
    "dateReserved": "2022-06-21T00:00:00",
    "dateUpdated": "2024-08-03T09:07:15.683Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-6223
Vulnerability from cvelistv5
Published
2017-01-23 21:00
Modified
2024-08-06 01:22
Severity ?
Summary
The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a negative index in a file-content buffer.
References
https://security.gentoo.org/glsa/201701-16vendor-advisory, x_refsource_GENTOO
http://libtiff.maptools.org/v4.0.7.htmlx_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2016/07/14/4mailing-list, x_refsource_MLIST
http://www.debian.org/security/2017/dsa-3762vendor-advisory, x_refsource_DEBIAN
http://www.openwall.com/lists/oss-security/2016/07/13/3mailing-list, x_refsource_MLIST
http://www.securityfocus.com/bid/91741vdb-entry, x_refsource_BID
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:22:20.797Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://libtiff.maptools.org/v4.0.7.html"
          },
          {
            "name": "[oss-security] 20160714 Re: CVE request: Information leak in LibTIFF",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/07/14/4"
          },
          {
            "name": "DSA-3762",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3762"
          },
          {
            "name": "[oss-security] 20160713 CVE request: Information leak in LibTIFF",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/07/13/3"
          },
          {
            "name": "91741",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91741"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-07-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a negative index in a file-content buffer."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-03T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://libtiff.maptools.org/v4.0.7.html"
        },
        {
          "name": "[oss-security] 20160714 Re: CVE request: Information leak in LibTIFF",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/07/14/4"
        },
        {
          "name": "DSA-3762",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3762"
        },
        {
          "name": "[oss-security] 20160713 CVE request: Information leak in LibTIFF",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/07/13/3"
        },
        {
          "name": "91741",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91741"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-6223",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a negative index in a file-content buffer."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "http://libtiff.maptools.org/v4.0.7.html",
              "refsource": "CONFIRM",
              "url": "http://libtiff.maptools.org/v4.0.7.html"
            },
            {
              "name": "[oss-security] 20160714 Re: CVE request: Information leak in LibTIFF",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/07/14/4"
            },
            {
              "name": "DSA-3762",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3762"
            },
            {
              "name": "[oss-security] 20160713 CVE request: Information leak in LibTIFF",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/07/13/3"
            },
            {
              "name": "91741",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91741"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-6223",
    "datePublished": "2017-01-23T21:00:00",
    "dateReserved": "2016-07-14T00:00:00",
    "dateUpdated": "2024-08-06T01:22:20.797Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-13726
Vulnerability from cvelistv5
Published
2017-08-29 06:00
Modified
2024-08-05 19:05
Severity ?
Summary
There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack.
References
http://www.securityfocus.com/bid/100524vdb-entry, x_refsource_BID
https://usn.ubuntu.com/3602-1/vendor-advisory, x_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4100vendor-advisory, x_refsource_DEBIAN
http://bugzilla.maptools.org/show_bug.cgi?id=2727x_refsource_MISC
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T19:05:19.971Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "100524",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100524"
          },
          {
            "name": "USN-3602-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3602-1/"
          },
          {
            "name": "DSA-4100",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4100"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2727"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-08-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-21T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "100524",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100524"
        },
        {
          "name": "USN-3602-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3602-1/"
        },
        {
          "name": "DSA-4100",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4100"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2727"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-13726",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "100524",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100524"
            },
            {
              "name": "USN-3602-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3602-1/"
            },
            {
              "name": "DSA-4100",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4100"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2727",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2727"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-13726",
    "datePublished": "2017-08-29T06:00:00",
    "dateReserved": "2017-08-29T00:00:00",
    "dateUpdated": "2024-08-05T19:05:19.971Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-3619
Vulnerability from cvelistv5
Published
2016-10-03 16:00
Modified
2024-08-06 00:03
Severity ?
Summary
The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c none" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.
References
http://www.securitytracker.com/id/1035508vdb-entry, x_refsource_SECTRACK
http://www.openwall.com/lists/oss-security/2016/04/07/1mailing-list, x_refsource_MLIST
https://security.gentoo.org/glsa/201701-16vendor-advisory, x_refsource_GENTOO
http://bugzilla.maptools.org/show_bug.cgi?id=2567x_refsource_MISC
http://www.securityfocus.com/bid/85919vdb-entry, x_refsource_BID
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:03:34.265Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1035508",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035508"
          },
          {
            "name": "[oss-security] 20160407 CVE-2016-3619 libtiff: Out-of-bounds Read in the bmp2tiff tool",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/04/07/1"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2567"
          },
          {
            "name": "85919",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/85919"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the \"-c none\" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-02T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1035508",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035508"
        },
        {
          "name": "[oss-security] 20160407 CVE-2016-3619 libtiff: Out-of-bounds Read in the bmp2tiff tool",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/04/07/1"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2567"
        },
        {
          "name": "85919",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/85919"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-3619",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the \"-c none\" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1035508",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035508"
            },
            {
              "name": "[oss-security] 20160407 CVE-2016-3619 libtiff: Out-of-bounds Read in the bmp2tiff tool",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/04/07/1"
            },
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2567",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2567"
            },
            {
              "name": "85919",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/85919"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-3619",
    "datePublished": "2016-10-03T16:00:00",
    "dateReserved": "2016-03-21T00:00:00",
    "dateUpdated": "2024-08-06T00:03:34.265Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-3991
Vulnerability from cvelistv5
Published
2016-09-21 18:00
Modified
2024-08-06 00:10
Severity ?
Summary
Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:10:32.035Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "name": "85996",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/85996"
          },
          {
            "name": "RHSA-2016:1547",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "name": "openSUSE-SU-2016:2275",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00039.html"
          },
          {
            "name": "[oss-security] 20160412 CVE-2016-3991 : out-of-bounds write in loadImage() in tiffcrop tool",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/04/12/3"
          },
          {
            "name": "RHSA-2016:1546",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
          },
          {
            "name": "DSA-3762",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3762"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2543"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326249"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "name": "85996",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/85996"
        },
        {
          "name": "RHSA-2016:1547",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "name": "openSUSE-SU-2016:2275",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00039.html"
        },
        {
          "name": "[oss-security] 20160412 CVE-2016-3991 : out-of-bounds write in loadImage() in tiffcrop tool",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/04/12/3"
        },
        {
          "name": "RHSA-2016:1546",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
        },
        {
          "name": "DSA-3762",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3762"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2543"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326249"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-3991",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "name": "85996",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/85996"
            },
            {
              "name": "RHSA-2016:1547",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "openSUSE-SU-2016:2275",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00039.html"
            },
            {
              "name": "[oss-security] 20160412 CVE-2016-3991 : out-of-bounds write in loadImage() in tiffcrop tool",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/04/12/3"
            },
            {
              "name": "RHSA-2016:1546",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
            },
            {
              "name": "DSA-3762",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3762"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2543",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2543"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1326249",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326249"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-3991",
    "datePublished": "2016-09-21T18:00:00",
    "dateReserved": "2016-04-08T00:00:00",
    "dateUpdated": "2024-08-06T00:10:32.035Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2005-2452
Vulnerability from cvelistv5
Published
2005-08-03 04:00
Modified
2024-08-07 22:29
Severity ?
Summary
libtiff up to 3.7.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image header with a zero "YCbCr subsampling" value, which causes a divide-by-zero error in (1) tif_strip.c and (2) tif_tile.c, a different vulnerability than CVE-2004-0804.
References
https://bugzilla.ubuntu.com/show_bug.cgi?id=12008x_refsource_MISC
http://www.mandriva.com/security/advisories?name=MDKSA-2005:143vendor-advisory, x_refsource_MANDRAKE
http://secunia.com/advisories/16486third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2005:144vendor-advisory, x_refsource_MANDRAKE
https://usn.ubuntu.com/156-1/vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/16266third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/14417vdb-entry, x_refsource_BID
http://www.mandriva.com/security/advisories?name=MDKSA-2005:142vendor-advisory, x_refsource_MANDRAKE
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T22:29:59.880Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.ubuntu.com/show_bug.cgi?id=12008"
          },
          {
            "name": "MDKSA-2005:143",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:143"
          },
          {
            "name": "16486",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/16486"
          },
          {
            "name": "MDKSA-2005:144",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:144"
          },
          {
            "name": "USN-156-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/156-1/"
          },
          {
            "name": "16266",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/16266"
          },
          {
            "name": "14417",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/14417"
          },
          {
            "name": "MDKSA-2005:142",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:142"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-07-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "libtiff up to 3.7.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image header with a zero \"YCbCr subsampling\" value, which causes a divide-by-zero error in (1) tif_strip.c and (2) tif_tile.c, a different vulnerability than CVE-2004-0804."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-03T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.ubuntu.com/show_bug.cgi?id=12008"
        },
        {
          "name": "MDKSA-2005:143",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:143"
        },
        {
          "name": "16486",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/16486"
        },
        {
          "name": "MDKSA-2005:144",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:144"
        },
        {
          "name": "USN-156-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/156-1/"
        },
        {
          "name": "16266",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/16266"
        },
        {
          "name": "14417",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/14417"
        },
        {
          "name": "MDKSA-2005:142",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:142"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-2452",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "libtiff up to 3.7.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image header with a zero \"YCbCr subsampling\" value, which causes a divide-by-zero error in (1) tif_strip.c and (2) tif_tile.c, a different vulnerability than CVE-2004-0804."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.ubuntu.com/show_bug.cgi?id=12008",
              "refsource": "MISC",
              "url": "https://bugzilla.ubuntu.com/show_bug.cgi?id=12008"
            },
            {
              "name": "MDKSA-2005:143",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:143"
            },
            {
              "name": "16486",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/16486"
            },
            {
              "name": "MDKSA-2005:144",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:144"
            },
            {
              "name": "USN-156-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/156-1/"
            },
            {
              "name": "16266",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/16266"
            },
            {
              "name": "14417",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/14417"
            },
            {
              "name": "MDKSA-2005:142",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:142"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-2452",
    "datePublished": "2005-08-03T04:00:00",
    "dateReserved": "2005-08-03T00:00:00",
    "dateUpdated": "2024-08-07T22:29:59.880Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-4564
Vulnerability from cvelistv5
Published
2012-11-11 11:00
Modified
2024-08-06 20:42
Severity ?
Summary
ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow.
References
http://www.debian.org/security/2012/dsa-2575vendor-advisory, x_refsource_DEBIAN
http://www.osvdb.org/86878vdb-entry, x_refsource_OSVDB
https://bugzilla.redhat.com/show_bug.cgi?id=871700x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2012/11/02/3mailing-list, x_refsource_MLIST
http://www.securityfocus.com/bid/56372vdb-entry, x_refsource_BID
http://www.ubuntu.com/usn/USN-1631-1vendor-advisory, x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.htmlvendor-advisory, x_refsource_SUSE
https://exchange.xforce.ibmcloud.com/vulnerabilities/79750vdb-entry, x_refsource_XF
http://www.openwall.com/lists/oss-security/2012/11/02/7mailing-list, x_refsource_MLIST
http://secunia.com/advisories/51133third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2012-1590.htmlvendor-advisory, x_refsource_REDHAT
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:42:54.686Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-2575",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2575"
          },
          {
            "name": "86878",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/86878"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=871700"
          },
          {
            "name": "[oss-security] 20121102 libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/11/02/3"
          },
          {
            "name": "56372",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/56372"
          },
          {
            "name": "USN-1631-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1631-1"
          },
          {
            "name": "openSUSE-SU-2013:0187",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.html"
          },
          {
            "name": "libtiff-ppm2tiff-bo(79750)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79750"
          },
          {
            "name": "[oss-security] 20121102 Re: libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/11/02/7"
          },
          {
            "name": "51133",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51133"
          },
          {
            "name": "RHSA-2012:1590",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1590.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-11-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "DSA-2575",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2575"
        },
        {
          "name": "86878",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/86878"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=871700"
        },
        {
          "name": "[oss-security] 20121102 libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/11/02/3"
        },
        {
          "name": "56372",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/56372"
        },
        {
          "name": "USN-1631-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1631-1"
        },
        {
          "name": "openSUSE-SU-2013:0187",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.html"
        },
        {
          "name": "libtiff-ppm2tiff-bo(79750)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79750"
        },
        {
          "name": "[oss-security] 20121102 Re: libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/11/02/7"
        },
        {
          "name": "51133",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51133"
        },
        {
          "name": "RHSA-2012:1590",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1590.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-4564",
    "datePublished": "2012-11-11T11:00:00",
    "dateReserved": "2012-08-21T00:00:00",
    "dateUpdated": "2024-08-06T20:42:54.686Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-3463
Vulnerability from cvelistv5
Published
2006-08-03 01:00
Modified
2024-08-07 18:30
Severity ?
Summary
The EstimateStripByteCounts function in TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, which allows context-dependent attackers to cause a denial of service via a large td_nstrips value, which triggers an infinite loop.
References
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-Pvendor-advisory, x_refsource_SGI
http://www.vupen.com/english/advisories/2007/3486vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/21501third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:136vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/21537third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21632third-party-advisory, x_refsource_SECUNIA
http://www.gentoo.org/security/en/glsa/glsa-200608-07.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/21338third-party-advisory, x_refsource_SECUNIA
http://www.ubuntu.com/usn/usn-330-1vendor-advisory, x_refsource_UBUNTU
http://support.avaya.com/elmodocs2/security/ASA-2006-166.htmx_refsource_CONFIRM
http://securitytracker.com/id?1016628vdb-entry, x_refsource_SECTRACK
http://www.debian.org/security/2006/dsa-1137vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/21370third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21598third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2006-0648.htmlvendor-advisory, x_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDKSA-2006:137vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/27222third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/4034vdb-entry, x_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10639vdb-entry, signature, x_refsource_OVAL
http://www.novell.com/linux/security/advisories/2006_44_libtiff.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/21290third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21274third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/3105vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/27181third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2006-0603.htmlvendor-advisory, x_refsource_REDHAT
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.ascvendor-advisory, x_refsource_SGI
http://secunia.com/advisories/21304third-party-advisory, x_refsource_SECUNIA
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600vendor-advisory, x_refsource_SLACKWARE
https://issues.rpath.com/browse/RPL-558x_refsource_CONFIRM
http://secunia.com/advisories/27832third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21346third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1vendor-advisory, x_refsource_SUNALERT
http://www.securityfocus.com/bid/19284vdb-entry, x_refsource_BID
http://secunia.com/advisories/21319third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21392third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21334third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22036third-party-advisory, x_refsource_SECUNIA
http://lwn.net/Alerts/194228/vendor-advisory, x_refsource_TRUSTIX
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1vendor-advisory, x_refsource_SUNALERT
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:30:33.993Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20060801-01-P",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"
          },
          {
            "name": "ADV-2007-3486",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3486"
          },
          {
            "name": "21501",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21501"
          },
          {
            "name": "MDKSA-2006:136",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:136"
          },
          {
            "name": "21537",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21537"
          },
          {
            "name": "21632",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21632"
          },
          {
            "name": "GLSA-200608-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml"
          },
          {
            "name": "21338",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21338"
          },
          {
            "name": "USN-330-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-330-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm"
          },
          {
            "name": "1016628",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016628"
          },
          {
            "name": "DSA-1137",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1137"
          },
          {
            "name": "21370",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21370"
          },
          {
            "name": "21598",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21598"
          },
          {
            "name": "RHSA-2006:0648",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0648.html"
          },
          {
            "name": "MDKSA-2006:137",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:137"
          },
          {
            "name": "27222",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27222"
          },
          {
            "name": "ADV-2007-4034",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4034"
          },
          {
            "name": "oval:org.mitre.oval:def:10639",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10639"
          },
          {
            "name": "SUSE-SA:2006:044",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_44_libtiff.html"
          },
          {
            "name": "21290",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21290"
          },
          {
            "name": "21274",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21274"
          },
          {
            "name": "ADV-2006-3105",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3105"
          },
          {
            "name": "27181",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27181"
          },
          {
            "name": "RHSA-2006:0603",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0603.html"
          },
          {
            "name": "20060901-01-P",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
          },
          {
            "name": "21304",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21304"
          },
          {
            "name": "SSA:2006-230-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.536600"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-558"
          },
          {
            "name": "27832",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27832"
          },
          {
            "name": "21346",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21346"
          },
          {
            "name": "201331",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1"
          },
          {
            "name": "19284",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19284"
          },
          {
            "name": "21319",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21319"
          },
          {
            "name": "21392",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21392"
          },
          {
            "name": "21334",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21334"
          },
          {
            "name": "22036",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22036"
          },
          {
            "name": "2006-0044",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://lwn.net/Alerts/194228/"
          },
          {
            "name": "103160",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-08-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The EstimateStripByteCounts function in TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, which allows context-dependent attackers to cause a denial of service via a large td_nstrips value, which triggers an infinite loop."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "20060801-01-P",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"
        },
        {
          "name": "ADV-2007-3486",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3486"
        },
        {
          "name": "21501",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21501"
        },
        {
          "name": "MDKSA-2006:136",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:136"
        },
        {
          "name": "21537",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21537"
        },
        {
          "name": "21632",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21632"
        },
        {
          "name": "GLSA-200608-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml"
        },
        {
          "name": "21338",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21338"
        },
        {
          "name": "USN-330-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-330-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm"
        },
        {
          "name": "1016628",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016628"
        },
        {
          "name": "DSA-1137",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1137"
        },
        {
          "name": "21370",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21370"
        },
        {
          "name": "21598",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21598"
        },
        {
          "name": "RHSA-2006:0648",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0648.html"
        },
        {
          "name": "MDKSA-2006:137",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:137"
        },
        {
          "name": "27222",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27222"
        },
        {
          "name": "ADV-2007-4034",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4034"
        },
        {
          "name": "oval:org.mitre.oval:def:10639",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10639"
        },
        {
          "name": "SUSE-SA:2006:044",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_44_libtiff.html"
        },
        {
          "name": "21290",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21290"
        },
        {
          "name": "21274",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21274"
        },
        {
          "name": "ADV-2006-3105",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3105"
        },
        {
          "name": "27181",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27181"
        },
        {
          "name": "RHSA-2006:0603",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0603.html"
        },
        {
          "name": "20060901-01-P",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
        },
        {
          "name": "21304",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21304"
        },
        {
          "name": "SSA:2006-230-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.536600"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-558"
        },
        {
          "name": "27832",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27832"
        },
        {
          "name": "21346",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21346"
        },
        {
          "name": "201331",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1"
        },
        {
          "name": "19284",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19284"
        },
        {
          "name": "21319",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21319"
        },
        {
          "name": "21392",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21392"
        },
        {
          "name": "21334",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21334"
        },
        {
          "name": "22036",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22036"
        },
        {
          "name": "2006-0044",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://lwn.net/Alerts/194228/"
        },
        {
          "name": "103160",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2006-3463",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The EstimateStripByteCounts function in TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, which allows context-dependent attackers to cause a denial of service via a large td_nstrips value, which triggers an infinite loop."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20060801-01-P",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"
            },
            {
              "name": "ADV-2007-3486",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3486"
            },
            {
              "name": "21501",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21501"
            },
            {
              "name": "MDKSA-2006:136",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:136"
            },
            {
              "name": "21537",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21537"
            },
            {
              "name": "21632",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21632"
            },
            {
              "name": "GLSA-200608-07",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml"
            },
            {
              "name": "21338",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21338"
            },
            {
              "name": "USN-330-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-330-1"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm"
            },
            {
              "name": "1016628",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016628"
            },
            {
              "name": "DSA-1137",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1137"
            },
            {
              "name": "21370",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21370"
            },
            {
              "name": "21598",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21598"
            },
            {
              "name": "RHSA-2006:0648",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0648.html"
            },
            {
              "name": "MDKSA-2006:137",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:137"
            },
            {
              "name": "27222",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27222"
            },
            {
              "name": "ADV-2007-4034",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4034"
            },
            {
              "name": "oval:org.mitre.oval:def:10639",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10639"
            },
            {
              "name": "SUSE-SA:2006:044",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2006_44_libtiff.html"
            },
            {
              "name": "21290",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21290"
            },
            {
              "name": "21274",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21274"
            },
            {
              "name": "ADV-2006-3105",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3105"
            },
            {
              "name": "27181",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27181"
            },
            {
              "name": "RHSA-2006:0603",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0603.html"
            },
            {
              "name": "20060901-01-P",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
            },
            {
              "name": "21304",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21304"
            },
            {
              "name": "SSA:2006-230-01",
              "refsource": "SLACKWARE",
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.536600"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-558",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-558"
            },
            {
              "name": "27832",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27832"
            },
            {
              "name": "21346",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21346"
            },
            {
              "name": "201331",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1"
            },
            {
              "name": "19284",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19284"
            },
            {
              "name": "21319",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21319"
            },
            {
              "name": "21392",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21392"
            },
            {
              "name": "21334",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21334"
            },
            {
              "name": "22036",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22036"
            },
            {
              "name": "2006-0044",
              "refsource": "TRUSTIX",
              "url": "http://lwn.net/Alerts/194228/"
            },
            {
              "name": "103160",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2006-3463",
    "datePublished": "2006-08-03T01:00:00",
    "dateReserved": "2006-07-10T00:00:00",
    "dateUpdated": "2024-08-07T18:30:33.993Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-9453
Vulnerability from cvelistv5
Published
2017-01-27 17:00
Modified
2024-08-06 02:50
Severity ?
Summary
The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one.
References
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:50:38.344Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "94406",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94406"
          },
          {
            "name": "openSUSE-SU-2016:3035",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html"
          },
          {
            "name": "[oss-security] 20161118 Re: CVE Request: libtiff: Out-of-bounds Write memcpy and less bound check in tiff2pdf",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/11/19/1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2579"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "name": "DSA-3762",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3762"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-11-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-03T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "94406",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94406"
        },
        {
          "name": "openSUSE-SU-2016:3035",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html"
        },
        {
          "name": "[oss-security] 20161118 Re: CVE Request: libtiff: Out-of-bounds Write memcpy and less bound check in tiff2pdf",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/11/19/1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2579"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "name": "DSA-3762",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3762"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-9453",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "94406",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94406"
            },
            {
              "name": "openSUSE-SU-2016:3035",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html"
            },
            {
              "name": "[oss-security] 20161118 Re: CVE Request: libtiff: Out-of-bounds Write memcpy and less bound check in tiff2pdf",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/11/19/1"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2579",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2579"
            },
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "DSA-3762",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3762"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-9453",
    "datePublished": "2017-01-27T17:00:00",
    "dateReserved": "2016-11-18T00:00:00",
    "dateUpdated": "2024-08-06T02:50:38.344Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-15209
Vulnerability from cvelistv5
Published
2018-08-08 04:00
Modified
2024-08-05 09:46
Severity ?
Summary
ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf.
References
https://www.debian.org/security/2018/dsa-4349vendor-advisory, x_refsource_DEBIAN
http://bugzilla.maptools.org/show_bug.cgi?id=2808x_refsource_MISC
http://www.securityfocus.com/bid/105092vdb-entry, x_refsource_BID
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:46:25.380Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4349",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4349"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2808"
          },
          {
            "name": "105092",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105092"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-08-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-01T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-4349",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4349"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2808"
        },
        {
          "name": "105092",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105092"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-15209",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4349",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4349"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2808",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2808"
            },
            {
              "name": "105092",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105092"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-15209",
    "datePublished": "2018-08-08T04:00:00",
    "dateReserved": "2018-08-07T00:00:00",
    "dateUpdated": "2024-08-05T09:46:25.380Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-2519
Vulnerability from cvelistv5
Published
2022-08-31 00:00
Modified
2024-08-03 00:39
Severity ?
Summary
There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1
Impacted products
n/alibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:39:08.088Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/423"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/378"
          },
          {
            "name": "DSA-5333",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5333"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "libtiff 4.4.0rc1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-415",
              "description": "CWE-415",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-30T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/423"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/378"
        },
        {
          "name": "DSA-5333",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5333"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-2519",
    "datePublished": "2022-08-31T00:00:00",
    "dateReserved": "2022-07-22T00:00:00",
    "dateUpdated": "2024-08-03T00:39:08.088Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-2285
Vulnerability from cvelistv5
Published
2009-07-01 12:26
Modified
2024-08-07 05:44
Severity ?
Summary
Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.
References
http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.htmlvendor-advisory, x_refsource_APPLE
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00161.htmlvendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/35866third-party-advisory, x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00655.htmlvendor-advisory, x_refsource_FEDORA
http://www.vupen.com/english/advisories/2009/1637vdb-entry, x_refsource_VUPEN
http://www.openwall.com/lists/oss-security/2009/06/23/1mailing-list, x_refsource_MLIST
http://bugzilla.maptools.org/show_bug.cgi?id=2065x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7049vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/39135third-party-advisory, x_refsource_SECUNIA
http://support.apple.com/kb/HT4004x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.htmlvendor-advisory, x_refsource_APPLE
https://usn.ubuntu.com/797-1/vendor-advisory, x_refsource_UBUNTU
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10145vdb-entry, signature, x_refsource_OVAL
http://support.apple.com/kb/HT4105x_refsource_CONFIRM
http://secunia.com/advisories/35716third-party-advisory, x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00714.htmlvendor-advisory, x_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2009/06/22/1mailing-list, x_refsource_MLIST
http://secunia.com/advisories/35912third-party-advisory, x_refsource_SECUNIA
http://support.apple.com/kb/HT4070x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce/2010/Feb/msg00000.htmlvendor-advisory, x_refsource_APPLE
http://secunia.com/advisories/35883third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/2727vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/35695third-party-advisory, x_refsource_SECUNIA
http://www.lan.st/showthread.php?t=1856&page=3x_refsource_MISC
http://secunia.com/advisories/36194third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/36831third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200908-03.xmlvendor-advisory, x_refsource_GENTOO
http://www.vupen.com/english/advisories/2009/3184vdb-entry, x_refsource_VUPEN
http://support.apple.com/kb/HT4013x_refsource_CONFIRM
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00142.htmlvendor-advisory, x_refsource_FEDORA
http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.htmlvendor-advisory, x_refsource_APPLE
http://sunsolve.sun.com/search/document.do?assetkey=1-66-267808-1vendor-advisory, x_refsource_SUNALERT
http://www.redhat.com/support/errata/RHSA-2009-1159.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/38241third-party-advisory, x_refsource_SECUNIA
https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/380149x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.htmlvendor-advisory, x_refsource_APPLE
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00230.htmlvendor-advisory, x_refsource_FEDORA
http://www.debian.org/security/2009/dsa-1835vendor-advisory, x_refsource_DEBIAN
http://www.openwall.com/lists/oss-security/2009/06/29/5mailing-list, x_refsource_MLIST
http://www.vupen.com/english/advisories/2010/0173vdb-entry, x_refsource_VUPEN
http://support.apple.com/kb/HT3937x_refsource_CONFIRM
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:44:55.816Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "APPLE-SA-2010-03-11-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html"
          },
          {
            "name": "FEDORA-2009-7358",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00161.html"
          },
          {
            "name": "35866",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35866"
          },
          {
            "name": "FEDORA-2009-7717",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00655.html"
          },
          {
            "name": "ADV-2009-1637",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1637"
          },
          {
            "name": "[oss-security] 20090623 Re: libtiff buffer underflow in LZWDecodeCompat",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/06/23/1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2065"
          },
          {
            "name": "oval:org.mitre.oval:def:7049",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7049"
          },
          {
            "name": "39135",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39135"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4004"
          },
          {
            "name": "APPLE-SA-2010-01-19-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
          },
          {
            "name": "USN-797-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/797-1/"
          },
          {
            "name": "oval:org.mitre.oval:def:10145",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10145"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4105"
          },
          {
            "name": "35716",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35716"
          },
          {
            "name": "FEDORA-2009-7763",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00714.html"
          },
          {
            "name": "[oss-security] 20090621 libtiff buffer underflow in LZWDecodeCompat",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/06/22/1"
          },
          {
            "name": "35912",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35912"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4070"
          },
          {
            "name": "APPLE-SA-2010-02-02-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010/Feb/msg00000.html"
          },
          {
            "name": "35883",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35883"
          },
          {
            "name": "ADV-2009-2727",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2727"
          },
          {
            "name": "35695",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35695"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.lan.st/showthread.php?t=1856\u0026page=3"
          },
          {
            "name": "36194",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36194"
          },
          {
            "name": "36831",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36831"
          },
          {
            "name": "GLSA-200908-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200908-03.xml"
          },
          {
            "name": "ADV-2009-3184",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3184"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4013"
          },
          {
            "name": "FEDORA-2009-7335",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00142.html"
          },
          {
            "name": "APPLE-SA-2010-03-30-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html"
          },
          {
            "name": "267808",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-267808-1"
          },
          {
            "name": "RHSA-2009:1159",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1159.html"
          },
          {
            "name": "38241",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38241"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/380149"
          },
          {
            "name": "APPLE-SA-2009-11-09-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
          },
          {
            "name": "FEDORA-2009-7417",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00230.html"
          },
          {
            "name": "DSA-1835",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1835"
          },
          {
            "name": "[oss-security] 20090629 CVE Request -- libtiff [was: Re: libtiff buffer underflow in LZWDecodeCompat]",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/06/29/5"
          },
          {
            "name": "ADV-2010-0173",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0173"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3937"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-06-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-03T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "APPLE-SA-2010-03-11-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html"
        },
        {
          "name": "FEDORA-2009-7358",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00161.html"
        },
        {
          "name": "35866",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35866"
        },
        {
          "name": "FEDORA-2009-7717",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00655.html"
        },
        {
          "name": "ADV-2009-1637",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1637"
        },
        {
          "name": "[oss-security] 20090623 Re: libtiff buffer underflow in LZWDecodeCompat",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/06/23/1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2065"
        },
        {
          "name": "oval:org.mitre.oval:def:7049",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7049"
        },
        {
          "name": "39135",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39135"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4004"
        },
        {
          "name": "APPLE-SA-2010-01-19-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
        },
        {
          "name": "USN-797-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/797-1/"
        },
        {
          "name": "oval:org.mitre.oval:def:10145",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10145"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4105"
        },
        {
          "name": "35716",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35716"
        },
        {
          "name": "FEDORA-2009-7763",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00714.html"
        },
        {
          "name": "[oss-security] 20090621 libtiff buffer underflow in LZWDecodeCompat",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/06/22/1"
        },
        {
          "name": "35912",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35912"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4070"
        },
        {
          "name": "APPLE-SA-2010-02-02-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010/Feb/msg00000.html"
        },
        {
          "name": "35883",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35883"
        },
        {
          "name": "ADV-2009-2727",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2727"
        },
        {
          "name": "35695",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35695"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.lan.st/showthread.php?t=1856\u0026page=3"
        },
        {
          "name": "36194",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36194"
        },
        {
          "name": "36831",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36831"
        },
        {
          "name": "GLSA-200908-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200908-03.xml"
        },
        {
          "name": "ADV-2009-3184",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3184"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4013"
        },
        {
          "name": "FEDORA-2009-7335",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00142.html"
        },
        {
          "name": "APPLE-SA-2010-03-30-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html"
        },
        {
          "name": "267808",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-267808-1"
        },
        {
          "name": "RHSA-2009:1159",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1159.html"
        },
        {
          "name": "38241",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38241"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/380149"
        },
        {
          "name": "APPLE-SA-2009-11-09-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
        },
        {
          "name": "FEDORA-2009-7417",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00230.html"
        },
        {
          "name": "DSA-1835",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1835"
        },
        {
          "name": "[oss-security] 20090629 CVE Request -- libtiff [was: Re: libtiff buffer underflow in LZWDecodeCompat]",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/06/29/5"
        },
        {
          "name": "ADV-2010-0173",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0173"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3937"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-2285",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2010-03-11-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html"
            },
            {
              "name": "FEDORA-2009-7358",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00161.html"
            },
            {
              "name": "35866",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35866"
            },
            {
              "name": "FEDORA-2009-7717",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00655.html"
            },
            {
              "name": "ADV-2009-1637",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1637"
            },
            {
              "name": "[oss-security] 20090623 Re: libtiff buffer underflow in LZWDecodeCompat",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2009/06/23/1"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2065",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2065"
            },
            {
              "name": "oval:org.mitre.oval:def:7049",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7049"
            },
            {
              "name": "39135",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/39135"
            },
            {
              "name": "http://support.apple.com/kb/HT4004",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4004"
            },
            {
              "name": "APPLE-SA-2010-01-19-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
            },
            {
              "name": "USN-797-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/797-1/"
            },
            {
              "name": "oval:org.mitre.oval:def:10145",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10145"
            },
            {
              "name": "http://support.apple.com/kb/HT4105",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4105"
            },
            {
              "name": "35716",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35716"
            },
            {
              "name": "FEDORA-2009-7763",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00714.html"
            },
            {
              "name": "[oss-security] 20090621 libtiff buffer underflow in LZWDecodeCompat",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2009/06/22/1"
            },
            {
              "name": "35912",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35912"
            },
            {
              "name": "http://support.apple.com/kb/HT4070",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4070"
            },
            {
              "name": "APPLE-SA-2010-02-02-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2010/Feb/msg00000.html"
            },
            {
              "name": "35883",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35883"
            },
            {
              "name": "ADV-2009-2727",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2727"
            },
            {
              "name": "35695",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35695"
            },
            {
              "name": "http://www.lan.st/showthread.php?t=1856\u0026page=3",
              "refsource": "MISC",
              "url": "http://www.lan.st/showthread.php?t=1856\u0026page=3"
            },
            {
              "name": "36194",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36194"
            },
            {
              "name": "36831",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36831"
            },
            {
              "name": "GLSA-200908-03",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200908-03.xml"
            },
            {
              "name": "ADV-2009-3184",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3184"
            },
            {
              "name": "http://support.apple.com/kb/HT4013",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4013"
            },
            {
              "name": "FEDORA-2009-7335",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00142.html"
            },
            {
              "name": "APPLE-SA-2010-03-30-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html"
            },
            {
              "name": "267808",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-267808-1"
            },
            {
              "name": "RHSA-2009:1159",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1159.html"
            },
            {
              "name": "38241",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38241"
            },
            {
              "name": "https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/380149",
              "refsource": "CONFIRM",
              "url": "https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/380149"
            },
            {
              "name": "APPLE-SA-2009-11-09-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
            },
            {
              "name": "FEDORA-2009-7417",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00230.html"
            },
            {
              "name": "DSA-1835",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2009/dsa-1835"
            },
            {
              "name": "[oss-security] 20090629 CVE Request -- libtiff [was: Re: libtiff buffer underflow in LZWDecodeCompat]",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2009/06/29/5"
            },
            {
              "name": "ADV-2010-0173",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0173"
            },
            {
              "name": "http://support.apple.com/kb/HT3937",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3937"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-2285",
    "datePublished": "2009-07-01T12:26:00",
    "dateReserved": "2009-07-01T00:00:00",
    "dateUpdated": "2024-08-07T05:44:55.816Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-6277
Vulnerability from cvelistv5
Published
2023-11-24 18:20
Modified
2024-09-17 01:09
Summary
Libtiff: out-of-memory in tiffopen via a craft file
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:28:21.720Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-6277"
          },
          {
            "name": "RHBZ#2251311",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251311"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/614"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/545"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJIN6DTSL3VODZUGWEUXLEL5DR53EZMV/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y7ZGN2MZXJ6E57W3L4YBM3ZPAU3T7T5C/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240119-0002/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214119"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214123"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214122"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214117"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214118"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214116"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214120"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214124"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jul/16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jul/23"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jul/21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jul/20"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jul/17"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jul/22"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jul/18"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jul/19"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "compat-libtiff3",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "compat-libtiff3",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2023-11-02T00:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-17T01:09:31.781Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-6277"
        },
        {
          "name": "RHBZ#2251311",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251311"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/614"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/545"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-11-24T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-11-02T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Libtiff: out-of-memory in tiffopen via a craft file",
      "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-6277",
    "datePublished": "2023-11-24T18:20:16.683Z",
    "dateReserved": "2023-11-24T08:27:14.831Z",
    "dateUpdated": "2024-09-17T01:09:31.781Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-2481
Vulnerability from cvelistv5
Published
2010-07-06 14:00
Modified
2024-08-07 02:32
Severity ?
Summary
The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file.
References
http://marc.info/?l=oss-security&m=127736307002102&w=2mailing-list, x_refsource_MLIST
http://secunia.com/advisories/40527third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=oss-security&m=127781315415896&w=2mailing-list, x_refsource_MLIST
http://marc.info/?l=oss-security&m=127731610612908&w=2mailing-list, x_refsource_MLIST
http://bugzilla.maptools.org/show_bug.cgi?id=2210x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/1761vdb-entry, x_refsource_VUPEN
http://security.gentoo.org/glsa/glsa-201209-02.xmlvendor-advisory, x_refsource_GENTOO
http://www.redhat.com/support/errata/RHSA-2010-0519.htmlvendor-advisory, x_refsource_REDHAT
http://marc.info/?l=oss-security&m=127738540902757&w=2mailing-list, x_refsource_MLIST
http://marc.info/?l=oss-security&m=127797353202873&w=2mailing-list, x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2010/06/30/22mailing-list, x_refsource_MLIST
http://secunia.com/advisories/50726third-party-advisory, x_refsource_SECUNIA
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:32:16.865Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20100624 Re: CVE requests: LibTIFF",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=127736307002102\u0026w=2"
          },
          {
            "name": "40527",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40527"
          },
          {
            "name": "[oss-security] 20100629 Re: CVE requests: LibTIFF",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=127781315415896\u0026w=2"
          },
          {
            "name": "[oss-security] 20100623 CVE requests: LibTIFF",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=127731610612908\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2210"
          },
          {
            "name": "ADV-2010-1761",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1761"
          },
          {
            "name": "GLSA-201209-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
          },
          {
            "name": "RHSA-2010:0519",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0519.html"
          },
          {
            "name": "[oss-security] 20100624 Re: CVE requests: LibTIFF",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=127738540902757\u0026w=2"
          },
          {
            "name": "[oss-security] 20100701 Re: CVE requests: LibTIFF",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=127797353202873\u0026w=2"
          },
          {
            "name": "[oss-security] 20100630 Re: CVE requests: LibTIFF",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/06/30/22"
          },
          {
            "name": "50726",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50726"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-06-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-07-15T09:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20100624 Re: CVE requests: LibTIFF",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=127736307002102\u0026w=2"
        },
        {
          "name": "40527",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40527"
        },
        {
          "name": "[oss-security] 20100629 Re: CVE requests: LibTIFF",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=127781315415896\u0026w=2"
        },
        {
          "name": "[oss-security] 20100623 CVE requests: LibTIFF",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=127731610612908\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2210"
        },
        {
          "name": "ADV-2010-1761",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1761"
        },
        {
          "name": "GLSA-201209-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
        },
        {
          "name": "RHSA-2010:0519",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0519.html"
        },
        {
          "name": "[oss-security] 20100624 Re: CVE requests: LibTIFF",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=127738540902757\u0026w=2"
        },
        {
          "name": "[oss-security] 20100701 Re: CVE requests: LibTIFF",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=127797353202873\u0026w=2"
        },
        {
          "name": "[oss-security] 20100630 Re: CVE requests: LibTIFF",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/06/30/22"
        },
        {
          "name": "50726",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50726"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-2481",
    "datePublished": "2010-07-06T14:00:00",
    "dateReserved": "2010-06-28T00:00:00",
    "dateUpdated": "2024-08-07T02:32:16.865Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-0405
Vulnerability from cvelistv5
Published
2006-01-25 02:00
Modified
2024-08-07 16:34
Severity ?
Summary
The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a NULL pointer dereference, possibly due to changes in type declarations and/or the TIFFVSetField function.
References
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:34:14.816Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2006-0302",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/0302"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1029"
          },
          {
            "name": "18172",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/18172"
          },
          {
            "name": "GLSA-200605-17",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml"
          },
          {
            "name": "20345",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20345"
          },
          {
            "name": "libtiff-tiffvsetfield-dos(24275)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24275"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1034"
          },
          {
            "name": "18587",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18587"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-01-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a NULL pointer dereference, possibly due to changes in type declarations and/or the TIFFVSetField function."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2006-0302",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/0302"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1029"
        },
        {
          "name": "18172",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/18172"
        },
        {
          "name": "GLSA-200605-17",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml"
        },
        {
          "name": "20345",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20345"
        },
        {
          "name": "libtiff-tiffvsetfield-dos(24275)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24275"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1034"
        },
        {
          "name": "18587",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18587"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-0405",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a NULL pointer dereference, possibly due to changes in type declarations and/or the TIFFVSetField function."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2006-0302",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/0302"
            },
            {
              "name": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1029",
              "refsource": "MISC",
              "url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1029"
            },
            {
              "name": "18172",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/18172"
            },
            {
              "name": "GLSA-200605-17",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml"
            },
            {
              "name": "20345",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20345"
            },
            {
              "name": "libtiff-tiffvsetfield-dos(24275)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24275"
            },
            {
              "name": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1034",
              "refsource": "MISC",
              "url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1034"
            },
            {
              "name": "18587",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18587"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-0405",
    "datePublished": "2006-01-25T02:00:00",
    "dateReserved": "2006-01-25T00:00:00",
    "dateUpdated": "2024-08-07T16:34:14.816Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-16232
Vulnerability from cvelistv5
Published
2019-03-17 16:44
Modified
2024-08-05 20:20
Severity ?
Summary
LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:20:05.120Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/150896/LibTIFF-4.0.8-Memory-Leak.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2017/11/01/11"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2017/11/01/3"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2017/11/01/7"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2017/11/01/8"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00036.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00041.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2018/Dec/32"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2018/Dec/47"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101696"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-17T16:44:47",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/150896/LibTIFF-4.0.8-Memory-Leak.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2017/11/01/11"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2017/11/01/3"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2017/11/01/7"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2017/11/01/8"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00036.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00041.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2018/Dec/32"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2018/Dec/47"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securityfocus.com/bid/101696"
        }
      ],
      "tags": [
        "disputed"
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-16232",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://packetstormsecurity.com/files/150896/LibTIFF-4.0.8-Memory-Leak.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/150896/LibTIFF-4.0.8-Memory-Leak.html"
            },
            {
              "name": "http://www.openwall.com/lists/oss-security/2017/11/01/11",
              "refsource": "MISC",
              "url": "http://www.openwall.com/lists/oss-security/2017/11/01/11"
            },
            {
              "name": "http://www.openwall.com/lists/oss-security/2017/11/01/3",
              "refsource": "MISC",
              "url": "http://www.openwall.com/lists/oss-security/2017/11/01/3"
            },
            {
              "name": "http://www.openwall.com/lists/oss-security/2017/11/01/7",
              "refsource": "MISC",
              "url": "http://www.openwall.com/lists/oss-security/2017/11/01/7"
            },
            {
              "name": "http://www.openwall.com/lists/oss-security/2017/11/01/8",
              "refsource": "MISC",
              "url": "http://www.openwall.com/lists/oss-security/2017/11/01/8"
            },
            {
              "name": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00036.html",
              "refsource": "MISC",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00036.html"
            },
            {
              "name": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00041.html",
              "refsource": "MISC",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00041.html"
            },
            {
              "name": "http://seclists.org/fulldisclosure/2018/Dec/32",
              "refsource": "MISC",
              "url": "http://seclists.org/fulldisclosure/2018/Dec/32"
            },
            {
              "name": "http://seclists.org/fulldisclosure/2018/Dec/47",
              "refsource": "MISC",
              "url": "http://seclists.org/fulldisclosure/2018/Dec/47"
            },
            {
              "name": "http://www.securityfocus.com/bid/101696",
              "refsource": "MISC",
              "url": "http://www.securityfocus.com/bid/101696"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-16232",
    "datePublished": "2019-03-17T16:44:47",
    "dateReserved": "2017-10-30T00:00:00",
    "dateUpdated": "2024-08-05T20:20:05.120Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-2088
Vulnerability from cvelistv5
Published
2012-07-22 17:00
Modified
2024-08-06 19:26
Severity ?
Summary
Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow.
References
http://support.apple.com/kb/HT6163x_refsource_CONFIRM
https://hermes.opensuse.org/messages/15083566vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00010.htmlvendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2012-1054.htmlvendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/54270vdb-entry, x_refsource_BID
http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.htmlvendor-advisory, x_refsource_APPLE
http://security.gentoo.org/glsa/glsa-201209-02.xmlvendor-advisory, x_refsource_GENTOO
http://support.apple.com/kb/HT6162x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=832864x_refsource_MISC
http://www.mandriva.com/security/advisories?name=MDVSA-2012:101vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/49686third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/50726third-party-advisory, x_refsource_SECUNIA
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:26:07.252Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT6163"
          },
          {
            "name": "openSUSE-SU-2012:0829",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "https://hermes.opensuse.org/messages/15083566"
          },
          {
            "name": "SUSE-SU-2012:0894",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00010.html"
          },
          {
            "name": "RHSA-2012:1054",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1054.html"
          },
          {
            "name": "54270",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/54270"
          },
          {
            "name": "APPLE-SA-2013-03-14-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"
          },
          {
            "name": "GLSA-201209-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT6162"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=832864"
          },
          {
            "name": "MDVSA-2012:101",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:101"
          },
          {
            "name": "49686",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49686"
          },
          {
            "name": "50726",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50726"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-06-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-28T20:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT6163"
        },
        {
          "name": "openSUSE-SU-2012:0829",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "https://hermes.opensuse.org/messages/15083566"
        },
        {
          "name": "SUSE-SU-2012:0894",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00010.html"
        },
        {
          "name": "RHSA-2012:1054",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1054.html"
        },
        {
          "name": "54270",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/54270"
        },
        {
          "name": "APPLE-SA-2013-03-14-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"
        },
        {
          "name": "GLSA-201209-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT6162"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=832864"
        },
        {
          "name": "MDVSA-2012:101",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:101"
        },
        {
          "name": "49686",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49686"
        },
        {
          "name": "50726",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50726"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-2088",
    "datePublished": "2012-07-22T17:00:00",
    "dateReserved": "2012-04-04T00:00:00",
    "dateUpdated": "2024-08-06T19:26:07.252Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-7594
Vulnerability from cvelistv5
Published
2017-04-09 14:00
Modified
2024-08-05 16:04
Severity ?
Summary
The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image.
References
http://www.debian.org/security/2017/dsa-3844vendor-advisory, x_refsource_DEBIAN
http://bugzilla.maptools.org/show_bug.cgi?id=2659x_refsource_MISC
http://www.securityfocus.com/bid/97503vdb-entry, x_refsource_BID
https://security.gentoo.org/glsa/201709-27vendor-advisory, x_refsource_GENTOO
https://usn.ubuntu.com/3602-1/vendor-advisory, x_refsource_UBUNTU
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:04:11.976Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-3844",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3844"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2659"
          },
          {
            "name": "97503",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97503"
          },
          {
            "name": "GLSA-201709-27",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-27"
          },
          {
            "name": "USN-3602-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3602-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-04-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-21T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-3844",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3844"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2659"
        },
        {
          "name": "97503",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97503"
        },
        {
          "name": "GLSA-201709-27",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-27"
        },
        {
          "name": "USN-3602-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3602-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-7594",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-3844",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3844"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2659",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2659"
            },
            {
              "name": "97503",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97503"
            },
            {
              "name": "GLSA-201709-27",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-27"
            },
            {
              "name": "USN-3602-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3602-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-7594",
    "datePublished": "2017-04-09T14:00:00",
    "dateReserved": "2017-04-09T00:00:00",
    "dateUpdated": "2024-08-05T16:04:11.976Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-1210
Vulnerability from cvelistv5
Published
2022-04-03 00:00
Modified
2024-08-02 23:55
Summary
LibTIFF tiff2ps resource consumption
Impacted products
unspecifiedLibTIFF
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:55:24.551Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/402"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/uploads/c3da94e53cf1e1e8e6d4d3780dc8c42f/example.tiff"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.196363"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220513-0005/"
          },
          {
            "name": "GLSA-202210-10",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-10"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "LibTIFF",
          "vendor": "unspecified",
          "versions": [
            {
              "status": "affected",
              "version": "4.3.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "mqrsv"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400 Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-31T00:00:00",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/402"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/uploads/c3da94e53cf1e1e8e6d4d3780dc8c42f/example.tiff"
        },
        {
          "url": "https://vuldb.com/?id.196363"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220513-0005/"
        },
        {
          "name": "GLSA-202210-10",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-10"
        }
      ],
      "title": "LibTIFF tiff2ps resource consumption",
      "x_generator": "vuldb.com"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2022-1210",
    "datePublished": "2022-04-03T00:00:00",
    "dateReserved": "2022-04-03T00:00:00",
    "dateUpdated": "2024-08-02T23:55:24.551Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-0803
Vulnerability from cvelistv5
Published
2004-10-26 04:00
Modified
2024-08-08 00:31
Severity ?
Summary
Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.
References
http://www.gentoo.org/security/en/glsa/glsa-200410-11.xmlvendor-advisory, x_refsource_GENTOO
http://www.redhat.com/support/errata/RHSA-2004-577.htmlvendor-advisory, x_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDKSA-2004:109vendor-advisory, x_refsource_MANDRAKE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100114vdb-entry, signature, x_refsource_OVAL
http://www.redhat.com/support/errata/RHSA-2005-021.htmlvendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=109778785107450&w=2mailing-list, x_refsource_BUGTRAQ
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8896vdb-entry, signature, x_refsource_OVAL
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1vendor-advisory, x_refsource_SUNALERT
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1vendor-advisory, x_refsource_SUNALERT
http://www.novell.com/linux/security/advisories/2004_38_libtiff.htmlvendor-advisory, x_refsource_SUSE
http://scary.beasts.org/security/CESA-2004-006.txtx_refsource_MISC
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888vendor-advisory, x_refsource_CONECTIVA
http://www.mandriva.com/security/advisories?name=MDKSA-2005:052vendor-advisory, x_refsource_MANDRAKE
http://www.kde.org/info/security/advisory-20041209-2.txtx_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2005-354.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/12818third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/17703vdb-entry, x_refsource_XF
http://www.securityfocus.com/bid/11406vdb-entry, x_refsource_BID
http://www.debian.org/security/2004/dsa-567vendor-advisory, x_refsource_DEBIAN
http://www.kb.cert.org/vuls/id/948752third-party-advisory, x_refsource_CERT-VN
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:31:47.951Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-200410-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-11.xml"
          },
          {
            "name": "RHSA-2004:577",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-577.html"
          },
          {
            "name": "MDKSA-2004:109",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:109"
          },
          {
            "name": "oval:org.mitre.oval:def:100114",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100114"
          },
          {
            "name": "RHSA-2005:021",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-021.html"
          },
          {
            "name": "20041013 CESA-2004-006: libtiff",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=109778785107450\u0026w=2"
          },
          {
            "name": "oval:org.mitre.oval:def:8896",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8896"
          },
          {
            "name": "201072",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1"
          },
          {
            "name": "101677",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1"
          },
          {
            "name": "SUSE-SA:2004:038",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2004_38_libtiff.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://scary.beasts.org/security/CESA-2004-006.txt"
          },
          {
            "name": "CLA-2004:888",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000888"
          },
          {
            "name": "MDKSA-2005:052",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:052"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kde.org/info/security/advisory-20041209-2.txt"
          },
          {
            "name": "RHSA-2005:354",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-354.html"
          },
          {
            "name": "12818",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/12818"
          },
          {
            "name": "libtiff-library-decoding-bo(17703)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17703"
          },
          {
            "name": "11406",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11406"
          },
          {
            "name": "DSA-567",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2004/dsa-567"
          },
          {
            "name": "VU#948752",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/948752"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-10-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-200410-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-11.xml"
        },
        {
          "name": "RHSA-2004:577",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-577.html"
        },
        {
          "name": "MDKSA-2004:109",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:109"
        },
        {
          "name": "oval:org.mitre.oval:def:100114",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100114"
        },
        {
          "name": "RHSA-2005:021",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-021.html"
        },
        {
          "name": "20041013 CESA-2004-006: libtiff",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=109778785107450\u0026w=2"
        },
        {
          "name": "oval:org.mitre.oval:def:8896",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8896"
        },
        {
          "name": "201072",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1"
        },
        {
          "name": "101677",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1"
        },
        {
          "name": "SUSE-SA:2004:038",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2004_38_libtiff.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://scary.beasts.org/security/CESA-2004-006.txt"
        },
        {
          "name": "CLA-2004:888",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000888"
        },
        {
          "name": "MDKSA-2005:052",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:052"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kde.org/info/security/advisory-20041209-2.txt"
        },
        {
          "name": "RHSA-2005:354",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-354.html"
        },
        {
          "name": "12818",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/12818"
        },
        {
          "name": "libtiff-library-decoding-bo(17703)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17703"
        },
        {
          "name": "11406",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11406"
        },
        {
          "name": "DSA-567",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2004/dsa-567"
        },
        {
          "name": "VU#948752",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/948752"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0803",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-200410-11",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-11.xml"
            },
            {
              "name": "RHSA-2004:577",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-577.html"
            },
            {
              "name": "MDKSA-2004:109",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:109"
            },
            {
              "name": "oval:org.mitre.oval:def:100114",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100114"
            },
            {
              "name": "RHSA-2005:021",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2005-021.html"
            },
            {
              "name": "20041013 CESA-2004-006: libtiff",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=109778785107450\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:8896",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8896"
            },
            {
              "name": "201072",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1"
            },
            {
              "name": "101677",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1"
            },
            {
              "name": "SUSE-SA:2004:038",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2004_38_libtiff.html"
            },
            {
              "name": "http://scary.beasts.org/security/CESA-2004-006.txt",
              "refsource": "MISC",
              "url": "http://scary.beasts.org/security/CESA-2004-006.txt"
            },
            {
              "name": "CLA-2004:888",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000888"
            },
            {
              "name": "MDKSA-2005:052",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:052"
            },
            {
              "name": "http://www.kde.org/info/security/advisory-20041209-2.txt",
              "refsource": "CONFIRM",
              "url": "http://www.kde.org/info/security/advisory-20041209-2.txt"
            },
            {
              "name": "RHSA-2005:354",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2005-354.html"
            },
            {
              "name": "12818",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/12818"
            },
            {
              "name": "libtiff-library-decoding-bo(17703)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17703"
            },
            {
              "name": "11406",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11406"
            },
            {
              "name": "DSA-567",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2004/dsa-567"
            },
            {
              "name": "VU#948752",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/948752"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0803",
    "datePublished": "2004-10-26T04:00:00",
    "dateReserved": "2004-08-25T00:00:00",
    "dateUpdated": "2024-08-08T00:31:47.951Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-2026
Vulnerability from cvelistv5
Published
2006-04-25 23:00
Modified
2024-08-07 17:35
Severity ?
Summary
Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers errors related to "setfield/getfield methods in cleanup functions."
References
http://www.vupen.com/english/advisories/2006/1563vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/20210third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/19949third-party-advisory, x_refsource_SECUNIA
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933x_refsource_CONFIRM
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1vendor-advisory, x_refsource_SUNALERT
https://usn.ubuntu.com/277-1/vendor-advisory, x_refsource_UBUNTU
http://www.gentoo.org/security/en/glsa/glsa-200605-17.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/20667third-party-advisory, x_refsource_SECUNIA
http://bugzilla.remotesensing.org/show_bug.cgi?id=1102x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/26135vdb-entry, x_refsource_XF
http://secunia.com/advisories/19936third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/19964third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1vendor-advisory, x_refsource_SUNALERT
http://www.trustix.org/errata/2006/0024vendor-advisory, x_refsource_TRUSTIX
http://secunia.com/advisories/20345third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2006/dsa-1054vendor-advisory, x_refsource_DEBIAN
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.ascvendor-advisory, x_refsource_SGI
http://support.avaya.com/elmodocs2/security/ASA-2006-119.htmx_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11389vdb-entry, signature, x_refsource_OVAL
http://www.redhat.com/support/errata/RHSA-2006-0425.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/19838third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/20021third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:082vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/19897third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/20023third-party-advisory, x_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2006_04_28.htmlvendor-advisory, x_refsource_SUSE
http://www.securityfocus.com/bid/17733vdb-entry, x_refsource_BID
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:35:31.181Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2006-1563",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1563"
          },
          {
            "name": "20210",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20210"
          },
          {
            "name": "19949",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19949"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933"
          },
          {
            "name": "103099",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1"
          },
          {
            "name": "USN-277-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/277-1/"
          },
          {
            "name": "GLSA-200605-17",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml"
          },
          {
            "name": "20667",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20667"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1102"
          },
          {
            "name": "libtiff-tifjpeg-doublefree-memory-corruption(26135)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26135"
          },
          {
            "name": "19936",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19936"
          },
          {
            "name": "19964",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19964"
          },
          {
            "name": "201332",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1"
          },
          {
            "name": "2006-0024",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://www.trustix.org/errata/2006/0024"
          },
          {
            "name": "20345",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20345"
          },
          {
            "name": "DSA-1054",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1054"
          },
          {
            "name": "20060501-01-U",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm"
          },
          {
            "name": "oval:org.mitre.oval:def:11389",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11389"
          },
          {
            "name": "RHSA-2006:0425",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0425.html"
          },
          {
            "name": "19838",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19838"
          },
          {
            "name": "20021",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20021"
          },
          {
            "name": "MDKSA-2006:082",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:082"
          },
          {
            "name": "19897",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19897"
          },
          {
            "name": "20023",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20023"
          },
          {
            "name": "SUSE-SR:2006:009",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
          },
          {
            "name": "17733",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/17733"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-04-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers errors related to \"setfield/getfield methods in cleanup functions.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-03T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2006-1563",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1563"
        },
        {
          "name": "20210",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20210"
        },
        {
          "name": "19949",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19949"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933"
        },
        {
          "name": "103099",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1"
        },
        {
          "name": "USN-277-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/277-1/"
        },
        {
          "name": "GLSA-200605-17",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml"
        },
        {
          "name": "20667",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20667"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1102"
        },
        {
          "name": "libtiff-tifjpeg-doublefree-memory-corruption(26135)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26135"
        },
        {
          "name": "19936",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19936"
        },
        {
          "name": "19964",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19964"
        },
        {
          "name": "201332",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1"
        },
        {
          "name": "2006-0024",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://www.trustix.org/errata/2006/0024"
        },
        {
          "name": "20345",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20345"
        },
        {
          "name": "DSA-1054",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1054"
        },
        {
          "name": "20060501-01-U",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm"
        },
        {
          "name": "oval:org.mitre.oval:def:11389",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11389"
        },
        {
          "name": "RHSA-2006:0425",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0425.html"
        },
        {
          "name": "19838",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19838"
        },
        {
          "name": "20021",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20021"
        },
        {
          "name": "MDKSA-2006:082",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:082"
        },
        {
          "name": "19897",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19897"
        },
        {
          "name": "20023",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20023"
        },
        {
          "name": "SUSE-SR:2006:009",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
        },
        {
          "name": "17733",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/17733"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-2026",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers errors related to \"setfield/getfield methods in cleanup functions.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2006-1563",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/1563"
            },
            {
              "name": "20210",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20210"
            },
            {
              "name": "19949",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19949"
            },
            {
              "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933"
            },
            {
              "name": "103099",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1"
            },
            {
              "name": "USN-277-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/277-1/"
            },
            {
              "name": "GLSA-200605-17",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml"
            },
            {
              "name": "20667",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20667"
            },
            {
              "name": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1102",
              "refsource": "MISC",
              "url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1102"
            },
            {
              "name": "libtiff-tifjpeg-doublefree-memory-corruption(26135)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26135"
            },
            {
              "name": "19936",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19936"
            },
            {
              "name": "19964",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19964"
            },
            {
              "name": "201332",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1"
            },
            {
              "name": "2006-0024",
              "refsource": "TRUSTIX",
              "url": "http://www.trustix.org/errata/2006/0024"
            },
            {
              "name": "20345",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20345"
            },
            {
              "name": "DSA-1054",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1054"
            },
            {
              "name": "20060501-01-U",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm"
            },
            {
              "name": "oval:org.mitre.oval:def:11389",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11389"
            },
            {
              "name": "RHSA-2006:0425",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0425.html"
            },
            {
              "name": "19838",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19838"
            },
            {
              "name": "20021",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20021"
            },
            {
              "name": "MDKSA-2006:082",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:082"
            },
            {
              "name": "19897",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19897"
            },
            {
              "name": "20023",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20023"
            },
            {
              "name": "SUSE-SR:2006:009",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
            },
            {
              "name": "17733",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/17733"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-2026",
    "datePublished": "2006-04-25T23:00:00",
    "dateReserved": "2006-04-25T00:00:00",
    "dateUpdated": "2024-08-07T17:35:31.181Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-8130
Vulnerability from cvelistv5
Published
2018-03-12 02:00
Modified
2024-08-06 13:10
Severity ?
Summary
The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:10:50.880Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT204941"
          },
          {
            "name": "RHSA-2016:1547",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
          },
          {
            "name": "72353",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/72353"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/vadz/libtiff/commit/3c5eb8b1be544e41d2c336191bc4936300ad7543"
          },
          {
            "name": "APPLE-SA-2015-06-30-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
          },
          {
            "name": "[oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2015/01/24/15"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "name": "1032760",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032760"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT204942"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.conostix.com/pub/adv/CVE-2014-8130-LibTIFF-Division_By_Zero.txt"
          },
          {
            "name": "APPLE-SA-2015-06-30-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
          },
          {
            "name": "RHSA-2016:1546",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185817"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2483"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-06-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-12T09:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT204941"
        },
        {
          "name": "RHSA-2016:1547",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
        },
        {
          "name": "72353",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/72353"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vadz/libtiff/commit/3c5eb8b1be544e41d2c336191bc4936300ad7543"
        },
        {
          "name": "APPLE-SA-2015-06-30-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
        },
        {
          "name": "[oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2015/01/24/15"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "name": "1032760",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032760"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT204942"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.conostix.com/pub/adv/CVE-2014-8130-LibTIFF-Division_By_Zero.txt"
        },
        {
          "name": "APPLE-SA-2015-06-30-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
        },
        {
          "name": "RHSA-2016:1546",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185817"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2483"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-8130",
    "datePublished": "2018-03-12T02:00:00",
    "dateReserved": "2014-10-10T00:00:00",
    "dateUpdated": "2024-08-06T13:10:50.880Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-3634
Vulnerability from cvelistv5
Published
2016-10-03 16:00
Modified
2024-08-06 00:03
Severity ?
Summary
The tagCompare function in tif_dirinfo.c in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to field_tag matching.
References
http://www.openwall.com/lists/oss-security/2016/04/08/13mailing-list, x_refsource_MLIST
http://www.securityfocus.com/bid/93335vdb-entry, x_refsource_BID
https://security.gentoo.org/glsa/201701-16vendor-advisory, x_refsource_GENTOO
http://bugzilla.maptools.org/show_bug.cgi?id=2547x_refsource_MISC
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:03:34.416Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20160408 CVE-2016-3634 - libtiff illegel read",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/04/08/13"
          },
          {
            "name": "93335",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93335"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2547"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The tagCompare function in tif_dirinfo.c in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to field_tag matching."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-06-30T16:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[oss-security] 20160408 CVE-2016-3634 - libtiff illegel read",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/04/08/13"
        },
        {
          "name": "93335",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93335"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2547"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-3634",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The tagCompare function in tif_dirinfo.c in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to field_tag matching."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20160408 CVE-2016-3634 - libtiff illegel read",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/04/08/13"
            },
            {
              "name": "93335",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93335"
            },
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2547",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2547"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-3634",
    "datePublished": "2016-10-03T16:00:00",
    "dateReserved": "2016-03-22T00:00:00",
    "dateUpdated": "2024-08-06T00:03:34.416Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-2233
Vulnerability from cvelistv5
Published
2010-07-01 18:00
Modified
2024-08-07 02:25
Severity ?
Summary
tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to "downsampled OJPEG input."
References
http://marc.info/?l=oss-security&m=127731610612908&w=2mailing-list, x_refsource_MLIST
http://securitytracker.com/id?1024150vdb-entry, x_refsource_SECTRACK
https://bugzilla.redhat.com/show_bug.cgi?id=607198x_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-201209-02.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/40422third-party-advisory, x_refsource_SECUNIA
http://bugzilla.maptools.org/show_bug.cgi?id=2207x_refsource_CONFIRM
http://www.remotesensing.org/libtiff/v3.9.4.htmlx_refsource_MISC
http://secunia.com/advisories/50726third-party-advisory, x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=583081x_refsource_CONFIRM
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:25:07.387Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20100623 CVE requests: LibTIFF",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=127731610612908\u0026w=2"
          },
          {
            "name": "1024150",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1024150"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=607198"
          },
          {
            "name": "GLSA-201209-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
          },
          {
            "name": "40422",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40422"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2207"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.remotesensing.org/libtiff/v3.9.4.html"
          },
          {
            "name": "50726",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50726"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=583081"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-06-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to \"downsampled OJPEG input.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-07-08T09:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20100623 CVE requests: LibTIFF",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=127731610612908\u0026w=2"
        },
        {
          "name": "1024150",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1024150"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=607198"
        },
        {
          "name": "GLSA-201209-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
        },
        {
          "name": "40422",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40422"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2207"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.remotesensing.org/libtiff/v3.9.4.html"
        },
        {
          "name": "50726",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50726"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=583081"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-2233",
    "datePublished": "2010-07-01T18:00:00",
    "dateReserved": "2010-06-09T00:00:00",
    "dateUpdated": "2024-08-07T02:25:07.387Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-10801
Vulnerability from cvelistv5
Published
2018-05-08 06:00
Modified
2024-09-16 18:23
Severity ?
Summary
TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory leaks, as demonstrated by bmp2tiff.
References
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:46:47.443Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2790"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory leaks, as demonstrated by bmp2tiff."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-08T06:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2790"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-10801",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory leaks, as demonstrated by bmp2tiff."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2790",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2790"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-10801",
    "datePublished": "2018-05-08T06:00:00Z",
    "dateReserved": "2018-05-08T00:00:00Z",
    "dateUpdated": "2024-09-16T18:23:57.934Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-0804
Vulnerability from cvelistv5
Published
2023-02-13 00:00
Modified
2024-08-02 05:24
Summary
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
Impacted products
libtifflibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:24:34.485Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/497"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0804.json"
          },
          {
            "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"
          },
          {
            "name": "DSA-5361",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5361"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230324-0009/"
          },
          {
            "name": "GLSA-202305-31",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-31"
          },
          {
            "name": "FEDORA-2023-8daf1023c7",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FBF3UUFSB6NB3NFTQSKOOIZGXJP3T34Z/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "libtiff",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c=4.4.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "wangdw.augustus@gmail.com"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bounds write in libtiff",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-01T05:06:14.054567",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/497"
        },
        {
          "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0804.json"
        },
        {
          "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"
        },
        {
          "name": "DSA-5361",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5361"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230324-0009/"
        },
        {
          "name": "GLSA-202305-31",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202305-31"
        },
        {
          "name": "FEDORA-2023-8daf1023c7",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FBF3UUFSB6NB3NFTQSKOOIZGXJP3T34Z/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2023-0804",
    "datePublished": "2023-02-13T00:00:00",
    "dateReserved": "2023-02-12T00:00:00",
    "dateUpdated": "2024-08-02T05:24:34.485Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-52356
Vulnerability from cvelistv5
Published
2024-01-25 20:03
Modified
2024-11-06 14:46
Summary
Libtiff: segment fault in libtiff in tiffreadrgbatileext() leading to denial of service
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:55:41.860Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-52356"
          },
          {
            "name": "RHBZ#2251344",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251344"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/622"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/546"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00011.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214119"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214123"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214122"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214117"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214118"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214116"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214120"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214124"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jul/16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jul/23"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jul/21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jul/20"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jul/17"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jul/22"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jul/18"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jul/19"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://gitlab.com/libtiff/libtiff",
          "defaultStatus": "unaffected",
          "packageName": "libtiff",
          "versions": [
            {
              "lessThan": "4.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream",
            "cpe:/a:redhat:enterprise_linux:8::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.9-32.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "compat-libtiff3",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "compat-libtiff3",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2023-11-03T00:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-06T14:46:00.575Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:5079",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:5079"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-52356"
        },
        {
          "name": "RHBZ#2251344",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251344"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/622"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/546"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-11-24T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-11-03T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Libtiff: segment fault in libtiff  in tiffreadrgbatileext() leading to denial of service",
      "x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-52356",
    "datePublished": "2024-01-25T20:03:40.971Z",
    "dateReserved": "2024-01-24T14:08:49.010Z",
    "dateUpdated": "2024-11-06T14:46:00.575Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-0561
Vulnerability from cvelistv5
Published
2022-02-11 00:00
Modified
2024-08-02 23:32
Summary
Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.
Impacted products
libtifflibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:32:46.253Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/362"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0561.json"
          },
          {
            "name": "FEDORA-2022-df1df6debd",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZEHZ35XVO2VBZ4HHCMM6J6TQIDSBQOM/"
          },
          {
            "name": "[debian-lts-announce] 20220306 [SECURITY] [DLA 2932-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00001.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220318-0001/"
          },
          {
            "name": "DSA-5108",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5108"
          },
          {
            "name": "GLSA-202210-10",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-10"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "libtiff",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e=3.9.0, \u003c=4.3.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "shahchintanh@gmail.com"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Incorrect calculation of buffer size in libtiff",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-31T00:00:00",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/362"
        },
        {
          "url": "https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef"
        },
        {
          "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0561.json"
        },
        {
          "name": "FEDORA-2022-df1df6debd",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZEHZ35XVO2VBZ4HHCMM6J6TQIDSBQOM/"
        },
        {
          "name": "[debian-lts-announce] 20220306 [SECURITY] [DLA 2932-1] tiff security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00001.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220318-0001/"
        },
        {
          "name": "DSA-5108",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5108"
        },
        {
          "name": "GLSA-202210-10",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-10"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2022-0561",
    "datePublished": "2022-02-11T00:00:00",
    "dateReserved": "2022-02-10T00:00:00",
    "dateUpdated": "2024-08-02T23:32:46.253Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-2056
Vulnerability from cvelistv5
Published
2022-06-30 00:00
Modified
2024-08-03 00:24
Summary
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.
Impacted products
libtifflibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:24:44.219Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/346"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/415"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2056.json"
          },
          {
            "name": "FEDORA-2022-edf7301147",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TSS7MJ7OO7JO5BNKCRYSFU7UAYOKLA2/"
          },
          {
            "name": "FEDORA-2022-b9c2a3a2b7",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXUMJXVEAYFWRO3U3YHKSULHIVDOLEQS/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220826-0001/"
          },
          {
            "name": "[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
          },
          {
            "name": "DSA-5333",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5333"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "libtiff",
          "versions": [
            {
              "status": "affected",
              "version": "=4.4.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "wangdw.augustus@gmail.com"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Divide by zero in libtiff",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-30T00:00:00",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/346"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/415"
        },
        {
          "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2056.json"
        },
        {
          "name": "FEDORA-2022-edf7301147",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TSS7MJ7OO7JO5BNKCRYSFU7UAYOKLA2/"
        },
        {
          "name": "FEDORA-2022-b9c2a3a2b7",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXUMJXVEAYFWRO3U3YHKSULHIVDOLEQS/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220826-0001/"
        },
        {
          "name": "[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
        },
        {
          "name": "DSA-5333",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5333"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2022-2056",
    "datePublished": "2022-06-30T00:00:00",
    "dateReserved": "2022-06-13T00:00:00",
    "dateUpdated": "2024-08-03T00:24:44.219Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-7006
Vulnerability from cvelistv5
Published
2024-08-08 20:49
Modified
2024-11-06 09:08
Summary
Libtiff: null pointer dereference in tif_dirinfo.c
References
https://access.redhat.com/errata/RHSA-2024:6360vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8833vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8914vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-7006vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2302996issue-tracking, x_refsource_REDHAT
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7006",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-09T15:35:30.347219Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-09T15:35:41.199Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-09-20T16:03:14.114Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20240920-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::crb",
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.9-33.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/a:redhat:enterprise_linux:9::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.4.0-12.el9_4.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.2::appstream",
            "cpe:/a:redhat:rhel_eus:9.2::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.4.0-8.el9_2.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Xu Chang (N/A) for reporting this issue."
        }
      ],
      "datePublic": "2024-07-19T00:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-06T09:08:53.627Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:6360",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6360"
        },
        {
          "name": "RHSA-2024:8833",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8833"
        },
        {
          "name": "RHSA-2024:8914",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8914"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-7006"
        },
        {
          "name": "RHBZ#2302996",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302996"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-08-05T22:40:16.777000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-07-19T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Libtiff: null pointer dereference in tif_dirinfo.c",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-7006",
    "datePublished": "2024-08-08T20:49:45.373Z",
    "dateReserved": "2024-07-23T00:57:17.777Z",
    "dateUpdated": "2024-11-06T09:08:53.627Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-0796
Vulnerability from cvelistv5
Published
2023-02-13 00:00
Modified
2024-08-02 05:24
Summary
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
Impacted products
libtifflibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:24:34.251Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/499"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0796.json"
          },
          {
            "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"
          },
          {
            "name": "DSA-5361",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5361"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230316-0003/"
          },
          {
            "name": "GLSA-202305-31",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-31"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "libtiff",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c=4.4.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "wangdw.augustus@gmail.com"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bounds read in libtiff",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-30T00:00:00",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/499"
        },
        {
          "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0796.json"
        },
        {
          "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"
        },
        {
          "name": "DSA-5361",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5361"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230316-0003/"
        },
        {
          "name": "GLSA-202305-31",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202305-31"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2023-0796",
    "datePublished": "2023-02-13T00:00:00",
    "dateReserved": "2023-02-12T00:00:00",
    "dateUpdated": "2024-08-02T05:24:34.251Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-2443
Vulnerability from cvelistv5
Published
2010-06-24 17:00
Modified
2024-08-07 02:32
Severity ?
Summary
The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an OJPEG image with undefined strip offsets, related to the TIFFVGetField function.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:32:16.565Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.remotesensing.org/libtiff/v3.9.3.html"
          },
          {
            "name": "[oss-security] 20100624 Re: CVE requests: LibTIFF",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=127736307002102\u0026w=2"
          },
          {
            "name": "[oss-security] 20100629 Re: CVE requests: LibTIFF",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=127781315415896\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blogs.sun.com/security/entry/cve_2010_2065_cve_2010"
          },
          {
            "name": "GLSA-201209-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
          },
          {
            "name": "ADV-2011-0204",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0204"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ubuntu/lucid/+source/tiff/+bug/589145"
          },
          {
            "name": "50726",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50726"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-06-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an OJPEG image with undefined strip offsets, related to the TIFFVGetField function."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-07-08T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.remotesensing.org/libtiff/v3.9.3.html"
        },
        {
          "name": "[oss-security] 20100624 Re: CVE requests: LibTIFF",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=127736307002102\u0026w=2"
        },
        {
          "name": "[oss-security] 20100629 Re: CVE requests: LibTIFF",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=127781315415896\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blogs.sun.com/security/entry/cve_2010_2065_cve_2010"
        },
        {
          "name": "GLSA-201209-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
        },
        {
          "name": "ADV-2011-0204",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0204"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.launchpad.net/ubuntu/lucid/+source/tiff/+bug/589145"
        },
        {
          "name": "50726",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50726"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-2443",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an OJPEG image with undefined strip offsets, related to the TIFFVGetField function."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.remotesensing.org/libtiff/v3.9.3.html",
              "refsource": "CONFIRM",
              "url": "http://www.remotesensing.org/libtiff/v3.9.3.html"
            },
            {
              "name": "[oss-security] 20100624 Re: CVE requests: LibTIFF",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=oss-security\u0026m=127736307002102\u0026w=2"
            },
            {
              "name": "[oss-security] 20100629 Re: CVE requests: LibTIFF",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=oss-security\u0026m=127781315415896\u0026w=2"
            },
            {
              "name": "http://blogs.sun.com/security/entry/cve_2010_2065_cve_2010",
              "refsource": "CONFIRM",
              "url": "http://blogs.sun.com/security/entry/cve_2010_2065_cve_2010"
            },
            {
              "name": "GLSA-201209-02",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
            },
            {
              "name": "ADV-2011-0204",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0204"
            },
            {
              "name": "https://bugs.launchpad.net/ubuntu/lucid/+source/tiff/+bug/589145",
              "refsource": "CONFIRM",
              "url": "https://bugs.launchpad.net/ubuntu/lucid/+source/tiff/+bug/589145"
            },
            {
              "name": "50726",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50726"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-2443",
    "datePublished": "2010-06-24T17:00:00",
    "dateReserved": "2010-06-24T00:00:00",
    "dateUpdated": "2024-08-07T02:32:16.565Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-7593
Vulnerability from cvelistv5
Published
2017-04-09 14:00
Modified
2024-08-05 16:04
Severity ?
Summary
tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image.
References
http://www.debian.org/security/2017/dsa-3844vendor-advisory, x_refsource_DEBIAN
https://security.gentoo.org/glsa/201709-27vendor-advisory, x_refsource_GENTOO
https://usn.ubuntu.com/3602-1/vendor-advisory, x_refsource_UBUNTU
http://www.securityfocus.com/bid/97502vdb-entry, x_refsource_BID
http://bugzilla.maptools.org/show_bug.cgi?id=2651x_refsource_MISC
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:04:11.941Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-3844",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3844"
          },
          {
            "name": "GLSA-201709-27",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-27"
          },
          {
            "name": "USN-3602-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3602-1/"
          },
          {
            "name": "97502",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97502"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2651"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-04-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-21T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-3844",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3844"
        },
        {
          "name": "GLSA-201709-27",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-27"
        },
        {
          "name": "USN-3602-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3602-1/"
        },
        {
          "name": "97502",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97502"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2651"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-7593",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-3844",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3844"
            },
            {
              "name": "GLSA-201709-27",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-27"
            },
            {
              "name": "USN-3602-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3602-1/"
            },
            {
              "name": "97502",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97502"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2651",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2651"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-7593",
    "datePublished": "2017-04-09T14:00:00",
    "dateReserved": "2017-04-09T00:00:00",
    "dateUpdated": "2024-08-05T16:04:11.941Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-5652
Vulnerability from cvelistv5
Published
2017-01-06 21:00
Modified
2024-08-06 01:07
Severity ?
Summary
An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means.
References
https://security.gentoo.org/glsa/201701-16vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2017-0225.htmlvendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2017/dsa-3762vendor-advisory, x_refsource_DEBIAN
http://www.talosintelligence.com/reports/TALOS-2016-0187/x_refsource_MISC
http://www.securityfocus.com/bid/93902vdb-entry, x_refsource_BID
Impacted products
LibTiffLibTiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:07:59.890Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "name": "RHSA-2017:0225",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html"
          },
          {
            "name": "DSA-3762",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3762"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.talosintelligence.com/reports/TALOS-2016-0187/"
          },
          {
            "name": "93902",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93902"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "LibTiff",
          "vendor": "LibTiff",
          "versions": [
            {
              "status": "affected",
              "version": "4.0.6"
            }
          ]
        }
      ],
      "datePublic": "2016-10-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF\u0027s TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "heap buffer overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "name": "RHSA-2017:0225",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html"
        },
        {
          "name": "DSA-3762",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3762"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.talosintelligence.com/reports/TALOS-2016-0187/"
        },
        {
          "name": "93902",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93902"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2016-5652",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "LibTiff",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.0.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "LibTiff"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF\u0027s TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "heap buffer overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "RHSA-2017:0225",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html"
            },
            {
              "name": "DSA-3762",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3762"
            },
            {
              "name": "http://www.talosintelligence.com/reports/TALOS-2016-0187/",
              "refsource": "MISC",
              "url": "http://www.talosintelligence.com/reports/TALOS-2016-0187/"
            },
            {
              "name": "93902",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93902"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2016-5652",
    "datePublished": "2017-01-06T21:00:00",
    "dateReserved": "2016-06-16T00:00:00",
    "dateUpdated": "2024-08-06T01:07:59.890Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-2908
Vulnerability from cvelistv5
Published
2023-06-30 00:00
Modified
2024-10-28 13:04
Summary
Libtiff: null pointer dereference in tif_dir.c
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:41:03.535Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-2908"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218830"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/479"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230731-0004/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-2908",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-28T13:04:03.459315Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-28T13:04:20.389Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Libtiff",
          "vendor": "n/a",
          "versions": [
            {
              "status": "unaffected",
              "version": "4.5.1rc1"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "compat-libtiff3",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "compat-libtiff3",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://packages.fedoraproject.org/",
          "defaultStatus": "affected",
          "packageName": "tkimg",
          "product": "Fedora",
          "vendor": "Fedora"
        },
        {
          "collectionURL": "https://packages.fedoraproject.org/",
          "defaultStatus": "affected",
          "packageName": "iv",
          "product": "Fedora",
          "vendor": "Fedora"
        },
        {
          "collectionURL": "https://packages.fedoraproject.org/",
          "defaultStatus": "affected",
          "packageName": "libtiff",
          "product": "Fedora",
          "vendor": "Fedora"
        },
        {
          "collectionURL": "https://packages.fedoraproject.org/",
          "defaultStatus": "affected",
          "packageName": "mingw-libtiff",
          "product": "Fedora",
          "vendor": "Fedora"
        }
      ],
      "datePublic": "2023-06-30T00:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A null pointer dereference issue was found in Libtiff\u0027s tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial of service."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Low"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-23T01:44:14.895Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://access.redhat.com/security/cve/CVE-2023-2908"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218830"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/479"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230731-0004/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-05-26T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-06-30T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Libtiff: null pointer dereference in tif_dir.c",
      "x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-2908",
    "datePublished": "2023-06-30T00:00:00",
    "dateReserved": "2023-05-26T00:00:00",
    "dateUpdated": "2024-10-28T13:04:20.389Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-30775
Vulnerability from cvelistv5
Published
2023-05-19 00:00
Modified
2024-08-02 14:37
Severity ?
Summary
A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c.
Impacted products
n/alibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:37:15.317Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/464"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-30775"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187141"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230703-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-03T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/464"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2023-30775"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187141"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230703-0002/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-30775",
    "datePublished": "2023-05-19T00:00:00",
    "dateReserved": "2023-04-17T00:00:00",
    "dateUpdated": "2024-08-02T14:37:15.317Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-9297
Vulnerability from cvelistv5
Published
2017-01-18 17:00
Modified
2024-08-06 02:42
Severity ?
Summary
The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values.
References
https://security.gentoo.org/glsa/201701-16vendor-advisory, x_refsource_GENTOO
http://www.openwall.com/lists/oss-security/2016/11/12/2mailing-list, x_refsource_MLIST
http://bugzilla.maptools.org/show_bug.cgi?id=2590x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2016/11/14/7mailing-list, x_refsource_MLIST
http://www.debian.org/security/2017/dsa-3762vendor-advisory, x_refsource_DEBIAN
http://www.securityfocus.com/bid/94419vdb-entry, x_refsource_BID
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:42:11.260Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "name": "[oss-security] 20161111 CVE Request: libtiff: read outside buffer in _TIFFPrintField()",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/11/12/2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2590"
          },
          {
            "name": "[oss-security] 20161114 Re: CVE Request: libtiff: read outside buffer in _TIFFPrintField()",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/11/14/7"
          },
          {
            "name": "DSA-3762",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3762"
          },
          {
            "name": "94419",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94419"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-11-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-03T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "name": "[oss-security] 20161111 CVE Request: libtiff: read outside buffer in _TIFFPrintField()",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/11/12/2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2590"
        },
        {
          "name": "[oss-security] 20161114 Re: CVE Request: libtiff: read outside buffer in _TIFFPrintField()",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/11/14/7"
        },
        {
          "name": "DSA-3762",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3762"
        },
        {
          "name": "94419",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94419"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-9297",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "[oss-security] 20161111 CVE Request: libtiff: read outside buffer in _TIFFPrintField()",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/11/12/2"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2590",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2590"
            },
            {
              "name": "[oss-security] 20161114 Re: CVE Request: libtiff: read outside buffer in _TIFFPrintField()",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/11/14/7"
            },
            {
              "name": "DSA-3762",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3762"
            },
            {
              "name": "94419",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94419"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-9297",
    "datePublished": "2017-01-18T17:00:00",
    "dateReserved": "2016-11-14T00:00:00",
    "dateUpdated": "2024-08-06T02:42:11.260Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-5322
Vulnerability from cvelistv5
Published
2017-04-11 18:00
Modified
2024-08-06 01:01
Severity ?
Summary
The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.
References
http://www.securityfocus.com/bid/91204vdb-entry, x_refsource_BID
http://www.securityfocus.com/bid/91205vdb-entry, x_refsource_BID
http://www.openwall.com/lists/oss-security/2016/06/15/2mailing-list, x_refsource_MLIST
https://security.gentoo.org/glsa/201701-16vendor-advisory, x_refsource_GENTOO
https://bugzilla.redhat.com/show_bug.cgi?id=1346694x_refsource_CONFIRM
http://www.debian.org/security/2017/dsa-3762vendor-advisory, x_refsource_DEBIAN
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:01:00.232Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "91204",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91204"
          },
          {
            "name": "91205",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91205"
          },
          {
            "name": "[oss-security] 20160615 CVE-2016-5315: libtiff 4.0.6 tif_dir.c: setByteArray() Read access violation",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/15/2"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346694"
          },
          {
            "name": "DSA-3762",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3762"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-06-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-12T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "91204",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91204"
        },
        {
          "name": "91205",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91205"
        },
        {
          "name": "[oss-security] 20160615 CVE-2016-5315: libtiff 4.0.6 tif_dir.c: setByteArray() Read access violation",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/15/2"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346694"
        },
        {
          "name": "DSA-3762",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3762"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-5322",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "91204",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91204"
            },
            {
              "name": "91205",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91205"
            },
            {
              "name": "[oss-security] 20160615 CVE-2016-5315: libtiff 4.0.6 tif_dir.c: setByteArray() Read access violation",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/06/15/2"
            },
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1346694",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346694"
            },
            {
              "name": "DSA-3762",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3762"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-5322",
    "datePublished": "2017-04-11T18:00:00",
    "dateReserved": "2016-06-06T00:00:00",
    "dateUpdated": "2024-08-06T01:01:00.232Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-10779
Vulnerability from cvelistv5
Published
2018-05-07 07:00
Modified
2024-08-05 07:46
Severity ?
Summary
TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff.
References
http://www.securityfocus.com/bid/104089vdb-entry, x_refsource_BID
http://bugzilla.maptools.org/show_bug.cgi?id=2788x_refsource_MISC
https://usn.ubuntu.com/3906-1/vendor-advisory, x_refsource_UBUNTU
https://usn.ubuntu.com/3906-2/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2019:2053vendor-advisory, x_refsource_REDHAT
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:46:46.660Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "104089",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104089"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2788"
          },
          {
            "name": "USN-3906-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3906-1/"
          },
          {
            "name": "USN-3906-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3906-2/"
          },
          {
            "name": "RHSA-2019:2053",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2053"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-05-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-06T16:06:33",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "104089",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104089"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2788"
        },
        {
          "name": "USN-3906-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3906-1/"
        },
        {
          "name": "USN-3906-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3906-2/"
        },
        {
          "name": "RHSA-2019:2053",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2053"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-10779",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "104089",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104089"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2788",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2788"
            },
            {
              "name": "USN-3906-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3906-1/"
            },
            {
              "name": "USN-3906-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3906-2/"
            },
            {
              "name": "RHSA-2019:2053",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2053"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-10779",
    "datePublished": "2018-05-07T07:00:00",
    "dateReserved": "2018-05-07T00:00:00",
    "dateUpdated": "2024-08-05T07:46:46.660Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-25434
Vulnerability from cvelistv5
Published
2023-06-14 00:00
Modified
2024-08-02 11:18
Severity ?
Summary
libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:18:36.345Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/519"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-14T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/519"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-25434",
    "datePublished": "2023-06-14T00:00:00",
    "dateReserved": "2023-02-06T00:00:00",
    "dateUpdated": "2024-08-02T11:18:36.345Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-7313
Vulnerability from cvelistv5
Published
2017-03-17 14:00
Modified
2024-08-06 07:43
Severity ?
Summary
LibTIFF allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted tiff file.
References
http://www.securityfocus.com/bid/76843vdb-entry, x_refsource_BID
https://security.gentoo.org/glsa/201701-16vendor-advisory, x_refsource_GENTOO
http://seclists.org/oss-sec/2015/q3/601mailing-list, x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=1265998x_refsource_CONFIRM
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:43:46.120Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "76843",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/76843"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "name": "[oss-security] 20150921 DoS in libtiff",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2015/q3/601"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1265998"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-09-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted tiff file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-03-17T13:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "76843",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/76843"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "name": "[oss-security] 20150921 DoS in libtiff",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2015/q3/601"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1265998"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-7313",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "LibTIFF allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted tiff file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "76843",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/76843"
            },
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "[oss-security] 20150921 DoS in libtiff",
              "refsource": "MLIST",
              "url": "http://seclists.org/oss-sec/2015/q3/601"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1265998",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1265998"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-7313",
    "datePublished": "2017-03-17T14:00:00",
    "dateReserved": "2015-09-22T00:00:00",
    "dateUpdated": "2024-08-06T07:43:46.120Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-5316
Vulnerability from cvelistv5
Published
2017-01-20 15:00
Modified
2024-08-06 01:00
Severity ?
Summary
Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool.
References
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:00:58.066Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "91203",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91203"
          },
          {
            "name": "openSUSE-SU-2016:2321",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00060.html"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "name": "openSUSE-SU-2016:1889",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00087.html"
          },
          {
            "name": "openSUSE-SU-2016:2375",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00090.html"
          },
          {
            "name": "[oss-security] 20160615 CVE-2016-5316: libtiff 4.0.6  tif_pixarlog.c:  PixarLogCleanup() Segmentation fault",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/15/3"
          },
          {
            "name": "DSA-3762",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3762"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-06-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-03T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "91203",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91203"
        },
        {
          "name": "openSUSE-SU-2016:2321",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00060.html"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "name": "openSUSE-SU-2016:1889",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00087.html"
        },
        {
          "name": "openSUSE-SU-2016:2375",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00090.html"
        },
        {
          "name": "[oss-security] 20160615 CVE-2016-5316: libtiff 4.0.6  tif_pixarlog.c:  PixarLogCleanup() Segmentation fault",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/15/3"
        },
        {
          "name": "DSA-3762",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3762"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-5316",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "91203",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91203"
            },
            {
              "name": "openSUSE-SU-2016:2321",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00060.html"
            },
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "openSUSE-SU-2016:1889",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00087.html"
            },
            {
              "name": "openSUSE-SU-2016:2375",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00090.html"
            },
            {
              "name": "[oss-security] 20160615 CVE-2016-5316: libtiff 4.0.6  tif_pixarlog.c:  PixarLogCleanup() Segmentation fault",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/06/15/3"
            },
            {
              "name": "DSA-3762",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3762"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-5316",
    "datePublished": "2017-01-20T15:00:00",
    "dateReserved": "2016-06-06T00:00:00",
    "dateUpdated": "2024-08-06T01:00:58.066Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-17546
Vulnerability from cvelistv5
Published
2019-10-14 01:07
Modified
2024-08-05 01:40
Severity ?
Summary
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:40:15.971Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/OSGeo/gdal/commit/21674033ee246f698887604c7af7ba1962a40ddf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/commit/4bb584a35f87af42d6cf09d15e9ce8909a839145"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443"
          },
          {
            "name": "[debian-lts-announce] 20191126 [SECURITY] [DLA 2009-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html"
          },
          {
            "name": "20200121 [SECURITY] [DSA 4608-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2020/Jan/32"
          },
          {
            "name": "DSA-4608",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4608"
          },
          {
            "name": "FEDORA-2020-2e9bd06377",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LM5ZW7E3IEW7LT2BPJP7D3RN6OUOE3MX/"
          },
          {
            "name": "FEDORA-2020-6f1209bb45",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M3S4WNIMZ7XSLY2LD5FPRPZMGNUBVKOG/"
          },
          {
            "name": "GLSA-202003-25",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-25"
          },
          {
            "name": "[debian-lts-announce] 20200318 [SECURITY] [DLA 2147-1] gdal security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00020.html"
          },
          {
            "name": "DSA-4670",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4670"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a \"Negative-size-param\" condition."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-30T12:06:14",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OSGeo/gdal/commit/21674033ee246f698887604c7af7ba1962a40ddf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/libtiff/libtiff/commit/4bb584a35f87af42d6cf09d15e9ce8909a839145"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443"
        },
        {
          "name": "[debian-lts-announce] 20191126 [SECURITY] [DLA 2009-1] tiff security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html"
        },
        {
          "name": "20200121 [SECURITY] [DSA 4608-1] tiff security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2020/Jan/32"
        },
        {
          "name": "DSA-4608",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4608"
        },
        {
          "name": "FEDORA-2020-2e9bd06377",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LM5ZW7E3IEW7LT2BPJP7D3RN6OUOE3MX/"
        },
        {
          "name": "FEDORA-2020-6f1209bb45",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M3S4WNIMZ7XSLY2LD5FPRPZMGNUBVKOG/"
        },
        {
          "name": "GLSA-202003-25",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202003-25"
        },
        {
          "name": "[debian-lts-announce] 20200318 [SECURITY] [DLA 2147-1] gdal security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00020.html"
        },
        {
          "name": "DSA-4670",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4670"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-17546",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a \"Negative-size-param\" condition."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/OSGeo/gdal/commit/21674033ee246f698887604c7af7ba1962a40ddf",
              "refsource": "MISC",
              "url": "https://github.com/OSGeo/gdal/commit/21674033ee246f698887604c7af7ba1962a40ddf"
            },
            {
              "name": "https://gitlab.com/libtiff/libtiff/commit/4bb584a35f87af42d6cf09d15e9ce8909a839145",
              "refsource": "MISC",
              "url": "https://gitlab.com/libtiff/libtiff/commit/4bb584a35f87af42d6cf09d15e9ce8909a839145"
            },
            {
              "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443",
              "refsource": "MISC",
              "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443"
            },
            {
              "name": "[debian-lts-announce] 20191126 [SECURITY] [DLA 2009-1] tiff security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html"
            },
            {
              "name": "20200121 [SECURITY] [DSA 4608-1] tiff security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2020/Jan/32"
            },
            {
              "name": "DSA-4608",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4608"
            },
            {
              "name": "FEDORA-2020-2e9bd06377",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LM5ZW7E3IEW7LT2BPJP7D3RN6OUOE3MX/"
            },
            {
              "name": "FEDORA-2020-6f1209bb45",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3S4WNIMZ7XSLY2LD5FPRPZMGNUBVKOG/"
            },
            {
              "name": "GLSA-202003-25",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202003-25"
            },
            {
              "name": "[debian-lts-announce] 20200318 [SECURITY] [DLA 2147-1] gdal security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00020.html"
            },
            {
              "name": "DSA-4670",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4670"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-17546",
    "datePublished": "2019-10-14T01:07:02",
    "dateReserved": "2019-10-14T00:00:00",
    "dateUpdated": "2024-08-05T01:40:15.971Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-52355
Vulnerability from cvelistv5
Published
2024-01-25 20:03
Modified
2024-11-06 14:45
Summary
Libtiff: tiffrasterscanlinesize64 produce too-big size and could cause oom
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:55:41.592Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-52355"
          },
          {
            "name": "RHBZ#2251326",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251326"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/621"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://gitlab.com/libtiff/libtiff",
          "defaultStatus": "unaffected",
          "packageName": "libtiff",
          "versions": [
            {
              "lessThan": "4.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "compat-libtiff3",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "compat-libtiff3",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2023-11-03T00:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-06T14:45:58.250Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-52355"
        },
        {
          "name": "RHBZ#2251326",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251326"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/621"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-11-24T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-11-03T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Libtiff: tiffrasterscanlinesize64 produce too-big size and could cause oom",
      "x_redhatCweChain": "CWE-787: Out-of-bounds Write"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-52355",
    "datePublished": "2024-01-25T20:03:35.031Z",
    "dateReserved": "2024-01-24T14:08:49.010Z",
    "dateUpdated": "2024-11-06T14:45:58.250Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-9534
Vulnerability from cvelistv5
Published
2016-11-22 19:00
Modified
2024-08-06 02:50
Severity ?
Summary
tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow."
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:50:38.595Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "94743",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94743"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5be5ce02d0dea67050d5b2a10102d1ba"
          },
          {
            "name": "RHSA-2017:0225",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html"
          },
          {
            "name": "94484",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94484"
          },
          {
            "name": "DSA-3762",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3762"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-11-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn\u0027t reset the tif_rawcc and tif_rawcp members. Reported as MSVR 35095, aka \"TIFFFlushData1 heap-buffer-overflow.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "94743",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94743"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5be5ce02d0dea67050d5b2a10102d1ba"
        },
        {
          "name": "RHSA-2017:0225",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html"
        },
        {
          "name": "94484",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94484"
        },
        {
          "name": "DSA-3762",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3762"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-9534",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn\u0027t reset the tif_rawcc and tif_rawcp members. Reported as MSVR 35095, aka \"TIFFFlushData1 heap-buffer-overflow.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "94743",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94743"
            },
            {
              "name": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5be5ce02d0dea67050d5b2a10102d1ba",
              "refsource": "CONFIRM",
              "url": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5be5ce02d0dea67050d5b2a10102d1ba"
            },
            {
              "name": "RHSA-2017:0225",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html"
            },
            {
              "name": "94484",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94484"
            },
            {
              "name": "DSA-3762",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3762"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-9534",
    "datePublished": "2016-11-22T19:00:00",
    "dateReserved": "2016-11-21T00:00:00",
    "dateUpdated": "2024-08-06T02:50:38.595Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-9540
Vulnerability from cvelistv5
Published
2016-11-22 19:00
Modified
2024-08-06 02:50
Severity ?
Summary
tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow."
References
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:50:38.381Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/vadz/libtiff/commit/5ad9d8016fbb60109302d558f7edb2cb2a3bb8e3"
          },
          {
            "name": "94747",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94747"
          },
          {
            "name": "RHSA-2017:0225",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html"
          },
          {
            "name": "94484",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94484"
          },
          {
            "name": "DSA-3762",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3762"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-11-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka \"cpStripToTile heap-buffer-overflow.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vadz/libtiff/commit/5ad9d8016fbb60109302d558f7edb2cb2a3bb8e3"
        },
        {
          "name": "94747",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94747"
        },
        {
          "name": "RHSA-2017:0225",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html"
        },
        {
          "name": "94484",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94484"
        },
        {
          "name": "DSA-3762",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3762"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-9540",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka \"cpStripToTile heap-buffer-overflow.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/vadz/libtiff/commit/5ad9d8016fbb60109302d558f7edb2cb2a3bb8e3",
              "refsource": "CONFIRM",
              "url": "https://github.com/vadz/libtiff/commit/5ad9d8016fbb60109302d558f7edb2cb2a3bb8e3"
            },
            {
              "name": "94747",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94747"
            },
            {
              "name": "RHSA-2017:0225",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html"
            },
            {
              "name": "94484",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94484"
            },
            {
              "name": "DSA-3762",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3762"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-9540",
    "datePublished": "2016-11-22T19:00:00",
    "dateReserved": "2016-11-21T00:00:00",
    "dateUpdated": "2024-08-06T02:50:38.381Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-2327
Vulnerability from cvelistv5
Published
2008-08-27 20:00
Modified
2024-08-07 08:58
Severity ?
Summary
Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code.
References
http://sunsolve.sun.com/search/document.do?assetkey=1-26-265030-1vendor-advisory, x_refsource_SUNALERT
http://secunia.com/advisories/31670third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2008:184vendor-advisory, x_refsource_MANDRIVA
http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.htmlvendor-advisory, x_refsource_APPLE
http://www.securityfocus.com/archive/1/496033/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/31838third-party-advisory, x_refsource_SECUNIA
http://bugs.gentoo.org/show_bug.cgi?id=234080x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.htmlvendor-advisory, x_refsource_APPLE
http://secunia.com/advisories/31982third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/31698third-party-advisory, x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00121.htmlvendor-advisory, x_refsource_FEDORA
http://www.vupen.com/english/advisories/2008/2971vdb-entry, x_refsource_VUPEN
http://www.us-cert.gov/cas/techalerts/TA08-260A.htmlthird-party-advisory, x_refsource_CERT
http://www.vupen.com/english/advisories/2008/2776vdb-entry, x_refsource_VUPEN
http://www.vmware.com/security/advisories/VMSA-2008-0017.htmlx_refsource_MISC
http://www.redhat.com/support/errata/RHSA-2008-0863.htmlvendor-advisory, x_refsource_REDHAT
http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.htmlvendor-advisory, x_refsource_APPLE
http://secunia.com/advisories/31623third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/2584vdb-entry, x_refsource_VUPEN
http://security-tracker.debian.net/tracker/CVE-2008-2327x_refsource_CONFIRM
http://www.securitytracker.com/id?1020750vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/archive/1/497962/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2008/3107vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/31610third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/30832vdb-entry, x_refsource_BID
http://security-tracker.debian.net/tracker/DTSA-160-1x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11489vdb-entry, signature, x_refsource_OVAL
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.htmlvendor-advisory, x_refsource_SUSE
http://www.vupen.com/english/advisories/2008/3232vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/31882third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2008-0848.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/31668third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/2143vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/32706third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5514vdb-entry, signature, x_refsource_OVAL
http://www.debian.org/security/2008/dsa-1632vendor-advisory, x_refsource_DEBIAN
http://support.apple.com/kb/HT3318x_refsource_CONFIRM
http://security-tracker.debian.net/tracker/DSA-1632-1x_refsource_CONFIRM
http://support.apple.com/kb/HT3298x_refsource_CONFIRM
http://www.ubuntu.com/usn/usn-639-1vendor-advisory, x_refsource_UBUNTU
http://www.redhat.com/support/errata/RHSA-2008-0847.htmlvendor-advisory, x_refsource_REDHAT
http://support.apple.com/kb/HT3276x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2008/2438vdb-entry, x_refsource_VUPEN
https://bugzilla.redhat.com/show_bug.cgi?id=458674x_refsource_CONFIRM
http://secunia.com/advisories/32756third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200809-07.xmlvendor-advisory, x_refsource_GENTOO
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00102.htmlvendor-advisory, x_refsource_FEDORA
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:58:01.844Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "265030",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-265030-1"
          },
          {
            "name": "31670",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31670"
          },
          {
            "name": "MDVSA-2008:184",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:184"
          },
          {
            "name": "APPLE-SA-2008-11-13",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html"
          },
          {
            "name": "20080905 rPSA-2008-0268-1 libtiff",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/496033/100/0/threaded"
          },
          {
            "name": "31838",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31838"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.gentoo.org/show_bug.cgi?id=234080"
          },
          {
            "name": "APPLE-SA-2008-09-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
          },
          {
            "name": "31982",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31982"
          },
          {
            "name": "31698",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31698"
          },
          {
            "name": "FEDORA-2008-7388",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00121.html"
          },
          {
            "name": "ADV-2008-2971",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2971"
          },
          {
            "name": "TA08-260A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
          },
          {
            "name": "ADV-2008-2776",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2776"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2008-0017.html"
          },
          {
            "name": "RHSA-2008:0863",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0863.html"
          },
          {
            "name": "APPLE-SA-2008-11-20",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
          },
          {
            "name": "31623",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31623"
          },
          {
            "name": "ADV-2008-2584",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2584"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://security-tracker.debian.net/tracker/CVE-2008-2327"
          },
          {
            "name": "1020750",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020750"
          },
          {
            "name": "20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/497962/100/0/threaded"
          },
          {
            "name": "ADV-2008-3107",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/3107"
          },
          {
            "name": "31610",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31610"
          },
          {
            "name": "30832",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/30832"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://security-tracker.debian.net/tracker/DTSA-160-1"
          },
          {
            "name": "oval:org.mitre.oval:def:11489",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11489"
          },
          {
            "name": "SUSE-SR:2008:018",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
          },
          {
            "name": "ADV-2008-3232",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/3232"
          },
          {
            "name": "31882",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31882"
          },
          {
            "name": "RHSA-2008:0848",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0848.html"
          },
          {
            "name": "31668",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31668"
          },
          {
            "name": "ADV-2009-2143",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2143"
          },
          {
            "name": "32706",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32706"
          },
          {
            "name": "oval:org.mitre.oval:def:5514",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5514"
          },
          {
            "name": "DSA-1632",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1632"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3318"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://security-tracker.debian.net/tracker/DSA-1632-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3298"
          },
          {
            "name": "USN-639-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-639-1"
          },
          {
            "name": "RHSA-2008:0847",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0847.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3276"
          },
          {
            "name": "ADV-2008-2438",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2438"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=458674"
          },
          {
            "name": "32756",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32756"
          },
          {
            "name": "GLSA-200809-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200809-07.xml"
          },
          {
            "name": "FEDORA-2008-7370",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00102.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-08-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "265030",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-265030-1"
        },
        {
          "name": "31670",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31670"
        },
        {
          "name": "MDVSA-2008:184",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:184"
        },
        {
          "name": "APPLE-SA-2008-11-13",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html"
        },
        {
          "name": "20080905 rPSA-2008-0268-1 libtiff",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/496033/100/0/threaded"
        },
        {
          "name": "31838",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31838"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.gentoo.org/show_bug.cgi?id=234080"
        },
        {
          "name": "APPLE-SA-2008-09-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
        },
        {
          "name": "31982",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31982"
        },
        {
          "name": "31698",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31698"
        },
        {
          "name": "FEDORA-2008-7388",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00121.html"
        },
        {
          "name": "ADV-2008-2971",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2971"
        },
        {
          "name": "TA08-260A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
        },
        {
          "name": "ADV-2008-2776",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2776"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2008-0017.html"
        },
        {
          "name": "RHSA-2008:0863",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0863.html"
        },
        {
          "name": "APPLE-SA-2008-11-20",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
        },
        {
          "name": "31623",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31623"
        },
        {
          "name": "ADV-2008-2584",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2584"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://security-tracker.debian.net/tracker/CVE-2008-2327"
        },
        {
          "name": "1020750",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020750"
        },
        {
          "name": "20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/497962/100/0/threaded"
        },
        {
          "name": "ADV-2008-3107",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/3107"
        },
        {
          "name": "31610",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31610"
        },
        {
          "name": "30832",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/30832"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://security-tracker.debian.net/tracker/DTSA-160-1"
        },
        {
          "name": "oval:org.mitre.oval:def:11489",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11489"
        },
        {
          "name": "SUSE-SR:2008:018",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
        },
        {
          "name": "ADV-2008-3232",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/3232"
        },
        {
          "name": "31882",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31882"
        },
        {
          "name": "RHSA-2008:0848",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0848.html"
        },
        {
          "name": "31668",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31668"
        },
        {
          "name": "ADV-2009-2143",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2143"
        },
        {
          "name": "32706",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32706"
        },
        {
          "name": "oval:org.mitre.oval:def:5514",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5514"
        },
        {
          "name": "DSA-1632",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1632"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3318"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://security-tracker.debian.net/tracker/DSA-1632-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3298"
        },
        {
          "name": "USN-639-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-639-1"
        },
        {
          "name": "RHSA-2008:0847",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0847.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3276"
        },
        {
          "name": "ADV-2008-2438",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2438"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=458674"
        },
        {
          "name": "32756",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32756"
        },
        {
          "name": "GLSA-200809-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200809-07.xml"
        },
        {
          "name": "FEDORA-2008-7370",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00102.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-2327",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "265030",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-265030-1"
            },
            {
              "name": "31670",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31670"
            },
            {
              "name": "MDVSA-2008:184",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:184"
            },
            {
              "name": "APPLE-SA-2008-11-13",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html"
            },
            {
              "name": "20080905 rPSA-2008-0268-1 libtiff",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/496033/100/0/threaded"
            },
            {
              "name": "31838",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31838"
            },
            {
              "name": "http://bugs.gentoo.org/show_bug.cgi?id=234080",
              "refsource": "CONFIRM",
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=234080"
            },
            {
              "name": "APPLE-SA-2008-09-15",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
            },
            {
              "name": "31982",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31982"
            },
            {
              "name": "31698",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31698"
            },
            {
              "name": "FEDORA-2008-7388",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00121.html"
            },
            {
              "name": "ADV-2008-2971",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2971"
            },
            {
              "name": "TA08-260A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
            },
            {
              "name": "ADV-2008-2776",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2776"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2008-0017.html",
              "refsource": "MISC",
              "url": "http://www.vmware.com/security/advisories/VMSA-2008-0017.html"
            },
            {
              "name": "RHSA-2008:0863",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0863.html"
            },
            {
              "name": "APPLE-SA-2008-11-20",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
            },
            {
              "name": "31623",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31623"
            },
            {
              "name": "ADV-2008-2584",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2584"
            },
            {
              "name": "http://security-tracker.debian.net/tracker/CVE-2008-2327",
              "refsource": "CONFIRM",
              "url": "http://security-tracker.debian.net/tracker/CVE-2008-2327"
            },
            {
              "name": "1020750",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020750"
            },
            {
              "name": "20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/497962/100/0/threaded"
            },
            {
              "name": "ADV-2008-3107",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/3107"
            },
            {
              "name": "31610",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31610"
            },
            {
              "name": "30832",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/30832"
            },
            {
              "name": "http://security-tracker.debian.net/tracker/DTSA-160-1",
              "refsource": "CONFIRM",
              "url": "http://security-tracker.debian.net/tracker/DTSA-160-1"
            },
            {
              "name": "oval:org.mitre.oval:def:11489",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11489"
            },
            {
              "name": "SUSE-SR:2008:018",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
            },
            {
              "name": "ADV-2008-3232",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/3232"
            },
            {
              "name": "31882",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31882"
            },
            {
              "name": "RHSA-2008:0848",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0848.html"
            },
            {
              "name": "31668",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31668"
            },
            {
              "name": "ADV-2009-2143",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2143"
            },
            {
              "name": "32706",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32706"
            },
            {
              "name": "oval:org.mitre.oval:def:5514",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5514"
            },
            {
              "name": "DSA-1632",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1632"
            },
            {
              "name": "http://support.apple.com/kb/HT3318",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3318"
            },
            {
              "name": "http://security-tracker.debian.net/tracker/DSA-1632-1",
              "refsource": "CONFIRM",
              "url": "http://security-tracker.debian.net/tracker/DSA-1632-1"
            },
            {
              "name": "http://support.apple.com/kb/HT3298",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3298"
            },
            {
              "name": "USN-639-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-639-1"
            },
            {
              "name": "RHSA-2008:0847",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0847.html"
            },
            {
              "name": "http://support.apple.com/kb/HT3276",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3276"
            },
            {
              "name": "ADV-2008-2438",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2438"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=458674",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=458674"
            },
            {
              "name": "32756",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32756"
            },
            {
              "name": "GLSA-200809-07",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200809-07.xml"
            },
            {
              "name": "FEDORA-2008-7370",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00102.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-2327",
    "datePublished": "2008-08-27T20:00:00",
    "dateReserved": "2008-05-18T00:00:00",
    "dateUpdated": "2024-08-07T08:58:01.844Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-0924
Vulnerability from cvelistv5
Published
2022-03-11 00:00
Modified
2024-08-02 23:47
Summary
Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.
Impacted products
libtifflibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:47:42.854Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/278"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/311"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0924.json"
          },
          {
            "name": "DSA-5108",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5108"
          },
          {
            "name": "FEDORA-2022-e2996202a0",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/"
          },
          {
            "name": "FEDORA-2022-c39720a0ed",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220506-0002/"
          },
          {
            "name": "GLSA-202210-10",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-10"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "libtiff",
          "versions": [
            {
              "status": "affected",
              "version": "=4.3.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "wangdw.augustus@gmail.com"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bounds read in libtiff",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-31T00:00:00",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/278"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/311"
        },
        {
          "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0924.json"
        },
        {
          "name": "DSA-5108",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5108"
        },
        {
          "name": "FEDORA-2022-e2996202a0",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/"
        },
        {
          "name": "FEDORA-2022-c39720a0ed",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220506-0002/"
        },
        {
          "name": "GLSA-202210-10",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-10"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2022-0924",
    "datePublished": "2022-03-11T00:00:00",
    "dateReserved": "2022-03-10T00:00:00",
    "dateUpdated": "2024-08-02T23:47:42.854Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-22844
Vulnerability from cvelistv5
Published
2022-01-08 00:00
Modified
2024-08-03 03:28
Severity ?
Summary
LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:28:42.461Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/355"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/287"
          },
          {
            "name": "[debian-lts-announce] 20220306 [SECURITY] [DLA 2932-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00001.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220311-0002/"
          },
          {
            "name": "DSA-5108",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5108"
          },
          {
            "name": "GLSA-202210-10",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-10"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-31T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/355"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/287"
        },
        {
          "name": "[debian-lts-announce] 20220306 [SECURITY] [DLA 2932-1] tiff security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00001.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220311-0002/"
        },
        {
          "name": "DSA-5108",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5108"
        },
        {
          "name": "GLSA-202210-10",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-10"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-22844",
    "datePublished": "2022-01-08T00:00:00",
    "dateReserved": "2022-01-08T00:00:00",
    "dateUpdated": "2024-08-03T03:28:42.461Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-3599
Vulnerability from cvelistv5
Published
2022-10-21 00:00
Modified
2024-08-03 01:14
Summary
LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.
Impacted products
libtifflibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:14:02.344Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/398"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3599.json"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230110-0001/"
          },
          {
            "name": "[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
          },
          {
            "name": "DSA-5333",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5333"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "libtiff",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c=4.4.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "wangdw.augustus@gmail.com"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bounds read in libtiff",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-30T00:00:00",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/398"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246"
        },
        {
          "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3599.json"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230110-0001/"
        },
        {
          "name": "[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
        },
        {
          "name": "DSA-5333",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5333"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2022-3599",
    "datePublished": "2022-10-21T00:00:00",
    "dateReserved": "2022-10-19T00:00:00",
    "dateUpdated": "2024-08-03T01:14:02.344Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-3618
Vulnerability from cvelistv5
Published
2023-07-12 14:06
Modified
2024-09-26 19:26
Summary
Segmentation fault in fax3encode in libtiff/tif_fax3.c
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:01:56.851Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-3618"
          },
          {
            "name": "RHBZ#2215865",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215865"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230824-0012/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214038"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214036"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214037"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3618",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T19:26:00.978317Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T19:26:31.776Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "libtiff",
          "vendor": "n/a"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "compat-libtiff3",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "compat-libtiff3",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://packages.fedoraproject.org/",
          "defaultStatus": "affected",
          "packageName": "iv",
          "product": "Fedora",
          "vendor": "Fedora"
        },
        {
          "collectionURL": "https://packages.fedoraproject.org/",
          "defaultStatus": "affected",
          "packageName": "libtiff",
          "product": "Fedora",
          "vendor": "Fedora"
        },
        {
          "collectionURL": "https://packages.fedoraproject.org/",
          "defaultStatus": "affected",
          "packageName": "mingw-libtiff",
          "product": "Fedora",
          "vendor": "Fedora"
        },
        {
          "collectionURL": "https://packages.fedoraproject.org/",
          "defaultStatus": "unaffected",
          "packageName": "tkimg",
          "product": "Fedora",
          "vendor": "Fedora"
        }
      ],
      "datePublic": "2023-02-13T00:00:00Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-15T00:27:54.327174Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-3618"
        },
        {
          "name": "RHBZ#2215865",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215865"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230824-0012/"
        },
        {
          "url": "https://support.apple.com/kb/HT214038"
        },
        {
          "url": "https://support.apple.com/kb/HT214036"
        },
        {
          "url": "https://support.apple.com/kb/HT214037"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-06-19T00:00:00Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-02-13T00:00:00Z",
          "value": "Made public."
        }
      ],
      "title": "Segmentation fault in fax3encode in libtiff/tif_fax3.c",
      "x_redhatCweChain": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-3618",
    "datePublished": "2023-07-12T14:06:04.572Z",
    "dateReserved": "2023-07-11T14:46:05.545Z",
    "dateUpdated": "2024-09-26T19:26:31.776Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-10093
Vulnerability from cvelistv5
Published
2017-03-01 15:00
Modified
2024-08-06 03:07
Severity ?
Summary
Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image, which triggers a heap-based buffer overflow.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:07:32.141Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2610"
          },
          {
            "name": "[oss-security] 20170101 Re: Re: libtiff: multiple heap-based buffer overflow",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2017/01/01/12"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/vadz/libtiff/commit/787c0ee906430b772f33ca50b97b8b5ca070faec"
          },
          {
            "name": "95215",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95215"
          },
          {
            "name": "[oss-security] 20170101 Re: libtiff: multiple heap-based buffer overflow",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2017/01/01/10"
          },
          {
            "name": "DSA-3762",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3762"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2016-10093"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-01-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image, which triggers a heap-based buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-05T18:26:42",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2610"
        },
        {
          "name": "[oss-security] 20170101 Re: Re: libtiff: multiple heap-based buffer overflow",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2017/01/01/12"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vadz/libtiff/commit/787c0ee906430b772f33ca50b97b8b5ca070faec"
        },
        {
          "name": "95215",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95215"
        },
        {
          "name": "[oss-security] 20170101 Re: libtiff: multiple heap-based buffer overflow",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2017/01/01/10"
        },
        {
          "name": "DSA-3762",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3762"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2016-10093"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-10093",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image, which triggers a heap-based buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/",
              "refsource": "MISC",
              "url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2610",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2610"
            },
            {
              "name": "[oss-security] 20170101 Re: Re: libtiff: multiple heap-based buffer overflow",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2017/01/01/12"
            },
            {
              "name": "https://github.com/vadz/libtiff/commit/787c0ee906430b772f33ca50b97b8b5ca070faec",
              "refsource": "CONFIRM",
              "url": "https://github.com/vadz/libtiff/commit/787c0ee906430b772f33ca50b97b8b5ca070faec"
            },
            {
              "name": "95215",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95215"
            },
            {
              "name": "[oss-security] 20170101 Re: libtiff: multiple heap-based buffer overflow",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2017/01/01/10"
            },
            {
              "name": "DSA-3762",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3762"
            },
            {
              "name": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2016-10093",
              "refsource": "MISC",
              "url": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2016-10093"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-10093",
    "datePublished": "2017-03-01T15:00:00",
    "dateReserved": "2017-01-01T00:00:00",
    "dateUpdated": "2024-08-06T03:07:32.141Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-10371
Vulnerability from cvelistv5
Published
2017-05-10 05:14
Modified
2024-08-06 03:21
Severity ?
Summary
The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file.
References
http://bugzilla.maptools.org/show_bug.cgi?id=2612x_refsource_CONFIRM
https://usn.ubuntu.com/3602-1/vendor-advisory, x_refsource_UBUNTU
http://bugzilla.maptools.org/show_bug.cgi?id=2535x_refsource_CONFIRM
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:21:51.440Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2612"
          },
          {
            "name": "USN-3602-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3602-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2535"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-05-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-21T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2612"
        },
        {
          "name": "USN-3602-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3602-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2535"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-10371",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2612",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2612"
            },
            {
              "name": "USN-3602-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3602-1/"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2535",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2535"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-10371",
    "datePublished": "2017-05-10T05:14:00",
    "dateReserved": "2017-05-09T00:00:00",
    "dateUpdated": "2024-08-06T03:21:51.440Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-40090
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-10-03 14:40
Severity ?
Summary
An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:14:39.758Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/455"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/386"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-40090",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T14:40:16.007774Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T14:40:47.985Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-22T15:44:48.778000",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/455"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/386"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-40090",
    "datePublished": "2023-08-22T00:00:00",
    "dateReserved": "2022-09-06T00:00:00",
    "dateUpdated": "2024-10-03T14:40:47.985Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-18013
Vulnerability from cvelistv5
Published
2018-01-01 08:00
Modified
2024-08-05 21:06
Severity ?
Summary
In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T21:06:49.958Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20180127 [SECURITY] [DLA 1259-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00033.html"
          },
          {
            "name": "USN-3606-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3606-1/"
          },
          {
            "name": "[debian-lts-announce] 20180127 [SECURITY] [DLA 1260-1] tiff3 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00034.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01"
          },
          {
            "name": "USN-3602-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3602-1/"
          },
          {
            "name": "102345",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102345"
          },
          {
            "name": "DSA-4100",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4100"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2770"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-01-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-27T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20180127 [SECURITY] [DLA 1259-1] tiff security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00033.html"
        },
        {
          "name": "USN-3606-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3606-1/"
        },
        {
          "name": "[debian-lts-announce] 20180127 [SECURITY] [DLA 1260-1] tiff3 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00034.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01"
        },
        {
          "name": "USN-3602-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3602-1/"
        },
        {
          "name": "102345",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102345"
        },
        {
          "name": "DSA-4100",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4100"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2770"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-18013",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20180127 [SECURITY] [DLA 1259-1] tiff security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00033.html"
            },
            {
              "name": "USN-3606-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3606-1/"
            },
            {
              "name": "[debian-lts-announce] 20180127 [SECURITY] [DLA 1260-1] tiff3 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00034.html"
            },
            {
              "name": "https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01",
              "refsource": "CONFIRM",
              "url": "https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01"
            },
            {
              "name": "USN-3602-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3602-1/"
            },
            {
              "name": "102345",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102345"
            },
            {
              "name": "DSA-4100",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4100"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2770",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2770"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-18013",
    "datePublished": "2018-01-01T08:00:00",
    "dateReserved": "2018-01-01T00:00:00",
    "dateUpdated": "2024-08-05T21:06:49.958Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-2482
Vulnerability from cvelistv5
Published
2010-07-06 14:00
Modified
2024-08-07 02:32
Severity ?
Summary
LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443.
References
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:32:16.790Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20100624 Re: CVE requests: LibTIFF",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=127736307002102\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/bugs/597246"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=608010"
          },
          {
            "name": "DSA-2552",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2552"
          },
          {
            "name": "GLSA-201209-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=603024"
          },
          {
            "name": "40422",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40422"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=1996"
          },
          {
            "name": "[oss-security] 20100624 Re: CVE requests: LibTIFF",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=127738540902757\u0026w=2"
          },
          {
            "name": "[oss-security] 20100701 Re: CVE requests: LibTIFF",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=127797353202873\u0026w=2"
          },
          {
            "name": "[oss-security] 20100630 Re: CVE requests: LibTIFF",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/06/30/22"
          },
          {
            "name": "50726",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50726"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-06-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-10-13T09:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20100624 Re: CVE requests: LibTIFF",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=127736307002102\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.launchpad.net/bugs/597246"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=608010"
        },
        {
          "name": "DSA-2552",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2552"
        },
        {
          "name": "GLSA-201209-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=603024"
        },
        {
          "name": "40422",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40422"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=1996"
        },
        {
          "name": "[oss-security] 20100624 Re: CVE requests: LibTIFF",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=127738540902757\u0026w=2"
        },
        {
          "name": "[oss-security] 20100701 Re: CVE requests: LibTIFF",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=127797353202873\u0026w=2"
        },
        {
          "name": "[oss-security] 20100630 Re: CVE requests: LibTIFF",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/06/30/22"
        },
        {
          "name": "50726",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50726"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-2482",
    "datePublished": "2010-07-06T14:00:00",
    "dateReserved": "2010-06-28T00:00:00",
    "dateUpdated": "2024-08-07T02:32:16.790Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-4243
Vulnerability from cvelistv5
Published
2013-09-10 19:00
Modified
2024-08-06 16:38
Severity ?
Summary
Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image.
References
http://bugzilla.maptools.org/show_bug.cgi?id=2451x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=996052x_refsource_CONFIRM
http://www.securityfocus.com/bid/62082vdb-entry, x_refsource_BID
http://rhn.redhat.com/errata/RHSA-2014-0223.htmlvendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201701-16vendor-advisory, x_refsource_GENTOO
http://www.debian.org/security/2013/dsa-2744vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/54543third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/54628third-party-advisory, x_refsource_SECUNIA
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:38:01.739Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2451"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=996052"
          },
          {
            "name": "62082",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/62082"
          },
          {
            "name": "RHSA-2014:0223",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0223.html"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "name": "DSA-2744",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2744"
          },
          {
            "name": "54543",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/54543"
          },
          {
            "name": "54628",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/54628"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-08-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-06-30T16:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2451"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=996052"
        },
        {
          "name": "62082",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/62082"
        },
        {
          "name": "RHSA-2014:0223",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0223.html"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "name": "DSA-2744",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2744"
        },
        {
          "name": "54543",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/54543"
        },
        {
          "name": "54628",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/54628"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4243",
    "datePublished": "2013-09-10T19:00:00",
    "dateReserved": "2013-06-12T00:00:00",
    "dateUpdated": "2024-08-06T16:38:01.739Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-2656
Vulnerability from cvelistv5
Published
2006-05-30 18:00
Modified
2024-08-07 17:58
Severity ?
Summary
Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.
References
https://www.redhat.com/archives/fedora-package-announce/2006-May/msg00127.htmlvendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/20520third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/20766third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200607-03.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/20501third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2006/dsa-1091vendor-advisory, x_refsource_DEBIAN
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.htmlvendor-advisory, x_refsource_SUSE
http://www.mandriva.com/security/advisories?name=MDKSA-2006:095vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/21002third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=vuln-dev&m=114857412916909&w=2mailing-list, x_refsource_VULN-DEV
https://usn.ubuntu.com/289-1/vendor-advisory, x_refsource_UBUNTU
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:58:51.709Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2006-591",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2006-May/msg00127.html"
          },
          {
            "name": "20520",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20520"
          },
          {
            "name": "20766",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20766"
          },
          {
            "name": "GLSA-200607-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200607-03.xml"
          },
          {
            "name": "20501",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20501"
          },
          {
            "name": "DSA-1091",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1091"
          },
          {
            "name": "SUSE-SR:2006:014",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html"
          },
          {
            "name": "MDKSA-2006:095",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:095"
          },
          {
            "name": "21002",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21002"
          },
          {
            "name": "20060524 tiffsplit (libtiff \u003c= 3.8.2) bss \u0026 stack buffer overflow...",
            "tags": [
              "mailing-list",
              "x_refsource_VULN-DEV",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=vuln-dev\u0026m=114857412916909\u0026w=2"
          },
          {
            "name": "USN-289-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/289-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-05-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename.  NOTE: tiffsplit is not setuid.  If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-03T20:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "FEDORA-2006-591",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2006-May/msg00127.html"
        },
        {
          "name": "20520",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20520"
        },
        {
          "name": "20766",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20766"
        },
        {
          "name": "GLSA-200607-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200607-03.xml"
        },
        {
          "name": "20501",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20501"
        },
        {
          "name": "DSA-1091",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1091"
        },
        {
          "name": "SUSE-SR:2006:014",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html"
        },
        {
          "name": "MDKSA-2006:095",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:095"
        },
        {
          "name": "21002",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21002"
        },
        {
          "name": "20060524 tiffsplit (libtiff \u003c= 3.8.2) bss \u0026 stack buffer overflow...",
          "tags": [
            "mailing-list",
            "x_refsource_VULN-DEV"
          ],
          "url": "http://marc.info/?l=vuln-dev\u0026m=114857412916909\u0026w=2"
        },
        {
          "name": "USN-289-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/289-1/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2006-2656",
    "datePublished": "2006-05-30T18:00:00",
    "dateReserved": "2006-05-30T00:00:00",
    "dateUpdated": "2024-08-07T17:58:51.709Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-8331
Vulnerability from cvelistv5
Published
2016-10-28 20:00
Modified
2024-08-06 02:20
Summary
An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the application using LibTIFF's tag extension functionality.
References
https://security.gentoo.org/glsa/201701-16vendor-advisory, x_refsource_GENTOO
http://www.securityfocus.com/bid/93898vdb-entry, x_refsource_BID
http://www.talosintelligence.com/reports/TALOS-2016-0190/x_refsource_MISC
Impacted products
n/aLibTIFF 4.0.6
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:20:30.821Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "name": "93898",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93898"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.talosintelligence.com/reports/TALOS-2016-0190/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "LibTIFF 4.0.6",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "LibTIFF 4.0.6"
            }
          ]
        }
      ],
      "datePublic": "2016-10-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the application using LibTIFF\u0027s tag extension functionality."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "type confusion",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T19:16:19",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "name": "93898",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93898"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.talosintelligence.com/reports/TALOS-2016-0190/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2016-8331",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "LibTIFF 4.0.6",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "LibTIFF 4.0.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the application using LibTIFF\u0027s tag extension functionality."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 8.1,
            "baseSeverity": "High",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "type confusion"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "93898",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93898"
            },
            {
              "name": "http://www.talosintelligence.com/reports/TALOS-2016-0190/",
              "refsource": "MISC",
              "url": "http://www.talosintelligence.com/reports/TALOS-2016-0190/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2016-8331",
    "datePublished": "2016-10-28T20:00:00",
    "dateReserved": "2016-09-28T00:00:00",
    "dateUpdated": "2024-08-06T02:20:30.821Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-3626
Vulnerability from cvelistv5
Published
2022-10-21 00:00
Modified
2024-08-03 01:14
Summary
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
Impacted products
libtifflibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:14:03.243Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/426"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3626.json"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230110-0001/"
          },
          {
            "name": "[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "libtiff",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c=4.4.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "wangdw.augustus@gmail.com"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bounds write in libtiff",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-21T00:00:00",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/426"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047"
        },
        {
          "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3626.json"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230110-0001/"
        },
        {
          "name": "[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2022-3626",
    "datePublished": "2022-10-21T00:00:00",
    "dateReserved": "2022-10-21T00:00:00",
    "dateUpdated": "2024-08-03T01:14:03.243Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-10271
Vulnerability from cvelistv5
Published
2017-03-24 19:00
Modified
2024-08-06 03:14
Severity ?
Summary
tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 1" and libtiff/tif_fax3.c:413:13.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:14:42.845Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/"
          },
          {
            "name": "97199",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97199"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-03-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to \"READ of size 1\" and libtiff/tif_fax3.c:413:13."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-03-30T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/"
        },
        {
          "name": "97199",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97199"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-10271",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to \"READ of size 1\" and libtiff/tif_fax3.c:413:13."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/",
              "refsource": "MISC",
              "url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/"
            },
            {
              "name": "97199",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97199"
            },
            {
              "name": "https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a",
              "refsource": "MISC",
              "url": "https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-10271",
    "datePublished": "2017-03-24T19:00:00",
    "dateReserved": "2017-03-24T00:00:00",
    "dateUpdated": "2024-08-06T03:14:42.845Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-8127
Vulnerability from cvelistv5
Published
2017-06-26 15:00
Modified
2024-08-06 13:10
Severity ?
Summary
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:10:50.812Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2015:0450",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00022.html"
          },
          {
            "name": "72323",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/72323"
          },
          {
            "name": "RHSA-2016:1547",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2497"
          },
          {
            "name": "1032760",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032760"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2496"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2486"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2484"
          },
          {
            "name": "DSA-3273",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3273"
          },
          {
            "name": "RHSA-2016:1546",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2485"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2500"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.conostix.com/pub/adv/CVE-2014-8127-LibTIFF-Out-of-bounds_Reads.txt"
          },
          {
            "name": "[oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/01/24/15"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "openSUSE-SU-2015:0450",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00022.html"
        },
        {
          "name": "72323",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/72323"
        },
        {
          "name": "RHSA-2016:1547",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2497"
        },
        {
          "name": "1032760",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032760"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2496"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2486"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2484"
        },
        {
          "name": "DSA-3273",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3273"
        },
        {
          "name": "RHSA-2016:1546",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2485"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2500"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.conostix.com/pub/adv/CVE-2014-8127-LibTIFF-Out-of-bounds_Reads.txt"
        },
        {
          "name": "[oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/01/24/15"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-8127",
    "datePublished": "2017-06-26T15:00:00",
    "dateReserved": "2014-10-10T00:00:00",
    "dateUpdated": "2024-08-06T13:10:50.812Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-3598
Vulnerability from cvelistv5
Published
2022-10-21 00:00
Modified
2024-08-03 01:14
Summary
LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b.
Impacted products
libtifflibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:14:02.094Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/435"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/commit/cfbb883bf6ea7bedcb04177cc4e52d304522fdff"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3598.json"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230110-0001/"
          },
          {
            "name": "[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "libtiff",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c=4.4.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "wangdw.augustus@gmail.com"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bounds read in libtiff",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-21T00:00:00",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/435"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/commit/cfbb883bf6ea7bedcb04177cc4e52d304522fdff"
        },
        {
          "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3598.json"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230110-0001/"
        },
        {
          "name": "[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2022-3598",
    "datePublished": "2022-10-21T00:00:00",
    "dateReserved": "2022-10-19T00:00:00",
    "dateUpdated": "2024-08-03T01:14:02.094Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-17942
Vulnerability from cvelistv5
Published
2017-12-28 06:00
Modified
2024-08-05 21:06
Severity ?
Summary
In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c.
References
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T21:06:49.734Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2767"
          },
          {
            "name": "102312",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102312"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-12-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-30T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2767"
        },
        {
          "name": "102312",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102312"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-17942",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2767",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2767"
            },
            {
              "name": "102312",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102312"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-17942",
    "datePublished": "2017-12-28T06:00:00",
    "dateReserved": "2017-12-28T00:00:00",
    "dateUpdated": "2024-08-05T21:06:49.734Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-4665
Vulnerability from cvelistv5
Published
2011-05-03 20:00
Modified
2024-08-07 03:51
Severity ?
Summary
Integer overflow in the ReadDirectory function in tiffdump.c in tiffdump in LibTIFF before 3.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF file containing a directory data structure with many directory entries.
References
http://openwall.com/lists/oss-security/2011/04/12/10mailing-list, x_refsource_MLIST
http://secunia.com/advisories/44271third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.htmlvendor-advisory, x_refsource_SUSE
http://bugzilla.maptools.org/show_bug.cgi?id=2218x_refsource_CONFIRM
http://www.debian.org/security/2012/dsa-2552vendor-advisory, x_refsource_DEBIAN
https://bugzilla.redhat.com/show_bug.cgi?id=695887x_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-201209-02.xmlvendor-advisory, x_refsource_GENTOO
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058478.htmlvendor-advisory, x_refsource_FEDORA
http://www.remotesensing.org/libtiff/v3.9.5.htmlx_refsource_CONFIRM
http://ubuntu.com/usn/usn-1416-1vendor-advisory, x_refsource_UBUNTU
http://www.securityfocus.com/bid/47338vdb-entry, x_refsource_BID
http://secunia.com/advisories/50726third-party-advisory, x_refsource_SECUNIA
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:51:17.957Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20110412 libtiff CVE assignments",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/04/12/10"
          },
          {
            "name": "44271",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44271"
          },
          {
            "name": "SUSE-SR:2011:009",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2218"
          },
          {
            "name": "DSA-2552",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2552"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=695887"
          },
          {
            "name": "GLSA-201209-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
          },
          {
            "name": "FEDORA-2011-5304",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058478.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.remotesensing.org/libtiff/v3.9.5.html"
          },
          {
            "name": "USN-1416-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://ubuntu.com/usn/usn-1416-1"
          },
          {
            "name": "47338",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47338"
          },
          {
            "name": "50726",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50726"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-06-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the ReadDirectory function in tiffdump.c in tiffdump in LibTIFF before 3.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF file containing a directory data structure with many directory entries."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-02-10T16:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20110412 libtiff CVE assignments",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/04/12/10"
        },
        {
          "name": "44271",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44271"
        },
        {
          "name": "SUSE-SR:2011:009",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2218"
        },
        {
          "name": "DSA-2552",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2552"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=695887"
        },
        {
          "name": "GLSA-201209-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
        },
        {
          "name": "FEDORA-2011-5304",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058478.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.remotesensing.org/libtiff/v3.9.5.html"
        },
        {
          "name": "USN-1416-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://ubuntu.com/usn/usn-1416-1"
        },
        {
          "name": "47338",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47338"
        },
        {
          "name": "50726",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50726"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-4665",
    "datePublished": "2011-05-03T20:00:00",
    "dateReserved": "2011-01-03T00:00:00",
    "dateUpdated": "2024-08-07T03:51:17.957Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-5784
Vulnerability from cvelistv5
Published
2018-01-19 08:00
Modified
2024-08-05 05:47
Severity ?
Summary
In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:47:54.574Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3606-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3606-1/"
          },
          {
            "name": "USN-3602-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3602-1/"
          },
          {
            "name": "[debian-lts-announce] 20180531 [SECURITY] [DLA 1391-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00022.html"
          },
          {
            "name": "DSA-4349",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4349"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2772"
          },
          {
            "name": "[debian-lts-announce] 20180702 [SECURITY] [DLA 1411-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/commit/473851d211cf8805a161820337ca74cc9615d6ef"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-01-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-19T17:36:15",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3606-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3606-1/"
        },
        {
          "name": "USN-3602-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3602-1/"
        },
        {
          "name": "[debian-lts-announce] 20180531 [SECURITY] [DLA 1391-1] tiff security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00022.html"
        },
        {
          "name": "DSA-4349",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4349"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2772"
        },
        {
          "name": "[debian-lts-announce] 20180702 [SECURITY] [DLA 1411-1] tiff security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://gitlab.com/libtiff/libtiff/commit/473851d211cf8805a161820337ca74cc9615d6ef"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-5784",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3606-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3606-1/"
            },
            {
              "name": "USN-3602-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3602-1/"
            },
            {
              "name": "[debian-lts-announce] 20180531 [SECURITY] [DLA 1391-1] tiff security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00022.html"
            },
            {
              "name": "DSA-4349",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4349"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2772",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2772"
            },
            {
              "name": "[debian-lts-announce] 20180702 [SECURITY] [DLA 1411-1] tiff security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html"
            },
            {
              "name": "https://gitlab.com/libtiff/libtiff/commit/473851d211cf8805a161820337ca74cc9615d6ef",
              "refsource": "CONFIRM",
              "url": "https://gitlab.com/libtiff/libtiff/commit/473851d211cf8805a161820337ca74cc9615d6ef"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-5784",
    "datePublished": "2018-01-19T08:00:00",
    "dateReserved": "2018-01-19T00:00:00",
    "dateUpdated": "2024-08-05T05:47:54.574Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-0891
Vulnerability from cvelistv5
Published
2022-03-09 00:00
Modified
2024-08-02 23:47
Summary
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact
Impacted products
libtifflibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:47:42.151Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/380"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/382"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json"
          },
          {
            "name": "DSA-5108",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5108"
          },
          {
            "name": "FEDORA-2022-e2996202a0",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/"
          },
          {
            "name": "FEDORA-2022-c39720a0ed",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/"
          },
          {
            "name": "GLSA-202210-10",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-10"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20221228-0008/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "libtiff",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e=3.9.0, \u003c=4.3.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "shahchintanh@gmail.com"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Heap-based buffer overflow in libtiff",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-28T00:00:00",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/380"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/382"
        },
        {
          "url": "https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c"
        },
        {
          "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json"
        },
        {
          "name": "DSA-5108",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5108"
        },
        {
          "name": "FEDORA-2022-e2996202a0",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2/"
        },
        {
          "name": "FEDORA-2022-c39720a0ed",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3/"
        },
        {
          "name": "GLSA-202210-10",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-10"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20221228-0008/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2022-0891",
    "datePublished": "2022-03-09T00:00:00",
    "dateReserved": "2022-03-09T00:00:00",
    "dateUpdated": "2024-08-02T23:47:42.151Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-7601
Vulnerability from cvelistv5
Published
2017-04-09 14:00
Modified
2024-08-05 16:04
Severity ?
Summary
LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
References
https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashesx_refsource_MISC
http://www.debian.org/security/2017/dsa-3844vendor-advisory, x_refsource_DEBIAN
http://www.securityfocus.com/bid/97511vdb-entry, x_refsource_BID
https://security.gentoo.org/glsa/201709-27vendor-advisory, x_refsource_GENTOO
https://usn.ubuntu.com/3602-1/vendor-advisory, x_refsource_UBUNTU
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:04:12.089Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes"
          },
          {
            "name": "DSA-3844",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3844"
          },
          {
            "name": "97511",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97511"
          },
          {
            "name": "GLSA-201709-27",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-27"
          },
          {
            "name": "USN-3602-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3602-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-04-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF 4.0.7 has a \"shift exponent too large for 64-bit type long\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-21T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes"
        },
        {
          "name": "DSA-3844",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3844"
        },
        {
          "name": "97511",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97511"
        },
        {
          "name": "GLSA-201709-27",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-27"
        },
        {
          "name": "USN-3602-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3602-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-7601",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "LibTIFF 4.0.7 has a \"shift exponent too large for 64-bit type long\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes",
              "refsource": "MISC",
              "url": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes"
            },
            {
              "name": "DSA-3844",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3844"
            },
            {
              "name": "97511",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97511"
            },
            {
              "name": "GLSA-201709-27",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-27"
            },
            {
              "name": "USN-3602-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3602-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-7601",
    "datePublished": "2017-04-09T14:00:00",
    "dateReserved": "2017-04-09T00:00:00",
    "dateUpdated": "2024-08-05T16:04:12.089Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-30086
Vulnerability from cvelistv5
Published
2023-05-09 00:00
Modified
2024-08-02 14:21
Severity ?
Summary
Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:21:44.645Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://libtiff-release-v4-0-7.com"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://tiffcp.com"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/538"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230616-0003/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-16T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "http://libtiff-release-v4-0-7.com"
        },
        {
          "url": "http://tiffcp.com"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/538"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230616-0003/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-30086",
    "datePublished": "2023-05-09T00:00:00",
    "dateReserved": "2023-04-07T00:00:00",
    "dateUpdated": "2024-08-02T14:21:44.645Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-8784
Vulnerability from cvelistv5
Published
2016-04-13 17:00
Modified
2024-08-06 08:29
Severity ?
Summary
The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:29:22.042Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "name": "RHSA-2016:1547",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "name": "[oss-security] 20160124 CVE Request: tiff: potential out-of-bound write in NeXTDecode()",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/01/24/4"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/vadz/libtiff/commit/b18012dae552f85dcc5c57d3bf4e997a15b1cc1c"
          },
          {
            "name": "USN-2939-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2939-1"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2508"
          },
          {
            "name": "RHSA-2016:1546",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
          },
          {
            "name": "81696",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/81696"
          },
          {
            "name": "[oss-security] 20160124 Re: CVE Request: tiff: potential out-of-bound write in NeXTDecode()",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/01/24/8"
          },
          {
            "name": "DSA-3467",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3467"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-01-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "name": "RHSA-2016:1547",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "name": "[oss-security] 20160124 CVE Request: tiff: potential out-of-bound write in NeXTDecode()",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/01/24/4"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vadz/libtiff/commit/b18012dae552f85dcc5c57d3bf4e997a15b1cc1c"
        },
        {
          "name": "USN-2939-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2939-1"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2508"
        },
        {
          "name": "RHSA-2016:1546",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
        },
        {
          "name": "81696",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/81696"
        },
        {
          "name": "[oss-security] 20160124 Re: CVE Request: tiff: potential out-of-bound write in NeXTDecode()",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/01/24/8"
        },
        {
          "name": "DSA-3467",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3467"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2015-8784",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "name": "RHSA-2016:1547",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "[oss-security] 20160124 CVE Request: tiff: potential out-of-bound write in NeXTDecode()",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/01/24/4"
            },
            {
              "name": "https://github.com/vadz/libtiff/commit/b18012dae552f85dcc5c57d3bf4e997a15b1cc1c",
              "refsource": "CONFIRM",
              "url": "https://github.com/vadz/libtiff/commit/b18012dae552f85dcc5c57d3bf4e997a15b1cc1c"
            },
            {
              "name": "USN-2939-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2939-1"
            },
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2508",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2508"
            },
            {
              "name": "RHSA-2016:1546",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
            },
            {
              "name": "81696",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/81696"
            },
            {
              "name": "[oss-security] 20160124 Re: CVE Request: tiff: potential out-of-bound write in NeXTDecode()",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/01/24/8"
            },
            {
              "name": "DSA-3467",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3467"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2015-8784",
    "datePublished": "2016-04-13T17:00:00",
    "dateReserved": "2016-01-24T00:00:00",
    "dateUpdated": "2024-08-06T08:29:22.042Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-2520
Vulnerability from cvelistv5
Published
2022-08-31 00:00
Modified
2024-08-03 00:39
Severity ?
Summary
A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input.
Impacted products
n/alibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:39:07.943Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/424"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/378"
          },
          {
            "name": "DSA-5333",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5333"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "libtiff 4.4.0rc1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-131",
              "description": "CWE-131",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-30T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/424"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/378"
        },
        {
          "name": "DSA-5333",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5333"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-2520",
    "datePublished": "2022-08-31T00:00:00",
    "dateReserved": "2022-07-22T00:00:00",
    "dateUpdated": "2024-08-03T00:39:07.943Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-4231
Vulnerability from cvelistv5
Published
2014-01-19 15:00
Modified
2024-08-06 16:38
Severity ?
Summary
Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size.
References
http://bugzilla.maptools.org/show_bug.cgi?id=2450x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2014-0223.htmlvendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2013/dsa-2744vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/54543third-party-advisory, x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=995965x_refsource_CONFIRM
http://www.asmail.be/msg0055359936.htmlmailing-list, x_refsource_MLIST
http://secunia.com/advisories/54628third-party-advisory, x_refsource_SECUNIA
http://www.openwall.com/lists/oss-security/2013/08/10/2mailing-list, x_refsource_MLIST
http://www.securityfocus.com/bid/61695vdb-entry, x_refsource_BID
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:38:01.563Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2450"
          },
          {
            "name": "RHSA-2014:0223",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0223.html"
          },
          {
            "name": "DSA-2744",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2744"
          },
          {
            "name": "54543",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/54543"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=995965"
          },
          {
            "name": "[tiff] 20130801 Vulnerabilities in libtiff 4.0.3",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.asmail.be/msg0055359936.html"
          },
          {
            "name": "54628",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/54628"
          },
          {
            "name": "[oss-security] 20130809 Re: CVE Request -- Four (stack-based) buffer overflows  and one use-after-free in libtiff v4.0.3 reported by Pedro Ribeiro",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/08/10/2"
          },
          {
            "name": "61695",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/61695"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-08-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c.  NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-29T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2450"
        },
        {
          "name": "RHSA-2014:0223",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0223.html"
        },
        {
          "name": "DSA-2744",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2744"
        },
        {
          "name": "54543",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/54543"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=995965"
        },
        {
          "name": "[tiff] 20130801 Vulnerabilities in libtiff 4.0.3",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.asmail.be/msg0055359936.html"
        },
        {
          "name": "54628",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/54628"
        },
        {
          "name": "[oss-security] 20130809 Re: CVE Request -- Four (stack-based) buffer overflows  and one use-after-free in libtiff v4.0.3 reported by Pedro Ribeiro",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/08/10/2"
        },
        {
          "name": "61695",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/61695"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4231",
    "datePublished": "2014-01-19T15:00:00",
    "dateReserved": "2013-06-12T00:00:00",
    "dateUpdated": "2024-08-06T16:38:01.563Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-3621
Vulnerability from cvelistv5
Published
2016-10-03 16:00
Modified
2024-08-06 00:03
Severity ?
Summary
The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c lzw" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.
References
http://www.securitytracker.com/id/1035508vdb-entry, x_refsource_SECTRACK
http://www.openwall.com/lists/oss-security/2016/04/07/3mailing-list, x_refsource_MLIST
http://bugzilla.maptools.org/show_bug.cgi?id=2565x_refsource_MISC
https://security.gentoo.org/glsa/201701-16vendor-advisory, x_refsource_GENTOO
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:03:34.355Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1035508",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035508"
          },
          {
            "name": "[oss-security] 20160407 CVE-2016-3621 libtiff: Out-of-bounds Read in the bmp2tiff tool",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/04/07/3"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2565"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the \"-c lzw\" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-02T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1035508",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035508"
        },
        {
          "name": "[oss-security] 20160407 CVE-2016-3621 libtiff: Out-of-bounds Read in the bmp2tiff tool",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/04/07/3"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2565"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-3621",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the \"-c lzw\" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1035508",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035508"
            },
            {
              "name": "[oss-security] 20160407 CVE-2016-3621 libtiff: Out-of-bounds Read in the bmp2tiff tool",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/04/07/3"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2565",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2565"
            },
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-3621",
    "datePublished": "2016-10-03T16:00:00",
    "dateReserved": "2016-03-21T00:00:00",
    "dateUpdated": "2024-08-06T00:03:34.355Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-26966
Vulnerability from cvelistv5
Published
2023-06-29 00:00
Modified
2024-08-02 12:01
Severity ?
Summary
libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:01:31.820Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/530"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/473"
          },
          {
            "name": "[debian-lts-announce] 20230731 [SECURITY] [DLA 3513-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-01T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/530"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/473"
        },
        {
          "name": "[debian-lts-announce] 20230731 [SECURITY] [DLA 3513-1] tiff security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-26966",
    "datePublished": "2023-06-29T00:00:00",
    "dateReserved": "2023-02-27T00:00:00",
    "dateUpdated": "2024-08-02T12:01:31.820Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-3576
Vulnerability from cvelistv5
Published
2023-10-04 18:02
Modified
2024-09-16 12:54
Summary
Libtiff: memory leak in tiffcrop.c
References
https://access.redhat.com/errata/RHSA-2023:6575vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-3576vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2219340issue-tracking, x_refsource_REDHAT
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:01:55.939Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2023:6575",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:6575"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-3576"
          },
          {
            "name": "RHBZ#2219340",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219340"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00011.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.4.0-10.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "compat-libtiff3",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "compat-libtiff3",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "mingw-libtiff",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "compat-libtiff3",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2023-03-07T00:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A memory leak flaw was found in Libtiff\u0027s tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-16T12:54:48.216Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2023:6575",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:6575"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-3576"
        },
        {
          "name": "RHBZ#2219340",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219340"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-03-09T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-03-07T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Libtiff: memory leak in tiffcrop.c",
      "x_redhatCweChain": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-3576",
    "datePublished": "2023-10-04T18:02:23.926Z",
    "dateReserved": "2023-07-10T09:16:33.670Z",
    "dateUpdated": "2024-09-16T12:54:48.216Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-26965
Vulnerability from cvelistv5
Published
2023-06-14 00:00
Modified
2024-08-02 12:01
Severity ?
Summary
loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:01:31.508Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/472"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230706-0009/"
          },
          {
            "name": "[debian-lts-announce] 20230731 [SECURITY] [DLA 3513-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-01T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/472"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230706-0009/"
        },
        {
          "name": "[debian-lts-announce] 20230731 [SECURITY] [DLA 3513-1] tiff security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-26965",
    "datePublished": "2023-06-14T00:00:00",
    "dateReserved": "2023-02-27T00:00:00",
    "dateUpdated": "2024-08-02T12:01:31.508Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-2731
Vulnerability from cvelistv5
Published
2023-05-17 00:00
Modified
2024-08-02 06:33
Severity ?
Summary
A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.
Impacted products
n/alibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:33:05.442Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/548"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207635"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/libsdl-org/libtiff/commit/9be22b639ea69e102d3847dca4c53ef025e9527b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-2731"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230703-0009/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in libtiff v4.5.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A NULL pointer dereference flaw was found in Libtiff\u0027s LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 - NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-03T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/548"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207635"
        },
        {
          "url": "https://github.com/libsdl-org/libtiff/commit/9be22b639ea69e102d3847dca4c53ef025e9527b"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2023-2731"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230703-0009/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-2731",
    "datePublished": "2023-05-17T00:00:00",
    "dateReserved": "2023-05-16T00:00:00",
    "dateUpdated": "2024-08-02T06:33:05.442Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-7595
Vulnerability from cvelistv5
Published
2017-04-09 14:00
Modified
2024-08-05 16:04
Severity ?
Summary
The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.
References
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:04:11.964Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-3844",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3844"
          },
          {
            "name": "GLSA-201709-27",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-27"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-divide-by-zero-in-jpegsetupencode-tiff_jpeg-c"
          },
          {
            "name": "USN-3602-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3602-1/"
          },
          {
            "name": "97501",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97501"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-04-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-21T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-3844",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3844"
        },
        {
          "name": "GLSA-201709-27",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-27"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-divide-by-zero-in-jpegsetupencode-tiff_jpeg-c"
        },
        {
          "name": "USN-3602-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3602-1/"
        },
        {
          "name": "97501",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97501"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-7595",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-3844",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3844"
            },
            {
              "name": "GLSA-201709-27",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-27"
            },
            {
              "name": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-divide-by-zero-in-jpegsetupencode-tiff_jpeg-c",
              "refsource": "MISC",
              "url": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-divide-by-zero-in-jpegsetupencode-tiff_jpeg-c"
            },
            {
              "name": "USN-3602-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3602-1/"
            },
            {
              "name": "97501",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97501"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-7595",
    "datePublished": "2017-04-09T14:00:00",
    "dateReserved": "2017-04-09T00:00:00",
    "dateUpdated": "2024-08-05T16:04:11.964Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2005-1544
Vulnerability from cvelistv5
Published
2005-05-14 04:00
Modified
2024-08-07 21:51
Severity ?
Summary
Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag.
References
http://www.debian.org/security/2005/dsa-755vendor-advisory, x_refsource_DEBIAN
http://bugzilla.remotesensing.org/show_bug.cgi?id=843x_refsource_MISC
http://secunia.com/advisories/18289third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/16872third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/15320third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/20533vdb-entry, x_refsource_XF
http://secunia.com/advisories/18943third-party-advisory, x_refsource_SECUNIA
http://www.osvdb.org/16350vdb-entry, x_refsource_OSVDB
http://securitytracker.com/id?1013944vdb-entry, x_refsource_SECTRACK
http://www.gentoo.org/security/en/glsa/glsa-200505-07.xmlvendor-advisory, x_refsource_GENTOO
http://www.mandriva.com/security/advisories?name=MDKSA-2006:042vendor-advisory, x_refsource_MANDRIVA
http://www.ubuntu.com/usn/usn-130-1vendor-advisory, x_refsource_UBUNTU
http://www.securityfocus.com/bid/13585vdb-entry, x_refsource_BID
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.3/SCOSA-2006.3.txtvendor-advisory, x_refsource_SCO
http://bugs.gentoo.org/show_bug.cgi?id=91584x_refsource_MISC
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.34/SCOSA-2005.34.txtvendor-advisory, x_refsource_SCO
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T21:51:50.277Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-755",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2005/dsa-755"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=843"
          },
          {
            "name": "18289",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18289"
          },
          {
            "name": "16872",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/16872"
          },
          {
            "name": "15320",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/15320"
          },
          {
            "name": "libtiff-bitspersample-bo(20533)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20533"
          },
          {
            "name": "18943",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18943"
          },
          {
            "name": "16350",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/16350"
          },
          {
            "name": "1013944",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1013944"
          },
          {
            "name": "GLSA-200505-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200505-07.xml"
          },
          {
            "name": "MDKSA-2006:042",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:042"
          },
          {
            "name": "USN-130-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-130-1"
          },
          {
            "name": "13585",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/13585"
          },
          {
            "name": "SCOSA-2006.3",
            "tags": [
              "vendor-advisory",
              "x_refsource_SCO",
              "x_transferred"
            ],
            "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.3/SCOSA-2006.3.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugs.gentoo.org/show_bug.cgi?id=91584"
          },
          {
            "name": "SCOSA-2005.34",
            "tags": [
              "vendor-advisory",
              "x_refsource_SCO",
              "x_transferred"
            ],
            "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.34/SCOSA-2005.34.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-05-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-755",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2005/dsa-755"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=843"
        },
        {
          "name": "18289",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18289"
        },
        {
          "name": "16872",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/16872"
        },
        {
          "name": "15320",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/15320"
        },
        {
          "name": "libtiff-bitspersample-bo(20533)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20533"
        },
        {
          "name": "18943",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18943"
        },
        {
          "name": "16350",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/16350"
        },
        {
          "name": "1013944",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1013944"
        },
        {
          "name": "GLSA-200505-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200505-07.xml"
        },
        {
          "name": "MDKSA-2006:042",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:042"
        },
        {
          "name": "USN-130-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-130-1"
        },
        {
          "name": "13585",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/13585"
        },
        {
          "name": "SCOSA-2006.3",
          "tags": [
            "vendor-advisory",
            "x_refsource_SCO"
          ],
          "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.3/SCOSA-2006.3.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugs.gentoo.org/show_bug.cgi?id=91584"
        },
        {
          "name": "SCOSA-2005.34",
          "tags": [
            "vendor-advisory",
            "x_refsource_SCO"
          ],
          "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.34/SCOSA-2005.34.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-1544",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-755",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2005/dsa-755"
            },
            {
              "name": "http://bugzilla.remotesensing.org/show_bug.cgi?id=843",
              "refsource": "MISC",
              "url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=843"
            },
            {
              "name": "18289",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18289"
            },
            {
              "name": "16872",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/16872"
            },
            {
              "name": "15320",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/15320"
            },
            {
              "name": "libtiff-bitspersample-bo(20533)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20533"
            },
            {
              "name": "18943",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18943"
            },
            {
              "name": "16350",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/16350"
            },
            {
              "name": "1013944",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1013944"
            },
            {
              "name": "GLSA-200505-07",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200505-07.xml"
            },
            {
              "name": "MDKSA-2006:042",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:042"
            },
            {
              "name": "USN-130-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-130-1"
            },
            {
              "name": "13585",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/13585"
            },
            {
              "name": "SCOSA-2006.3",
              "refsource": "SCO",
              "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.3/SCOSA-2006.3.txt"
            },
            {
              "name": "http://bugs.gentoo.org/show_bug.cgi?id=91584",
              "refsource": "MISC",
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=91584"
            },
            {
              "name": "SCOSA-2005.34",
              "refsource": "SCO",
              "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.34/SCOSA-2005.34.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-1544",
    "datePublished": "2005-05-14T04:00:00",
    "dateReserved": "2005-05-14T00:00:00",
    "dateUpdated": "2024-08-07T21:51:50.277Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-13727
Vulnerability from cvelistv5
Published
2017-08-29 06:00
Modified
2024-08-05 19:05
Severity ?
Summary
There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack.
References
http://www.securityfocus.com/bid/100524vdb-entry, x_refsource_BID
https://usn.ubuntu.com/3602-1/vendor-advisory, x_refsource_UBUNTU
http://bugzilla.maptools.org/show_bug.cgi?id=2728x_refsource_MISC
https://www.debian.org/security/2018/dsa-4100vendor-advisory, x_refsource_DEBIAN
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T19:05:20.075Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "100524",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100524"
          },
          {
            "name": "USN-3602-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3602-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2728"
          },
          {
            "name": "DSA-4100",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4100"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-08-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-21T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "100524",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100524"
        },
        {
          "name": "USN-3602-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3602-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2728"
        },
        {
          "name": "DSA-4100",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4100"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-13727",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "100524",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100524"
            },
            {
              "name": "USN-3602-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3602-1/"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2728",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2728"
            },
            {
              "name": "DSA-4100",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4100"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-13727",
    "datePublished": "2017-08-29T06:00:00",
    "dateReserved": "2017-08-29T00:00:00",
    "dateUpdated": "2024-08-05T19:05:20.075Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-2067
Vulnerability from cvelistv5
Published
2010-06-23 18:00
Modified
2024-08-07 02:17
Severity ?
Summary
Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file.
References
http://secunia.com/advisories/40241third-party-advisory, x_refsource_SECUNIA
http://bugzilla.maptools.org/show_bug.cgi?id=2212x_refsource_CONFIRM
http://marc.info/?l=oss-security&m=127731610612908&w=2mailing-list, x_refsource_MLIST
http://www.vupen.com/english/advisories/2010/1638vdb-entry, x_refsource_VUPEN
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.596424vendor-advisory, x_refsource_SLACKWARE
http://osvdb.org/65676vdb-entry, x_refsource_OSVDB
http://www.ubuntu.com/usn/USN-954-1vendor-advisory, x_refsource_UBUNTU
http://www.remotesensing.org/libtiff/v3.9.4.htmlx_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-201209-02.xmlvendor-advisory, x_refsource_GENTOO
https://bugzilla.redhat.com/show_bug.cgi?id=599576x_refsource_CONFIRM
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=874third-party-advisory, x_refsource_IDEFENSE
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/40381third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/50726third-party-advisory, x_refsource_SECUNIA
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:17:14.412Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "40241",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40241"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2212"
          },
          {
            "name": "[oss-security] 20100623 CVE requests: LibTIFF",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=127731610612908\u0026w=2"
          },
          {
            "name": "ADV-2010-1638",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1638"
          },
          {
            "name": "SSA:2010-180-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.596424"
          },
          {
            "name": "65676",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/65676"
          },
          {
            "name": "USN-954-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-954-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.remotesensing.org/libtiff/v3.9.4.html"
          },
          {
            "name": "GLSA-201209-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=599576"
          },
          {
            "name": "20100621 Multiple Vendor LibTIFF 3.9.2 Stack Buffer Overflow Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=874"
          },
          {
            "name": "SUSE-SR:2010:014",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
          },
          {
            "name": "40381",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40381"
          },
          {
            "name": "50726",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50726"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-06-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-06-26T09:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "40241",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40241"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2212"
        },
        {
          "name": "[oss-security] 20100623 CVE requests: LibTIFF",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=127731610612908\u0026w=2"
        },
        {
          "name": "ADV-2010-1638",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1638"
        },
        {
          "name": "SSA:2010-180-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.596424"
        },
        {
          "name": "65676",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/65676"
        },
        {
          "name": "USN-954-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-954-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.remotesensing.org/libtiff/v3.9.4.html"
        },
        {
          "name": "GLSA-201209-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=599576"
        },
        {
          "name": "20100621 Multiple Vendor LibTIFF 3.9.2 Stack Buffer Overflow Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=874"
        },
        {
          "name": "SUSE-SR:2010:014",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
        },
        {
          "name": "40381",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40381"
        },
        {
          "name": "50726",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50726"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-2067",
    "datePublished": "2010-06-23T18:00:00",
    "dateReserved": "2010-05-25T00:00:00",
    "dateUpdated": "2024-08-07T02:17:14.412Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-3570
Vulnerability from cvelistv5
Published
2022-10-21 00:00
Modified
2024-08-03 01:14
Summary
Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact
Impacted products
libtifflibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:14:02.491Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/381"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/386"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/commit/bd94a9b383d8755a27b5a1bc27660b8ad10b094c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3570.json"
          },
          {
            "name": "[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
          },
          {
            "name": "DSA-5333",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5333"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230203-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "libtiff",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e=3.9.0, \u003c=4.4.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "shahchintanh@gmail.com"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Heap-based buffer overflow in libtiff",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-03T00:00:00",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/381"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/386"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/commit/bd94a9b383d8755a27b5a1bc27660b8ad10b094c"
        },
        {
          "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3570.json"
        },
        {
          "name": "[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
        },
        {
          "name": "DSA-5333",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5333"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230203-0002/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2022-3570",
    "datePublished": "2022-10-21T00:00:00",
    "dateReserved": "2022-10-17T00:00:00",
    "dateUpdated": "2024-08-03T01:14:02.491Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-8781
Vulnerability from cvelistv5
Published
2016-02-01 21:00
Modified
2024-08-06 08:29
Severity ?
Summary
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:29:22.097Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "name": "openSUSE-SU-2016:0414",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00064.html"
          },
          {
            "name": "RHSA-2016:1547",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2522#c0"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "name": "81730",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/81730"
          },
          {
            "name": "openSUSE-SU-2016:0405",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00058.html"
          },
          {
            "name": "USN-2939-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2939-1"
          },
          {
            "name": "[oss-security] 20160124 Re: CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/01/24/7"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "RHSA-2016:1546",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
          },
          {
            "name": "[oss-security] 20160124 CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/01/24/3"
          },
          {
            "name": "DSA-3467",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3467"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-01-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "name": "openSUSE-SU-2016:0414",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00064.html"
        },
        {
          "name": "RHSA-2016:1547",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2522#c0"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "name": "81730",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/81730"
        },
        {
          "name": "openSUSE-SU-2016:0405",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00058.html"
        },
        {
          "name": "USN-2939-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2939-1"
        },
        {
          "name": "[oss-security] 20160124 Re: CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/01/24/7"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "name": "RHSA-2016:1546",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
        },
        {
          "name": "[oss-security] 20160124 CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/01/24/3"
        },
        {
          "name": "DSA-3467",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3467"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2015-8781",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "name": "openSUSE-SU-2016:0414",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00064.html"
            },
            {
              "name": "RHSA-2016:1547",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2522#c0",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2522#c0"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "81730",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/81730"
            },
            {
              "name": "openSUSE-SU-2016:0405",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00058.html"
            },
            {
              "name": "USN-2939-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2939-1"
            },
            {
              "name": "[oss-security] 20160124 Re: CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/01/24/7"
            },
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "RHSA-2016:1546",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
            },
            {
              "name": "[oss-security] 20160124 CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/01/24/3"
            },
            {
              "name": "DSA-3467",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3467"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2015-8781",
    "datePublished": "2016-02-01T21:00:00",
    "dateReserved": "2016-01-24T00:00:00",
    "dateUpdated": "2024-08-06T08:29:22.097Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-3462
Vulnerability from cvelistv5
Published
2006-08-03 01:00
Modified
2024-08-07 18:30
Severity ?
Summary
Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors involving decoding large RLE images.
References
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-Pvendor-advisory, x_refsource_SGI
http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.htmlvendor-advisory, x_refsource_APPLE
http://www.vupen.com/english/advisories/2007/3486vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/21501third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:136vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/21537third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21632third-party-advisory, x_refsource_SECUNIA
http://www.gentoo.org/security/en/glsa/glsa-200608-07.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/21338third-party-advisory, x_refsource_SECUNIA
http://www.ubuntu.com/usn/usn-330-1vendor-advisory, x_refsource_UBUNTU
http://support.avaya.com/elmodocs2/security/ASA-2006-166.htmx_refsource_CONFIRM
http://www.osvdb.org/27726vdb-entry, x_refsource_OSVDB
http://www.vupen.com/english/advisories/2006/3101vdb-entry, x_refsource_VUPEN
http://securitytracker.com/id?1016628vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/21253third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2006/dsa-1137vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/21370third-party-advisory, x_refsource_SECUNIA
http://securitytracker.com/id?1016671vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/21598third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2006-0648.htmlvendor-advisory, x_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDKSA-2006:137vendor-advisory, x_refsource_MANDRIVA
http://www.securityfocus.com/bid/19289vdb-entry, x_refsource_BID
http://secunia.com/advisories/27222third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/4034vdb-entry, x_refsource_VUPEN
http://www.us-cert.gov/cas/techalerts/TA06-214A.htmlthird-party-advisory, x_refsource_CERT
http://www.novell.com/linux/security/advisories/2006_44_libtiff.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/21290third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21274third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/3105vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/27181third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11301vdb-entry, signature, x_refsource_OVAL
http://www.redhat.com/support/errata/RHSA-2006-0603.htmlvendor-advisory, x_refsource_REDHAT
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.ascvendor-advisory, x_refsource_SGI
http://secunia.com/advisories/21304third-party-advisory, x_refsource_SECUNIA
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600vendor-advisory, x_refsource_SLACKWARE
http://docs.info.apple.com/article.html?artnum=304063x_refsource_MISC
http://www.securityfocus.com/bid/19282vdb-entry, x_refsource_BID
https://issues.rpath.com/browse/RPL-558x_refsource_CONFIRM
http://secunia.com/advisories/27832third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21346third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1vendor-advisory, x_refsource_SUNALERT
http://secunia.com/advisories/21319third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21392third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21334third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22036third-party-advisory, x_refsource_SECUNIA
http://lwn.net/Alerts/194228/vendor-advisory, x_refsource_TRUSTIX
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1vendor-advisory, x_refsource_SUNALERT
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:30:33.554Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20060801-01-P",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"
          },
          {
            "name": "APPLE-SA-2006-08-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
          },
          {
            "name": "ADV-2007-3486",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3486"
          },
          {
            "name": "21501",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21501"
          },
          {
            "name": "MDKSA-2006:136",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:136"
          },
          {
            "name": "21537",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21537"
          },
          {
            "name": "21632",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21632"
          },
          {
            "name": "GLSA-200608-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml"
          },
          {
            "name": "21338",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21338"
          },
          {
            "name": "USN-330-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-330-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm"
          },
          {
            "name": "27726",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/27726"
          },
          {
            "name": "ADV-2006-3101",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3101"
          },
          {
            "name": "1016628",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016628"
          },
          {
            "name": "21253",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21253"
          },
          {
            "name": "DSA-1137",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1137"
          },
          {
            "name": "21370",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21370"
          },
          {
            "name": "1016671",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016671"
          },
          {
            "name": "21598",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21598"
          },
          {
            "name": "RHSA-2006:0648",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0648.html"
          },
          {
            "name": "MDKSA-2006:137",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:137"
          },
          {
            "name": "19289",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19289"
          },
          {
            "name": "27222",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27222"
          },
          {
            "name": "ADV-2007-4034",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4034"
          },
          {
            "name": "TA06-214A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
          },
          {
            "name": "SUSE-SA:2006:044",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_44_libtiff.html"
          },
          {
            "name": "21290",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21290"
          },
          {
            "name": "21274",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21274"
          },
          {
            "name": "ADV-2006-3105",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3105"
          },
          {
            "name": "27181",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27181"
          },
          {
            "name": "oval:org.mitre.oval:def:11301",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11301"
          },
          {
            "name": "RHSA-2006:0603",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0603.html"
          },
          {
            "name": "20060901-01-P",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
          },
          {
            "name": "21304",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21304"
          },
          {
            "name": "SSA:2006-230-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.536600"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=304063"
          },
          {
            "name": "19282",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19282"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-558"
          },
          {
            "name": "27832",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27832"
          },
          {
            "name": "21346",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21346"
          },
          {
            "name": "201331",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1"
          },
          {
            "name": "21319",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21319"
          },
          {
            "name": "21392",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21392"
          },
          {
            "name": "21334",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21334"
          },
          {
            "name": "22036",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22036"
          },
          {
            "name": "2006-0044",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://lwn.net/Alerts/194228/"
          },
          {
            "name": "103160",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-08-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors involving decoding large RLE images."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "20060801-01-P",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"
        },
        {
          "name": "APPLE-SA-2006-08-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
        },
        {
          "name": "ADV-2007-3486",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3486"
        },
        {
          "name": "21501",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21501"
        },
        {
          "name": "MDKSA-2006:136",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:136"
        },
        {
          "name": "21537",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21537"
        },
        {
          "name": "21632",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21632"
        },
        {
          "name": "GLSA-200608-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml"
        },
        {
          "name": "21338",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21338"
        },
        {
          "name": "USN-330-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-330-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm"
        },
        {
          "name": "27726",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/27726"
        },
        {
          "name": "ADV-2006-3101",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3101"
        },
        {
          "name": "1016628",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016628"
        },
        {
          "name": "21253",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21253"
        },
        {
          "name": "DSA-1137",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1137"
        },
        {
          "name": "21370",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21370"
        },
        {
          "name": "1016671",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016671"
        },
        {
          "name": "21598",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21598"
        },
        {
          "name": "RHSA-2006:0648",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0648.html"
        },
        {
          "name": "MDKSA-2006:137",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:137"
        },
        {
          "name": "19289",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19289"
        },
        {
          "name": "27222",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27222"
        },
        {
          "name": "ADV-2007-4034",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4034"
        },
        {
          "name": "TA06-214A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
        },
        {
          "name": "SUSE-SA:2006:044",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_44_libtiff.html"
        },
        {
          "name": "21290",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21290"
        },
        {
          "name": "21274",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21274"
        },
        {
          "name": "ADV-2006-3105",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3105"
        },
        {
          "name": "27181",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27181"
        },
        {
          "name": "oval:org.mitre.oval:def:11301",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11301"
        },
        {
          "name": "RHSA-2006:0603",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0603.html"
        },
        {
          "name": "20060901-01-P",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
        },
        {
          "name": "21304",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21304"
        },
        {
          "name": "SSA:2006-230-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.536600"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=304063"
        },
        {
          "name": "19282",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19282"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-558"
        },
        {
          "name": "27832",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27832"
        },
        {
          "name": "21346",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21346"
        },
        {
          "name": "201331",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1"
        },
        {
          "name": "21319",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21319"
        },
        {
          "name": "21392",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21392"
        },
        {
          "name": "21334",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21334"
        },
        {
          "name": "22036",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22036"
        },
        {
          "name": "2006-0044",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://lwn.net/Alerts/194228/"
        },
        {
          "name": "103160",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2006-3462",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors involving decoding large RLE images."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20060801-01-P",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"
            },
            {
              "name": "APPLE-SA-2006-08-01",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
            },
            {
              "name": "ADV-2007-3486",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3486"
            },
            {
              "name": "21501",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21501"
            },
            {
              "name": "MDKSA-2006:136",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:136"
            },
            {
              "name": "21537",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21537"
            },
            {
              "name": "21632",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21632"
            },
            {
              "name": "GLSA-200608-07",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml"
            },
            {
              "name": "21338",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21338"
            },
            {
              "name": "USN-330-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-330-1"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm"
            },
            {
              "name": "27726",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/27726"
            },
            {
              "name": "ADV-2006-3101",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3101"
            },
            {
              "name": "1016628",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016628"
            },
            {
              "name": "21253",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21253"
            },
            {
              "name": "DSA-1137",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1137"
            },
            {
              "name": "21370",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21370"
            },
            {
              "name": "1016671",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016671"
            },
            {
              "name": "21598",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21598"
            },
            {
              "name": "RHSA-2006:0648",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0648.html"
            },
            {
              "name": "MDKSA-2006:137",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:137"
            },
            {
              "name": "19289",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19289"
            },
            {
              "name": "27222",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27222"
            },
            {
              "name": "ADV-2007-4034",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4034"
            },
            {
              "name": "TA06-214A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
            },
            {
              "name": "SUSE-SA:2006:044",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2006_44_libtiff.html"
            },
            {
              "name": "21290",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21290"
            },
            {
              "name": "21274",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21274"
            },
            {
              "name": "ADV-2006-3105",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3105"
            },
            {
              "name": "27181",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27181"
            },
            {
              "name": "oval:org.mitre.oval:def:11301",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11301"
            },
            {
              "name": "RHSA-2006:0603",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0603.html"
            },
            {
              "name": "20060901-01-P",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
            },
            {
              "name": "21304",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21304"
            },
            {
              "name": "SSA:2006-230-01",
              "refsource": "SLACKWARE",
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.536600"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=304063",
              "refsource": "MISC",
              "url": "http://docs.info.apple.com/article.html?artnum=304063"
            },
            {
              "name": "19282",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19282"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-558",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-558"
            },
            {
              "name": "27832",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27832"
            },
            {
              "name": "21346",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21346"
            },
            {
              "name": "201331",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1"
            },
            {
              "name": "21319",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21319"
            },
            {
              "name": "21392",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21392"
            },
            {
              "name": "21334",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21334"
            },
            {
              "name": "22036",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22036"
            },
            {
              "name": "2006-0044",
              "refsource": "TRUSTIX",
              "url": "http://lwn.net/Alerts/194228/"
            },
            {
              "name": "103160",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2006-3462",
    "datePublished": "2006-08-03T01:00:00",
    "dateReserved": "2006-07-10T00:00:00",
    "dateUpdated": "2024-08-07T18:30:33.554Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-11613
Vulnerability from cvelistv5
Published
2017-07-26 08:00
Modified
2024-08-05 18:12
Severity ?
Summary
In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If we set the value of td_imagelength close to the amount of system memory, it will hang the system or trigger the OOM killer.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:12:40.627Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "99977",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99977"
          },
          {
            "name": "USN-3606-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3606-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gist.github.com/dazhouzhou/1a3b7400547f23fe316db303ab9b604f"
          },
          {
            "name": "[debian-lts-announce] 20180531 [SECURITY] [DLA 1391-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00022.html"
          },
          {
            "name": "DSA-4349",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4349"
          },
          {
            "name": "[debian-lts-announce] 20180702 [SECURITY] [DLA 1411-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-07-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If we set the value of td_imagelength close to the amount of system memory, it will hang the system or trigger the OOM killer."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-01T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "99977",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99977"
        },
        {
          "name": "USN-3606-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3606-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gist.github.com/dazhouzhou/1a3b7400547f23fe316db303ab9b604f"
        },
        {
          "name": "[debian-lts-announce] 20180531 [SECURITY] [DLA 1391-1] tiff security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00022.html"
        },
        {
          "name": "DSA-4349",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4349"
        },
        {
          "name": "[debian-lts-announce] 20180702 [SECURITY] [DLA 1411-1] tiff security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-11613",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If we set the value of td_imagelength close to the amount of system memory, it will hang the system or trigger the OOM killer."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "99977",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99977"
            },
            {
              "name": "USN-3606-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3606-1/"
            },
            {
              "name": "https://gist.github.com/dazhouzhou/1a3b7400547f23fe316db303ab9b604f",
              "refsource": "MISC",
              "url": "https://gist.github.com/dazhouzhou/1a3b7400547f23fe316db303ab9b604f"
            },
            {
              "name": "[debian-lts-announce] 20180531 [SECURITY] [DLA 1391-1] tiff security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00022.html"
            },
            {
              "name": "DSA-4349",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4349"
            },
            {
              "name": "[debian-lts-announce] 20180702 [SECURITY] [DLA 1411-1] tiff security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-11613",
    "datePublished": "2017-07-26T08:00:00",
    "dateReserved": "2017-07-25T00:00:00",
    "dateUpdated": "2024-08-05T18:12:40.627Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-8668
Vulnerability from cvelistv5
Published
2016-01-08 19:00
Modified
2024-08-06 08:29
Severity ?
Summary
Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:29:20.208Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "name": "RHSA-2016:1547",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/135080/libtiff-4.0.6-Heap-Overflow.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "name": "RHSA-2016:1546",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
          },
          {
            "name": "20151228 libtiff bmp file Heap Overflow (CVE-2015-8668)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/537208/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "name": "RHSA-2016:1547",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/135080/libtiff-4.0.6-Heap-Overflow.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "name": "RHSA-2016:1546",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
        },
        {
          "name": "20151228 libtiff bmp file Heap Overflow (CVE-2015-8668)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/537208/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8668",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "name": "RHSA-2016:1547",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/135080/libtiff-4.0.6-Heap-Overflow.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/135080/libtiff-4.0.6-Heap-Overflow.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "RHSA-2016:1546",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
            },
            {
              "name": "20151228 libtiff bmp file Heap Overflow (CVE-2015-8668)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/537208/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8668",
    "datePublished": "2016-01-08T19:00:00",
    "dateReserved": "2015-12-24T00:00:00",
    "dateUpdated": "2024-08-06T08:29:20.208Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-7602
Vulnerability from cvelistv5
Published
2017-04-09 14:00
Modified
2024-08-05 16:04
Severity ?
Summary
LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
References
https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashesx_refsource_MISC
http://www.securityfocus.com/bid/97500vdb-entry, x_refsource_BID
http://www.debian.org/security/2017/dsa-3844vendor-advisory, x_refsource_DEBIAN
https://security.gentoo.org/glsa/201709-27vendor-advisory, x_refsource_GENTOO
https://usn.ubuntu.com/3602-1/vendor-advisory, x_refsource_UBUNTU
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:04:12.014Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes"
          },
          {
            "name": "97500",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97500"
          },
          {
            "name": "DSA-3844",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3844"
          },
          {
            "name": "GLSA-201709-27",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-27"
          },
          {
            "name": "USN-3602-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3602-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-04-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-21T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes"
        },
        {
          "name": "97500",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97500"
        },
        {
          "name": "DSA-3844",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3844"
        },
        {
          "name": "GLSA-201709-27",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-27"
        },
        {
          "name": "USN-3602-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3602-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-7602",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes",
              "refsource": "MISC",
              "url": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes"
            },
            {
              "name": "97500",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97500"
            },
            {
              "name": "DSA-3844",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3844"
            },
            {
              "name": "GLSA-201709-27",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-27"
            },
            {
              "name": "USN-3602-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3602-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-7602",
    "datePublished": "2017-04-09T14:00:00",
    "dateReserved": "2017-04-09T00:00:00",
    "dateUpdated": "2024-08-05T16:04:12.014Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-8870
Vulnerability from cvelistv5
Published
2016-12-06 18:00
Modified
2024-08-06 08:29
Severity ?
Summary
Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file.
References
http://www.securityfocus.com/bid/94717vdb-entry, x_refsource_BID
http://download.osgeo.org/libtiff/tiff-4.0.4.tar.gzx_refsource_CONFIRM
http://www.floyd.ch/?p=874BMPx_refsource_MISC
http://rhn.redhat.com/errata/RHSA-2017-0225.htmlvendor-advisory, x_refsource_REDHAT
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:29:22.080Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "94717",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94717"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://download.osgeo.org/libtiff/tiff-4.0.4.tar.gz"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.floyd.ch/?p=874BMP"
          },
          {
            "name": "RHSA-2017:0225",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "94717",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94717"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://download.osgeo.org/libtiff/tiff-4.0.4.tar.gz"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.floyd.ch/?p=874BMP"
        },
        {
          "name": "RHSA-2017:0225",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8870",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "94717",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94717"
            },
            {
              "name": "http://download.osgeo.org/libtiff/tiff-4.0.4.tar.gz",
              "refsource": "CONFIRM",
              "url": "http://download.osgeo.org/libtiff/tiff-4.0.4.tar.gz"
            },
            {
              "name": "http://www.floyd.ch/?p=874BMP",
              "refsource": "MISC",
              "url": "http://www.floyd.ch/?p=874BMP"
            },
            {
              "name": "RHSA-2017:0225",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8870",
    "datePublished": "2016-12-06T18:00:00",
    "dateReserved": "2016-05-02T00:00:00",
    "dateUpdated": "2024-08-06T08:29:22.080Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-2595
Vulnerability from cvelistv5
Published
2010-07-01 18:00
Modified
2024-08-07 02:39
Severity ?
Summary
The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to "downsampled OJPEG input."
References
http://secunia.com/advisories/40527third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=oss-security&m=127731610612908&w=2mailing-list, x_refsource_MLIST
http://www.debian.org/security/2012/dsa-2552vendor-advisory, x_refsource_DEBIAN
http://blackberry.com/btsc/KB27244x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/1761vdb-entry, x_refsource_VUPEN
http://security.gentoo.org/glsa/glsa-201209-02.xmlvendor-advisory, x_refsource_GENTOO
http://bugzilla.maptools.org/show_bug.cgi?id=2208x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2010-0519.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/40422third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/50726third-party-advisory, x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=583081x_refsource_CONFIRM
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:39:37.569Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "40527",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40527"
          },
          {
            "name": "[oss-security] 20100623 CVE requests: LibTIFF",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=127731610612908\u0026w=2"
          },
          {
            "name": "DSA-2552",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2552"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blackberry.com/btsc/KB27244"
          },
          {
            "name": "ADV-2010-1761",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1761"
          },
          {
            "name": "GLSA-201209-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2208"
          },
          {
            "name": "RHSA-2010:0519",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0519.html"
          },
          {
            "name": "40422",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40422"
          },
          {
            "name": "50726",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50726"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=583081"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-06-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to \"downsampled OJPEG input.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-07-08T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "40527",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40527"
        },
        {
          "name": "[oss-security] 20100623 CVE requests: LibTIFF",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=127731610612908\u0026w=2"
        },
        {
          "name": "DSA-2552",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2552"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blackberry.com/btsc/KB27244"
        },
        {
          "name": "ADV-2010-1761",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1761"
        },
        {
          "name": "GLSA-201209-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2208"
        },
        {
          "name": "RHSA-2010:0519",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0519.html"
        },
        {
          "name": "40422",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40422"
        },
        {
          "name": "50726",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50726"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=583081"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-2595",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to \"downsampled OJPEG input.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "40527",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40527"
            },
            {
              "name": "[oss-security] 20100623 CVE requests: LibTIFF",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=oss-security\u0026m=127731610612908\u0026w=2"
            },
            {
              "name": "DSA-2552",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2552"
            },
            {
              "name": "http://blackberry.com/btsc/KB27244",
              "refsource": "CONFIRM",
              "url": "http://blackberry.com/btsc/KB27244"
            },
            {
              "name": "ADV-2010-1761",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/1761"
            },
            {
              "name": "GLSA-201209-02",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2208",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2208"
            },
            {
              "name": "RHSA-2010:0519",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0519.html"
            },
            {
              "name": "40422",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40422"
            },
            {
              "name": "50726",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50726"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=583081",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=583081"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-2595",
    "datePublished": "2010-07-01T18:00:00",
    "dateReserved": "2010-07-01T00:00:00",
    "dateUpdated": "2024-08-07T02:39:37.569Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-0795
Vulnerability from cvelistv5
Published
2023-02-13 00:00
Modified
2024-08-02 05:24
Summary
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
Impacted products
libtifflibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:24:34.311Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/493"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0795.json"
          },
          {
            "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"
          },
          {
            "name": "DSA-5361",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5361"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230316-0003/"
          },
          {
            "name": "GLSA-202305-31",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-31"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "libtiff",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c=4.4.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "wangdw.augustus@gmail.com"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bounds read in libtiff",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-30T00:00:00",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/493"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68"
        },
        {
          "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0795.json"
        },
        {
          "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"
        },
        {
          "name": "DSA-5361",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5361"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230316-0003/"
        },
        {
          "name": "GLSA-202305-31",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202305-31"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2023-0795",
    "datePublished": "2023-02-13T00:00:00",
    "dateReserved": "2023-02-12T00:00:00",
    "dateUpdated": "2024-08-02T05:24:34.311Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-3623
Vulnerability from cvelistv5
Published
2016-10-03 16:00
Modified
2024-08-06 00:03
Severity ?
Summary
The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0.
References
http://www.securityfocus.com/bid/85952vdb-entry, x_refsource_BID
http://bugzilla.maptools.org/show_bug.cgi?id=2569x_refsource_CONFIRM
https://security.gentoo.org/glsa/201701-16vendor-advisory, x_refsource_GENTOO
http://lists.opensuse.org/opensuse-updates/2016-09/msg00039.htmlvendor-advisory, x_refsource_SUSE
http://www.openwall.com/lists/oss-security/2016/04/08/3mailing-list, x_refsource_MLIST
http://www.debian.org/security/2017/dsa-3762vendor-advisory, x_refsource_DEBIAN
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:03:34.422Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "85952",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/85952"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2569"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "name": "openSUSE-SU-2016:2275",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00039.html"
          },
          {
            "name": "[oss-security] 20160408 CVE-2016-3623 libtiff: Divide By Zero in the rgb2ycbcr tool",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/04/08/3"
          },
          {
            "name": "DSA-3762",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3762"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-03T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "85952",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/85952"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2569"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "name": "openSUSE-SU-2016:2275",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00039.html"
        },
        {
          "name": "[oss-security] 20160408 CVE-2016-3623 libtiff: Divide By Zero in the rgb2ycbcr tool",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/04/08/3"
        },
        {
          "name": "DSA-3762",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3762"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-3623",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "85952",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/85952"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2569",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2569"
            },
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "openSUSE-SU-2016:2275",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00039.html"
            },
            {
              "name": "[oss-security] 20160408 CVE-2016-3623 libtiff: Divide By Zero in the rgb2ycbcr tool",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/04/08/3"
            },
            {
              "name": "DSA-3762",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3762"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-3623",
    "datePublished": "2016-10-03T16:00:00",
    "dateReserved": "2016-03-21T00:00:00",
    "dateUpdated": "2024-08-06T00:03:34.422Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-12944
Vulnerability from cvelistv5
Published
2017-08-18 15:00
Modified
2024-08-05 18:51
Severity ?
Summary
The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation.
References
https://usn.ubuntu.com/3606-1/vendor-advisory, x_refsource_UBUNTU
http://bugzilla.maptools.org/show_bug.cgi?id=2725x_refsource_CONFIRM
https://usn.ubuntu.com/3602-1/vendor-advisory, x_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4100vendor-advisory, x_refsource_DEBIAN
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:51:07.225Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3606-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3606-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2725"
          },
          {
            "name": "USN-3602-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3602-1/"
          },
          {
            "name": "DSA-4100",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4100"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-08-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-27T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3606-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3606-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2725"
        },
        {
          "name": "USN-3602-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3602-1/"
        },
        {
          "name": "DSA-4100",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4100"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-12944",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3606-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3606-1/"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2725",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2725"
            },
            {
              "name": "USN-3602-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3602-1/"
            },
            {
              "name": "DSA-4100",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4100"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-12944",
    "datePublished": "2017-08-18T15:00:00",
    "dateReserved": "2017-08-18T00:00:00",
    "dateUpdated": "2024-08-05T18:51:07.225Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-3632
Vulnerability from cvelistv5
Published
2016-09-21 18:00
Modified
2024-08-06 00:03
Severity ?
Summary
The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:03:34.364Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "name": "RHSA-2016:1547",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2549"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "name": "[oss-security] 20160408 CVE-2016-3632 - libtiff 4.0.6 illegel write",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/04/08/9"
          },
          {
            "name": "85953",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/85953"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "name": "RHSA-2016:1546",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
          },
          {
            "name": "85960",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/85960"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1325095"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "name": "RHSA-2016:1547",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2549"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "name": "[oss-security] 20160408 CVE-2016-3632 - libtiff 4.0.6 illegel write",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/04/08/9"
        },
        {
          "name": "85953",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/85953"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "name": "RHSA-2016:1546",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
        },
        {
          "name": "85960",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/85960"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1325095"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-3632",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "name": "RHSA-2016:1547",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2549",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2549"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "[oss-security] 20160408 CVE-2016-3632 - libtiff 4.0.6 illegel write",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/04/08/9"
            },
            {
              "name": "85953",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/85953"
            },
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "RHSA-2016:1546",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
            },
            {
              "name": "85960",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/85960"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1325095",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1325095"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-3632",
    "datePublished": "2016-09-21T18:00:00",
    "dateReserved": "2016-03-22T00:00:00",
    "dateUpdated": "2024-08-06T00:03:34.364Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-3465
Vulnerability from cvelistv5
Published
2006-08-03 01:00
Modified
2024-08-07 18:30
Severity ?
Summary
Unspecified vulnerability in the custom tag support for the TIFF library (libtiff) before 3.8.2 allows remote attackers to cause a denial of service (instability or crash) and execute arbitrary code via unknown vectors.
References
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-Pvendor-advisory, x_refsource_SGI
http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.htmlvendor-advisory, x_refsource_APPLE
http://secunia.com/advisories/21501third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9067vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/21537third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21632third-party-advisory, x_refsource_SECUNIA
http://www.gentoo.org/security/en/glsa/glsa-200608-07.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/21338third-party-advisory, x_refsource_SECUNIA
http://www.ubuntu.com/usn/usn-330-1vendor-advisory, x_refsource_UBUNTU
http://support.avaya.com/elmodocs2/security/ASA-2006-166.htmx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2006/3101vdb-entry, x_refsource_VUPEN
http://securitytracker.com/id?1016628vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/21253third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2006/dsa-1137vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/21370third-party-advisory, x_refsource_SECUNIA
http://securitytracker.com/id?1016671vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/21598third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2006-0648.htmlvendor-advisory, x_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDKSA-2006:137vendor-advisory, x_refsource_MANDRIVA
http://www.securityfocus.com/bid/19289vdb-entry, x_refsource_BID
http://www.vupen.com/english/advisories/2007/4034vdb-entry, x_refsource_VUPEN
http://www.us-cert.gov/cas/techalerts/TA06-214A.htmlthird-party-advisory, x_refsource_CERT
http://www.novell.com/linux/security/advisories/2006_44_libtiff.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/21290third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21274third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/3105vdb-entry, x_refsource_VUPEN
http://www.osvdb.org/27729vdb-entry, x_refsource_OSVDB
http://www.redhat.com/support/errata/RHSA-2006-0603.htmlvendor-advisory, x_refsource_REDHAT
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.ascvendor-advisory, x_refsource_SGI
http://secunia.com/advisories/21304third-party-advisory, x_refsource_SECUNIA
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600vendor-advisory, x_refsource_SLACKWARE
http://docs.info.apple.com/article.html?artnum=304063x_refsource_MISC
https://issues.rpath.com/browse/RPL-558x_refsource_CONFIRM
http://secunia.com/advisories/27832third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21346third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1vendor-advisory, x_refsource_SUNALERT
http://www.securityfocus.com/bid/19287vdb-entry, x_refsource_BID
http://secunia.com/advisories/21319third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21392third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21334third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22036third-party-advisory, x_refsource_SECUNIA
http://lwn.net/Alerts/194228/vendor-advisory, x_refsource_TRUSTIX
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1vendor-advisory, x_refsource_SUNALERT
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:30:33.913Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20060801-01-P",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"
          },
          {
            "name": "APPLE-SA-2006-08-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
          },
          {
            "name": "21501",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21501"
          },
          {
            "name": "oval:org.mitre.oval:def:9067",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9067"
          },
          {
            "name": "21537",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21537"
          },
          {
            "name": "21632",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21632"
          },
          {
            "name": "GLSA-200608-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml"
          },
          {
            "name": "21338",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21338"
          },
          {
            "name": "USN-330-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-330-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm"
          },
          {
            "name": "ADV-2006-3101",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3101"
          },
          {
            "name": "1016628",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016628"
          },
          {
            "name": "21253",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21253"
          },
          {
            "name": "DSA-1137",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1137"
          },
          {
            "name": "21370",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21370"
          },
          {
            "name": "1016671",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016671"
          },
          {
            "name": "21598",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21598"
          },
          {
            "name": "RHSA-2006:0648",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0648.html"
          },
          {
            "name": "MDKSA-2006:137",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:137"
          },
          {
            "name": "19289",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19289"
          },
          {
            "name": "ADV-2007-4034",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4034"
          },
          {
            "name": "TA06-214A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
          },
          {
            "name": "SUSE-SA:2006:044",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_44_libtiff.html"
          },
          {
            "name": "21290",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21290"
          },
          {
            "name": "21274",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21274"
          },
          {
            "name": "ADV-2006-3105",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3105"
          },
          {
            "name": "27729",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/27729"
          },
          {
            "name": "RHSA-2006:0603",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0603.html"
          },
          {
            "name": "20060901-01-P",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
          },
          {
            "name": "21304",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21304"
          },
          {
            "name": "SSA:2006-230-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.536600"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=304063"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-558"
          },
          {
            "name": "27832",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27832"
          },
          {
            "name": "21346",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21346"
          },
          {
            "name": "201331",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1"
          },
          {
            "name": "19287",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19287"
          },
          {
            "name": "21319",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21319"
          },
          {
            "name": "21392",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21392"
          },
          {
            "name": "21334",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21334"
          },
          {
            "name": "22036",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22036"
          },
          {
            "name": "2006-0044",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://lwn.net/Alerts/194228/"
          },
          {
            "name": "103160",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-08-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the custom tag support for the TIFF library (libtiff) before 3.8.2 allows remote attackers to cause a denial of service (instability or crash) and execute arbitrary code via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "20060801-01-P",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"
        },
        {
          "name": "APPLE-SA-2006-08-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
        },
        {
          "name": "21501",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21501"
        },
        {
          "name": "oval:org.mitre.oval:def:9067",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9067"
        },
        {
          "name": "21537",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21537"
        },
        {
          "name": "21632",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21632"
        },
        {
          "name": "GLSA-200608-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml"
        },
        {
          "name": "21338",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21338"
        },
        {
          "name": "USN-330-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-330-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm"
        },
        {
          "name": "ADV-2006-3101",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3101"
        },
        {
          "name": "1016628",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016628"
        },
        {
          "name": "21253",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21253"
        },
        {
          "name": "DSA-1137",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1137"
        },
        {
          "name": "21370",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21370"
        },
        {
          "name": "1016671",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016671"
        },
        {
          "name": "21598",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21598"
        },
        {
          "name": "RHSA-2006:0648",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0648.html"
        },
        {
          "name": "MDKSA-2006:137",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:137"
        },
        {
          "name": "19289",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19289"
        },
        {
          "name": "ADV-2007-4034",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4034"
        },
        {
          "name": "TA06-214A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
        },
        {
          "name": "SUSE-SA:2006:044",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_44_libtiff.html"
        },
        {
          "name": "21290",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21290"
        },
        {
          "name": "21274",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21274"
        },
        {
          "name": "ADV-2006-3105",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3105"
        },
        {
          "name": "27729",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/27729"
        },
        {
          "name": "RHSA-2006:0603",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0603.html"
        },
        {
          "name": "20060901-01-P",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
        },
        {
          "name": "21304",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21304"
        },
        {
          "name": "SSA:2006-230-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.536600"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=304063"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-558"
        },
        {
          "name": "27832",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27832"
        },
        {
          "name": "21346",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21346"
        },
        {
          "name": "201331",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1"
        },
        {
          "name": "19287",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19287"
        },
        {
          "name": "21319",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21319"
        },
        {
          "name": "21392",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21392"
        },
        {
          "name": "21334",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21334"
        },
        {
          "name": "22036",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22036"
        },
        {
          "name": "2006-0044",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://lwn.net/Alerts/194228/"
        },
        {
          "name": "103160",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2006-3465",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the custom tag support for the TIFF library (libtiff) before 3.8.2 allows remote attackers to cause a denial of service (instability or crash) and execute arbitrary code via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20060801-01-P",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"
            },
            {
              "name": "APPLE-SA-2006-08-01",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
            },
            {
              "name": "21501",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21501"
            },
            {
              "name": "oval:org.mitre.oval:def:9067",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9067"
            },
            {
              "name": "21537",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21537"
            },
            {
              "name": "21632",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21632"
            },
            {
              "name": "GLSA-200608-07",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml"
            },
            {
              "name": "21338",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21338"
            },
            {
              "name": "USN-330-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-330-1"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm"
            },
            {
              "name": "ADV-2006-3101",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3101"
            },
            {
              "name": "1016628",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016628"
            },
            {
              "name": "21253",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21253"
            },
            {
              "name": "DSA-1137",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1137"
            },
            {
              "name": "21370",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21370"
            },
            {
              "name": "1016671",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016671"
            },
            {
              "name": "21598",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21598"
            },
            {
              "name": "RHSA-2006:0648",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0648.html"
            },
            {
              "name": "MDKSA-2006:137",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:137"
            },
            {
              "name": "19289",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19289"
            },
            {
              "name": "ADV-2007-4034",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4034"
            },
            {
              "name": "TA06-214A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
            },
            {
              "name": "SUSE-SA:2006:044",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2006_44_libtiff.html"
            },
            {
              "name": "21290",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21290"
            },
            {
              "name": "21274",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21274"
            },
            {
              "name": "ADV-2006-3105",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3105"
            },
            {
              "name": "27729",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/27729"
            },
            {
              "name": "RHSA-2006:0603",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0603.html"
            },
            {
              "name": "20060901-01-P",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
            },
            {
              "name": "21304",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21304"
            },
            {
              "name": "SSA:2006-230-01",
              "refsource": "SLACKWARE",
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.536600"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=304063",
              "refsource": "MISC",
              "url": "http://docs.info.apple.com/article.html?artnum=304063"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-558",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-558"
            },
            {
              "name": "27832",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27832"
            },
            {
              "name": "21346",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21346"
            },
            {
              "name": "201331",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1"
            },
            {
              "name": "19287",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19287"
            },
            {
              "name": "21319",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21319"
            },
            {
              "name": "21392",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21392"
            },
            {
              "name": "21334",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21334"
            },
            {
              "name": "22036",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22036"
            },
            {
              "name": "2006-0044",
              "refsource": "TRUSTIX",
              "url": "http://lwn.net/Alerts/194228/"
            },
            {
              "name": "103160",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2006-3465",
    "datePublished": "2006-08-03T01:00:00",
    "dateReserved": "2006-07-10T00:00:00",
    "dateUpdated": "2024-08-07T18:30:33.913Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-2058
Vulnerability from cvelistv5
Published
2022-06-30 00:00
Modified
2024-08-03 00:24
Summary
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.
Impacted products
libtifflibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:24:44.171Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/428"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/346"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2058.json"
          },
          {
            "name": "FEDORA-2022-edf7301147",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TSS7MJ7OO7JO5BNKCRYSFU7UAYOKLA2/"
          },
          {
            "name": "FEDORA-2022-b9c2a3a2b7",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXUMJXVEAYFWRO3U3YHKSULHIVDOLEQS/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220826-0001/"
          },
          {
            "name": "[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
          },
          {
            "name": "DSA-5333",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5333"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "libtiff",
          "versions": [
            {
              "status": "affected",
              "version": "=4.4.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "wangdw.augustus@gmail.com"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Divide by zero in libtiff",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-30T00:00:00",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/428"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/346"
        },
        {
          "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2058.json"
        },
        {
          "name": "FEDORA-2022-edf7301147",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TSS7MJ7OO7JO5BNKCRYSFU7UAYOKLA2/"
        },
        {
          "name": "FEDORA-2022-b9c2a3a2b7",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXUMJXVEAYFWRO3U3YHKSULHIVDOLEQS/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220826-0001/"
        },
        {
          "name": "[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
        },
        {
          "name": "DSA-5333",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5333"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2022-2058",
    "datePublished": "2022-06-30T00:00:00",
    "dateReserved": "2022-06-13T00:00:00",
    "dateUpdated": "2024-08-03T00:24:44.171Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-2953
Vulnerability from cvelistv5
Published
2022-08-29 00:00
Modified
2024-08-03 00:53
Summary
LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8.
Impacted products
libtifflibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:53:00.658Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/414"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/commit/48d6ece8389b01129e7d357f0985c8f938ce3da3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2953.json"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20221014-0008/"
          },
          {
            "name": "DSA-5333",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5333"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "libtiff",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c=4.4.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "wangdw.augustus@gmail.com"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bounds read in libtiff",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-30T00:00:00",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/414"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/commit/48d6ece8389b01129e7d357f0985c8f938ce3da3"
        },
        {
          "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2953.json"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20221014-0008/"
        },
        {
          "name": "DSA-5333",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5333"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2022-2953",
    "datePublished": "2022-08-29T00:00:00",
    "dateReserved": "2022-08-22T00:00:00",
    "dateUpdated": "2024-08-03T00:53:00.658Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-11335
Vulnerability from cvelistv5
Published
2017-07-16 04:00
Modified
2024-08-05 18:05
Severity ?
Summary
There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack.
References
https://usn.ubuntu.com/3602-1/vendor-advisory, x_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4100vendor-advisory, x_refsource_DEBIAN
http://bugzilla.maptools.org/show_bug.cgi?id=2715x_refsource_MISC
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:05:30.579Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3602-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3602-1/"
          },
          {
            "name": "DSA-4100",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4100"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2715"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-07-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-21T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3602-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3602-1/"
        },
        {
          "name": "DSA-4100",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4100"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2715"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-11335",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3602-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3602-1/"
            },
            {
              "name": "DSA-4100",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4100"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2715",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2715"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-11335",
    "datePublished": "2017-07-16T04:00:00",
    "dateReserved": "2017-07-15T00:00:00",
    "dateUpdated": "2024-08-05T18:05:30.579Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-35521
Vulnerability from cvelistv5
Published
2021-03-09 19:16
Modified
2024-08-04 17:02
Severity ?
Summary
A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.
Impacted products
n/alibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:02:08.233Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932034"
          },
          {
            "name": "FEDORA-2021-1bf4f2f13a",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/"
          },
          {
            "name": "GLSA-202104-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202104-06"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210521-0009/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "libtiff 4.2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-21T08:06:31",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932034"
        },
        {
          "name": "FEDORA-2021-1bf4f2f13a",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/"
        },
        {
          "name": "GLSA-202104-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202104-06"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210521-0009/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-35521",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "libtiff",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "libtiff 4.2.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1932034",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932034"
            },
            {
              "name": "FEDORA-2021-1bf4f2f13a",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/"
            },
            {
              "name": "GLSA-202104-06",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202104-06"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210521-0009/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210521-0009/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-35521",
    "datePublished": "2021-03-09T19:16:30",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-04T17:02:08.233Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-10269
Vulnerability from cvelistv5
Published
2017-03-24 19:00
Modified
2024-08-06 03:14
Severity ?
Summary
LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6 and 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 512" and libtiff/tif_unix.c:340:2.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:14:42.921Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/"
          },
          {
            "name": "DSA-3844",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3844"
          },
          {
            "name": "USN-3602-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3602-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/vadz/libtiff/commit/1044b43637fa7f70fb19b93593777b78bd20da86"
          },
          {
            "name": "97201",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97201"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2016-10269"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-03-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6 and 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to \"READ of size 512\" and libtiff/tif_unix.c:340:2."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-16T20:21:22",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/"
        },
        {
          "name": "DSA-3844",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3844"
        },
        {
          "name": "USN-3602-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3602-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vadz/libtiff/commit/1044b43637fa7f70fb19b93593777b78bd20da86"
        },
        {
          "name": "97201",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97201"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2016-10269"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-10269",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6 and 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to \"READ of size 512\" and libtiff/tif_unix.c:340:2."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/",
              "refsource": "MISC",
              "url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/"
            },
            {
              "name": "DSA-3844",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3844"
            },
            {
              "name": "USN-3602-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3602-1/"
            },
            {
              "name": "https://github.com/vadz/libtiff/commit/1044b43637fa7f70fb19b93593777b78bd20da86",
              "refsource": "MISC",
              "url": "https://github.com/vadz/libtiff/commit/1044b43637fa7f70fb19b93593777b78bd20da86"
            },
            {
              "name": "97201",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97201"
            },
            {
              "name": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2016-10269",
              "refsource": "MISC",
              "url": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2016-10269"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-10269",
    "datePublished": "2017-03-24T19:00:00",
    "dateReserved": "2017-03-24T00:00:00",
    "dateUpdated": "2024-08-06T03:14:42.921Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-5323
Vulnerability from cvelistv5
Published
2017-01-20 15:00
Modified
2024-08-06 01:00
Severity ?
Summary
The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image.
References
http://www.securityfocus.com/bid/91196vdb-entry, x_refsource_BID
http://www.openwall.com/lists/oss-security/2016/06/15/6mailing-list, x_refsource_MLIST
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.htmlvendor-advisory, x_refsource_SUSE
https://security.gentoo.org/glsa/201701-16vendor-advisory, x_refsource_GENTOO
http://www.debian.org/security/2017/dsa-3762vendor-advisory, x_refsource_DEBIAN
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:00:58.584Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "91196",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91196"
          },
          {
            "name": "[oss-security] 20160615 CVE-2016-5323: libtiff 4.0.6 tiffcrop _TIFFFax3fillruns(): divide  by zero",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/15/6"
          },
          {
            "name": "openSUSE-SU-2016:3035",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "name": "DSA-3762",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3762"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-06-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-03T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "91196",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91196"
        },
        {
          "name": "[oss-security] 20160615 CVE-2016-5323: libtiff 4.0.6 tiffcrop _TIFFFax3fillruns(): divide  by zero",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/15/6"
        },
        {
          "name": "openSUSE-SU-2016:3035",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "name": "DSA-3762",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3762"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-5323",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "91196",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91196"
            },
            {
              "name": "[oss-security] 20160615 CVE-2016-5323: libtiff 4.0.6 tiffcrop _TIFFFax3fillruns(): divide  by zero",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/06/15/6"
            },
            {
              "name": "openSUSE-SU-2016:3035",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html"
            },
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "DSA-3762",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3762"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-5323",
    "datePublished": "2017-01-20T15:00:00",
    "dateReserved": "2016-06-06T00:00:00",
    "dateUpdated": "2024-08-06T01:00:58.584Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-9538
Vulnerability from cvelistv5
Published
2016-11-22 19:00
Modified
2024-08-06 02:50
Severity ?
Summary
tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:50:38.418Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "94753",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94753"
          },
          {
            "name": "94484",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94484"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/vadz/libtiff/commit/43c0b81a818640429317c80fea1e66771e85024b#diff-c8b4b355f9b5c06d585b23138e1c185f"
          },
          {
            "name": "DSA-3762",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3762"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-11-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-03T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "94753",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94753"
        },
        {
          "name": "94484",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94484"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vadz/libtiff/commit/43c0b81a818640429317c80fea1e66771e85024b#diff-c8b4b355f9b5c06d585b23138e1c185f"
        },
        {
          "name": "DSA-3762",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3762"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-9538",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "94753",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94753"
            },
            {
              "name": "94484",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94484"
            },
            {
              "name": "https://github.com/vadz/libtiff/commit/43c0b81a818640429317c80fea1e66771e85024b#diff-c8b4b355f9b5c06d585b23138e1c185f",
              "refsource": "CONFIRM",
              "url": "https://github.com/vadz/libtiff/commit/43c0b81a818640429317c80fea1e66771e85024b#diff-c8b4b355f9b5c06d585b23138e1c185f"
            },
            {
              "name": "DSA-3762",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3762"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-9538",
    "datePublished": "2016-11-22T19:00:00",
    "dateReserved": "2016-11-21T00:00:00",
    "dateUpdated": "2024-08-06T02:50:38.418Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-2057
Vulnerability from cvelistv5
Published
2022-06-30 00:00
Modified
2024-08-03 00:24
Summary
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.
Impacted products
libtifflibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:24:44.313Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/346"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/427"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2057.json"
          },
          {
            "name": "FEDORA-2022-edf7301147",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TSS7MJ7OO7JO5BNKCRYSFU7UAYOKLA2/"
          },
          {
            "name": "FEDORA-2022-b9c2a3a2b7",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXUMJXVEAYFWRO3U3YHKSULHIVDOLEQS/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220826-0001/"
          },
          {
            "name": "[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
          },
          {
            "name": "DSA-5333",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5333"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "libtiff",
          "versions": [
            {
              "status": "affected",
              "version": "=4.4.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "wangdw.augustus@gmail.com"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Divide by zero in libtiff",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-30T00:00:00",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/346"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/427"
        },
        {
          "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2057.json"
        },
        {
          "name": "FEDORA-2022-edf7301147",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TSS7MJ7OO7JO5BNKCRYSFU7UAYOKLA2/"
        },
        {
          "name": "FEDORA-2022-b9c2a3a2b7",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXUMJXVEAYFWRO3U3YHKSULHIVDOLEQS/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220826-0001/"
        },
        {
          "name": "[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
        },
        {
          "name": "DSA-5333",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5333"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2022-2057",
    "datePublished": "2022-06-30T00:00:00",
    "dateReserved": "2022-06-13T00:00:00",
    "dateUpdated": "2024-08-03T00:24:44.313Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-3087
Vulnerability from cvelistv5
Published
2010-09-28 17:00
Modified
2024-08-07 02:55
Severity ?
Summary
LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF image.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:55:46.603Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.novell.com/show_bug.cgi?id=624215"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blackberry.com/btsc/KB27244"
          },
          {
            "name": "GLSA-201209-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
          },
          {
            "name": "SUSE-SR:2010:017",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.novell.com/security/cve/CVE-2010-3087.html"
          },
          {
            "name": "50726",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50726"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-09-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-08-18T09:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.novell.com/show_bug.cgi?id=624215"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blackberry.com/btsc/KB27244"
        },
        {
          "name": "GLSA-201209-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
        },
        {
          "name": "SUSE-SR:2010:017",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.novell.com/security/cve/CVE-2010-3087.html"
        },
        {
          "name": "50726",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50726"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-3087",
    "datePublished": "2010-09-28T17:00:00",
    "dateReserved": "2010-08-20T00:00:00",
    "dateUpdated": "2024-08-07T02:55:46.603Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-18557
Vulnerability from cvelistv5
Published
2018-10-22 16:00
Modified
2024-08-05 11:15
Severity ?
Summary
LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:15:59.646Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3864-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3864-1/"
          },
          {
            "name": "DSA-4349",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4349"
          },
          {
            "name": "45694",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/45694/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/merge_requests/38"
          },
          {
            "name": "[debian-lts-announce] 20181028 [SECURITY] [DLA 1557-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00019.html"
          },
          {
            "name": "USN-3906-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3906-2/"
          },
          {
            "name": "GLSA-201904-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201904-15"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/commit/681748ec2f5ce88da5f9fa6831e1653e46af8a66"
          },
          {
            "name": "RHSA-2019:2053",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2053"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-18557"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-10-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-05T17:55:42",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3864-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3864-1/"
        },
        {
          "name": "DSA-4349",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4349"
        },
        {
          "name": "45694",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/45694/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/libtiff/libtiff/merge_requests/38"
        },
        {
          "name": "[debian-lts-announce] 20181028 [SECURITY] [DLA 1557-1] tiff security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00019.html"
        },
        {
          "name": "USN-3906-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3906-2/"
        },
        {
          "name": "GLSA-201904-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201904-15"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/libtiff/libtiff/commit/681748ec2f5ce88da5f9fa6831e1653e46af8a66"
        },
        {
          "name": "RHSA-2019:2053",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2053"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-18557"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-18557",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3864-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3864-1/"
            },
            {
              "name": "DSA-4349",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4349"
            },
            {
              "name": "45694",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/45694/"
            },
            {
              "name": "https://gitlab.com/libtiff/libtiff/merge_requests/38",
              "refsource": "MISC",
              "url": "https://gitlab.com/libtiff/libtiff/merge_requests/38"
            },
            {
              "name": "[debian-lts-announce] 20181028 [SECURITY] [DLA 1557-1] tiff security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00019.html"
            },
            {
              "name": "USN-3906-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3906-2/"
            },
            {
              "name": "GLSA-201904-15",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201904-15"
            },
            {
              "name": "https://gitlab.com/libtiff/libtiff/commit/681748ec2f5ce88da5f9fa6831e1653e46af8a66",
              "refsource": "MISC",
              "url": "https://gitlab.com/libtiff/libtiff/commit/681748ec2f5ce88da5f9fa6831e1653e46af8a66"
            },
            {
              "name": "RHSA-2019:2053",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2053"
            },
            {
              "name": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-18557",
              "refsource": "MISC",
              "url": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-18557"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-18557",
    "datePublished": "2018-10-22T16:00:00",
    "dateReserved": "2018-10-22T00:00:00",
    "dateUpdated": "2024-08-05T11:15:59.646Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-3316
Vulnerability from cvelistv5
Published
2023-06-19 11:10
Modified
2024-08-02 06:55
Summary
A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.
Impacted products
libtifflibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:55:02.573Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://research.jfrog.com/vulnerabilities/libtiff-nullderef-dos-xray-522144/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/515"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/468"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "libtiff",
          "vendor": "libtiff",
          "versions": [
            {
              "lessThan": "4.5.1",
              "status": "affected",
              "version": "3.9.0",
              "versionType": "git"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.\u003c/p\u003e"
            }
          ],
          "value": "A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-19T11:10:41.964Z",
        "orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
        "shortName": "JFROG"
      },
      "references": [
        {
          "url": "https://research.jfrog.com/vulnerabilities/libtiff-nullderef-dos-xray-522144/"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/515"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/468"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones."
    }
  },
  "cveMetadata": {
    "assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
    "assignerShortName": "JFROG",
    "cveId": "CVE-2023-3316",
    "datePublished": "2023-06-19T11:10:41.964Z",
    "dateReserved": "2023-06-19T10:42:23.466Z",
    "dateUpdated": "2024-08-02T06:55:02.573Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-7597
Vulnerability from cvelistv5
Published
2017-04-09 14:00
Modified
2024-08-05 16:04
Severity ?
Summary
tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
References
https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashesx_refsource_MISC
http://www.debian.org/security/2017/dsa-3844vendor-advisory, x_refsource_DEBIAN
https://security.gentoo.org/glsa/201709-27vendor-advisory, x_refsource_GENTOO
https://usn.ubuntu.com/3602-1/vendor-advisory, x_refsource_UBUNTU
http://www.securityfocus.com/bid/97504vdb-entry, x_refsource_BID
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:04:12.032Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes"
          },
          {
            "name": "DSA-3844",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3844"
          },
          {
            "name": "GLSA-201709-27",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-27"
          },
          {
            "name": "USN-3602-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3602-1/"
          },
          {
            "name": "97504",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97504"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-04-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "tif_dirread.c in LibTIFF 4.0.7 has an \"outside the range of representable values of type float\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-21T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes"
        },
        {
          "name": "DSA-3844",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3844"
        },
        {
          "name": "GLSA-201709-27",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-27"
        },
        {
          "name": "USN-3602-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3602-1/"
        },
        {
          "name": "97504",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97504"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-7597",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "tif_dirread.c in LibTIFF 4.0.7 has an \"outside the range of representable values of type float\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes",
              "refsource": "MISC",
              "url": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes"
            },
            {
              "name": "DSA-3844",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3844"
            },
            {
              "name": "GLSA-201709-27",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-27"
            },
            {
              "name": "USN-3602-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3602-1/"
            },
            {
              "name": "97504",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97504"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-7597",
    "datePublished": "2017-04-09T14:00:00",
    "dateReserved": "2017-04-09T00:00:00",
    "dateUpdated": "2024-08-05T16:04:12.032Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-9535
Vulnerability from cvelistv5
Published
2016-11-22 19:00
Modified
2024-08-06 02:50
Severity ?
Summary
tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:50:38.565Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-3844",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3844"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33"
          },
          {
            "name": "RHSA-2017:0225",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html"
          },
          {
            "name": "94744",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94744"
          },
          {
            "name": "94484",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94484"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-11-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka \"Predictor heap-buffer-overflow.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-3844",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3844"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33"
        },
        {
          "name": "RHSA-2017:0225",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html"
        },
        {
          "name": "94744",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94744"
        },
        {
          "name": "94484",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94484"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-9535",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka \"Predictor heap-buffer-overflow.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-3844",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3844"
            },
            {
              "name": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1",
              "refsource": "CONFIRM",
              "url": "https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1"
            },
            {
              "name": "https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33",
              "refsource": "CONFIRM",
              "url": "https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33"
            },
            {
              "name": "RHSA-2017:0225",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html"
            },
            {
              "name": "94744",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94744"
            },
            {
              "name": "94484",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94484"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-9535",
    "datePublished": "2016-11-22T19:00:00",
    "dateReserved": "2016-11-21T00:00:00",
    "dateUpdated": "2024-08-06T02:50:38.565Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-5225
Vulnerability from cvelistv5
Published
2017-01-12 11:00
Modified
2024-08-05 14:55
Severity ?
Summary
LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:55:35.558Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-3844",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3844"
          },
          {
            "name": "GLSA-201709-27",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-27"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2656"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2657"
          },
          {
            "name": "1037911",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037911"
          },
          {
            "name": "95413",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95413"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/vadz/libtiff/commit/5c080298d59efa53264d7248bbe3a04660db6ef7"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-01-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-03T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-3844",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3844"
        },
        {
          "name": "GLSA-201709-27",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-27"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2656"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2657"
        },
        {
          "name": "1037911",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037911"
        },
        {
          "name": "95413",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95413"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vadz/libtiff/commit/5c080298d59efa53264d7248bbe3a04660db6ef7"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-5225",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-3844",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3844"
            },
            {
              "name": "GLSA-201709-27",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-27"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2656",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2656"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2657",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2657"
            },
            {
              "name": "1037911",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037911"
            },
            {
              "name": "95413",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95413"
            },
            {
              "name": "https://github.com/vadz/libtiff/commit/5c080298d59efa53264d7248bbe3a04660db6ef7",
              "refsource": "CONFIRM",
              "url": "https://github.com/vadz/libtiff/commit/5c080298d59efa53264d7248bbe3a04660db6ef7"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-5225",
    "datePublished": "2017-01-12T11:00:00",
    "dateReserved": "2017-01-09T00:00:00",
    "dateUpdated": "2024-08-05T14:55:35.558Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-5563
Vulnerability from cvelistv5
Published
2017-01-23 06:49
Modified
2024-08-05 15:04
Severity ?
Summary
LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff.
References
http://bugzilla.maptools.org/show_bug.cgi?id=2664x_refsource_MISC
https://security.gentoo.org/glsa/201709-27vendor-advisory, x_refsource_GENTOO
https://usn.ubuntu.com/3606-1/vendor-advisory, x_refsource_UBUNTU
http://www.securityfocus.com/bid/95705vdb-entry, x_refsource_BID
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:04:15.341Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2664"
          },
          {
            "name": "GLSA-201709-27",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-27"
          },
          {
            "name": "USN-3606-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3606-1/"
          },
          {
            "name": "95705",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95705"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-01-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-27T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2664"
        },
        {
          "name": "GLSA-201709-27",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-27"
        },
        {
          "name": "USN-3606-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3606-1/"
        },
        {
          "name": "95705",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95705"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-5563",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2664",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2664"
            },
            {
              "name": "GLSA-201709-27",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-27"
            },
            {
              "name": "USN-3606-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3606-1/"
            },
            {
              "name": "95705",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95705"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-5563",
    "datePublished": "2017-01-23T06:49:00",
    "dateReserved": "2017-01-22T00:00:00",
    "dateUpdated": "2024-08-05T15:04:15.341Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-2631
Vulnerability from cvelistv5
Published
2010-07-06 15:00
Modified
2024-08-07 02:39
Severity ?
Summary
LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during the second stage, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.
References
http://bugzilla.maptools.org/show_bug.cgi?id=2210x_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-201209-02.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/50726third-party-advisory, x_refsource_SECUNIA
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:39:37.668Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2210"
          },
          {
            "name": "GLSA-201209-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
          },
          {
            "name": "50726",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50726"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-06-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during the second stage, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-05-15T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2210"
        },
        {
          "name": "GLSA-201209-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
        },
        {
          "name": "50726",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50726"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-2631",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during the second stage, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2210",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2210"
            },
            {
              "name": "GLSA-201209-02",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
            },
            {
              "name": "50726",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50726"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-2631",
    "datePublished": "2010-07-06T15:00:00",
    "dateReserved": "2010-07-06T00:00:00",
    "dateUpdated": "2024-08-07T02:39:37.668Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-9537
Vulnerability from cvelistv5
Published
2016-11-22 19:00
Modified
2024-08-06 02:50
Severity ?
Summary
tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096, and MSVR 35097.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:50:38.436Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "94746",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94746"
          },
          {
            "name": "RHSA-2017:0225",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html"
          },
          {
            "name": "94484",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94484"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-c8b4b355f9b5c06d585b23138e1c185f"
          },
          {
            "name": "DSA-3762",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3762"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-11-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096, and MSVR 35097."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "94746",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94746"
        },
        {
          "name": "RHSA-2017:0225",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html"
        },
        {
          "name": "94484",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94484"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-c8b4b355f9b5c06d585b23138e1c185f"
        },
        {
          "name": "DSA-3762",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3762"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-9537",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096, and MSVR 35097."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "94746",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94746"
            },
            {
              "name": "RHSA-2017:0225",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html"
            },
            {
              "name": "94484",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94484"
            },
            {
              "name": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-c8b4b355f9b5c06d585b23138e1c185f",
              "refsource": "CONFIRM",
              "url": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-c8b4b355f9b5c06d585b23138e1c185f"
            },
            {
              "name": "DSA-3762",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3762"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-9537",
    "datePublished": "2016-11-22T19:00:00",
    "dateReserved": "2016-11-21T00:00:00",
    "dateUpdated": "2024-08-06T02:50:38.436Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-35522
Vulnerability from cvelistv5
Published
2021-03-09 19:16
Modified
2024-08-04 17:02
Severity ?
Summary
In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.
Impacted products
n/alibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:02:08.127Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932037"
          },
          {
            "name": "FEDORA-2021-1bf4f2f13a",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/"
          },
          {
            "name": "GLSA-202104-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202104-06"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210521-0009/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "libtiff 4.2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-21T08:06:30",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932037"
        },
        {
          "name": "FEDORA-2021-1bf4f2f13a",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/"
        },
        {
          "name": "GLSA-202104-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202104-06"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210521-0009/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-35522",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "libtiff",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "libtiff 4.2.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1932037",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932037"
            },
            {
              "name": "FEDORA-2021-1bf4f2f13a",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/"
            },
            {
              "name": "GLSA-202104-06",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202104-06"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210521-0009/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210521-0009/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-35522",
    "datePublished": "2021-03-09T19:16:54",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-04T17:02:08.127Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-16335
Vulnerability from cvelistv5
Published
2018-09-02 03:00
Modified
2024-08-05 10:24
Severity ?
Summary
newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209.
References
https://www.debian.org/security/2018/dsa-4349vendor-advisory, x_refsource_DEBIAN
http://bugzilla.maptools.org/show_bug.cgi?id=2809x_refsource_MISC
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T10:24:31.591Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4349",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4349"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2809"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-09-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-01T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-4349",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4349"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2809"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-16335",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4349",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4349"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2809",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2809"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-16335",
    "datePublished": "2018-09-02T03:00:00",
    "dateReserved": "2018-09-01T00:00:00",
    "dateUpdated": "2024-08-05T10:24:31.591Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-2869
Vulnerability from cvelistv5
Published
2022-08-17 00:00
Modified
2024-08-03 00:52
Severity ?
Summary
libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation.
Impacted products
n/alibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:52:59.054Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118869"
          },
          {
            "name": "[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
          },
          {
            "name": "DSA-5333",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5333"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "libtiff 4.4.0rc1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "libtiff\u0027s tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-191",
              "description": "CWE-191-\u003e(CWE-125|CWE-787)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-30T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118869"
        },
        {
          "name": "[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
        },
        {
          "name": "DSA-5333",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5333"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-2869",
    "datePublished": "2022-08-17T00:00:00",
    "dateReserved": "2022-08-17T00:00:00",
    "dateUpdated": "2024-08-03T00:52:59.054Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-7456
Vulnerability from cvelistv5
Published
2018-02-24 06:00
Modified
2024-08-05 06:24
Severity ?
Summary
A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:24:12.048Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20180416 [SECURITY] [DLA 1347-1] tiff3 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00011.html"
          },
          {
            "name": "USN-3864-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3864-1/"
          },
          {
            "name": "DSA-4349",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4349"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/xiaoqx/pocs/tree/master/libtiff"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2778"
          },
          {
            "name": "[debian-lts-announce] 20180702 [SECURITY] [DLA 1411-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html"
          },
          {
            "name": "[debian-lts-announce] 20180416 [SECURITY] [DLA 1346-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00010.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/commit/be4c85b16e8801a16eec25e80eb9f3dd6a96731b"
          },
          {
            "name": "RHSA-2019:2051",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2051"
          },
          {
            "name": "RHSA-2019:2053",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2053"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-02-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-29T19:42:18",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20180416 [SECURITY] [DLA 1347-1] tiff3 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00011.html"
        },
        {
          "name": "USN-3864-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3864-1/"
        },
        {
          "name": "DSA-4349",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4349"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/xiaoqx/pocs/tree/master/libtiff"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2778"
        },
        {
          "name": "[debian-lts-announce] 20180702 [SECURITY] [DLA 1411-1] tiff security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html"
        },
        {
          "name": "[debian-lts-announce] 20180416 [SECURITY] [DLA 1346-1] tiff security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00010.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://gitlab.com/libtiff/libtiff/commit/be4c85b16e8801a16eec25e80eb9f3dd6a96731b"
        },
        {
          "name": "RHSA-2019:2051",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2051"
        },
        {
          "name": "RHSA-2019:2053",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2053"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-7456",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20180416 [SECURITY] [DLA 1347-1] tiff3 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00011.html"
            },
            {
              "name": "USN-3864-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3864-1/"
            },
            {
              "name": "DSA-4349",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4349"
            },
            {
              "name": "https://github.com/xiaoqx/pocs/tree/master/libtiff",
              "refsource": "MISC",
              "url": "https://github.com/xiaoqx/pocs/tree/master/libtiff"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2778",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2778"
            },
            {
              "name": "[debian-lts-announce] 20180702 [SECURITY] [DLA 1411-1] tiff security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html"
            },
            {
              "name": "[debian-lts-announce] 20180416 [SECURITY] [DLA 1346-1] tiff security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00010.html"
            },
            {
              "name": "https://gitlab.com/libtiff/libtiff/commit/be4c85b16e8801a16eec25e80eb9f3dd6a96731b",
              "refsource": "CONFIRM",
              "url": "https://gitlab.com/libtiff/libtiff/commit/be4c85b16e8801a16eec25e80eb9f3dd6a96731b"
            },
            {
              "name": "RHSA-2019:2051",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2051"
            },
            {
              "name": "RHSA-2019:2053",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2053"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-7456",
    "datePublished": "2018-02-24T06:00:00",
    "dateReserved": "2018-02-23T00:00:00",
    "dateUpdated": "2024-08-05T06:24:12.048Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-3461
Vulnerability from cvelistv5
Published
2006-08-03 01:00
Modified
2024-08-07 18:30
Severity ?
Summary
Heap-based buffer overflow in the PixarLog decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors.
References
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-Pvendor-advisory, x_refsource_SGI
http://www.osvdb.org/27725vdb-entry, x_refsource_OSVDB
http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.htmlvendor-advisory, x_refsource_APPLE
http://www.vupen.com/english/advisories/2007/3486vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/21501third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/19290vdb-entry, x_refsource_BID
http://secunia.com/advisories/21537third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21632third-party-advisory, x_refsource_SECUNIA
http://www.gentoo.org/security/en/glsa/glsa-200608-07.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/21338third-party-advisory, x_refsource_SECUNIA
http://www.ubuntu.com/usn/usn-330-1vendor-advisory, x_refsource_UBUNTU
http://support.avaya.com/elmodocs2/security/ASA-2006-166.htmx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2006/3101vdb-entry, x_refsource_VUPEN
http://securitytracker.com/id?1016628vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/21253third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2006/dsa-1137vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/21370third-party-advisory, x_refsource_SECUNIA
http://securitytracker.com/id?1016671vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/21598third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2006-0648.htmlvendor-advisory, x_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDKSA-2006:137vendor-advisory, x_refsource_MANDRIVA
http://www.securityfocus.com/bid/19289vdb-entry, x_refsource_BID
http://secunia.com/advisories/27222third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/4034vdb-entry, x_refsource_VUPEN
http://www.us-cert.gov/cas/techalerts/TA06-214A.htmlthird-party-advisory, x_refsource_CERT
http://www.novell.com/linux/security/advisories/2006_44_libtiff.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/21290third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21274third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/3105vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/27181third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2006-0603.htmlvendor-advisory, x_refsource_REDHAT
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.ascvendor-advisory, x_refsource_SGI
http://secunia.com/advisories/21304third-party-advisory, x_refsource_SECUNIA
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600vendor-advisory, x_refsource_SLACKWARE
https://issues.rpath.com/browse/RPL-558x_refsource_CONFIRM
http://secunia.com/advisories/27832third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21346third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1vendor-advisory, x_refsource_SUNALERT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9910vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/21319third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21392third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21334third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22036third-party-advisory, x_refsource_SECUNIA
http://lwn.net/Alerts/194228/vendor-advisory, x_refsource_TRUSTIX
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1vendor-advisory, x_refsource_SUNALERT
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:30:33.565Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20060801-01-P",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"
          },
          {
            "name": "27725",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/27725"
          },
          {
            "name": "APPLE-SA-2006-08-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
          },
          {
            "name": "ADV-2007-3486",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3486"
          },
          {
            "name": "21501",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21501"
          },
          {
            "name": "19290",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19290"
          },
          {
            "name": "21537",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21537"
          },
          {
            "name": "21632",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21632"
          },
          {
            "name": "GLSA-200608-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml"
          },
          {
            "name": "21338",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21338"
          },
          {
            "name": "USN-330-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-330-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm"
          },
          {
            "name": "ADV-2006-3101",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3101"
          },
          {
            "name": "1016628",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016628"
          },
          {
            "name": "21253",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21253"
          },
          {
            "name": "DSA-1137",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1137"
          },
          {
            "name": "21370",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21370"
          },
          {
            "name": "1016671",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016671"
          },
          {
            "name": "21598",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21598"
          },
          {
            "name": "RHSA-2006:0648",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0648.html"
          },
          {
            "name": "MDKSA-2006:137",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:137"
          },
          {
            "name": "19289",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19289"
          },
          {
            "name": "27222",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27222"
          },
          {
            "name": "ADV-2007-4034",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4034"
          },
          {
            "name": "TA06-214A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
          },
          {
            "name": "SUSE-SA:2006:044",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_44_libtiff.html"
          },
          {
            "name": "21290",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21290"
          },
          {
            "name": "21274",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21274"
          },
          {
            "name": "ADV-2006-3105",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3105"
          },
          {
            "name": "27181",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27181"
          },
          {
            "name": "RHSA-2006:0603",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0603.html"
          },
          {
            "name": "20060901-01-P",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
          },
          {
            "name": "21304",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21304"
          },
          {
            "name": "SSA:2006-230-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.536600"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-558"
          },
          {
            "name": "27832",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27832"
          },
          {
            "name": "21346",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21346"
          },
          {
            "name": "201331",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1"
          },
          {
            "name": "oval:org.mitre.oval:def:9910",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9910"
          },
          {
            "name": "21319",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21319"
          },
          {
            "name": "21392",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21392"
          },
          {
            "name": "21334",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21334"
          },
          {
            "name": "22036",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22036"
          },
          {
            "name": "2006-0044",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://lwn.net/Alerts/194228/"
          },
          {
            "name": "103160",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-08-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the PixarLog decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "20060801-01-P",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"
        },
        {
          "name": "27725",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/27725"
        },
        {
          "name": "APPLE-SA-2006-08-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
        },
        {
          "name": "ADV-2007-3486",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3486"
        },
        {
          "name": "21501",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21501"
        },
        {
          "name": "19290",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19290"
        },
        {
          "name": "21537",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21537"
        },
        {
          "name": "21632",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21632"
        },
        {
          "name": "GLSA-200608-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml"
        },
        {
          "name": "21338",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21338"
        },
        {
          "name": "USN-330-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-330-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm"
        },
        {
          "name": "ADV-2006-3101",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3101"
        },
        {
          "name": "1016628",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016628"
        },
        {
          "name": "21253",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21253"
        },
        {
          "name": "DSA-1137",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1137"
        },
        {
          "name": "21370",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21370"
        },
        {
          "name": "1016671",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016671"
        },
        {
          "name": "21598",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21598"
        },
        {
          "name": "RHSA-2006:0648",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0648.html"
        },
        {
          "name": "MDKSA-2006:137",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:137"
        },
        {
          "name": "19289",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19289"
        },
        {
          "name": "27222",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27222"
        },
        {
          "name": "ADV-2007-4034",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4034"
        },
        {
          "name": "TA06-214A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
        },
        {
          "name": "SUSE-SA:2006:044",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_44_libtiff.html"
        },
        {
          "name": "21290",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21290"
        },
        {
          "name": "21274",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21274"
        },
        {
          "name": "ADV-2006-3105",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3105"
        },
        {
          "name": "27181",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27181"
        },
        {
          "name": "RHSA-2006:0603",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0603.html"
        },
        {
          "name": "20060901-01-P",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
        },
        {
          "name": "21304",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21304"
        },
        {
          "name": "SSA:2006-230-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.536600"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-558"
        },
        {
          "name": "27832",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27832"
        },
        {
          "name": "21346",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21346"
        },
        {
          "name": "201331",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1"
        },
        {
          "name": "oval:org.mitre.oval:def:9910",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9910"
        },
        {
          "name": "21319",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21319"
        },
        {
          "name": "21392",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21392"
        },
        {
          "name": "21334",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21334"
        },
        {
          "name": "22036",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22036"
        },
        {
          "name": "2006-0044",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://lwn.net/Alerts/194228/"
        },
        {
          "name": "103160",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2006-3461",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in the PixarLog decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20060801-01-P",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"
            },
            {
              "name": "27725",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/27725"
            },
            {
              "name": "APPLE-SA-2006-08-01",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
            },
            {
              "name": "ADV-2007-3486",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3486"
            },
            {
              "name": "21501",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21501"
            },
            {
              "name": "19290",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19290"
            },
            {
              "name": "21537",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21537"
            },
            {
              "name": "21632",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21632"
            },
            {
              "name": "GLSA-200608-07",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml"
            },
            {
              "name": "21338",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21338"
            },
            {
              "name": "USN-330-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-330-1"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm"
            },
            {
              "name": "ADV-2006-3101",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3101"
            },
            {
              "name": "1016628",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016628"
            },
            {
              "name": "21253",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21253"
            },
            {
              "name": "DSA-1137",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1137"
            },
            {
              "name": "21370",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21370"
            },
            {
              "name": "1016671",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016671"
            },
            {
              "name": "21598",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21598"
            },
            {
              "name": "RHSA-2006:0648",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0648.html"
            },
            {
              "name": "MDKSA-2006:137",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:137"
            },
            {
              "name": "19289",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19289"
            },
            {
              "name": "27222",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27222"
            },
            {
              "name": "ADV-2007-4034",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4034"
            },
            {
              "name": "TA06-214A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
            },
            {
              "name": "SUSE-SA:2006:044",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2006_44_libtiff.html"
            },
            {
              "name": "21290",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21290"
            },
            {
              "name": "21274",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21274"
            },
            {
              "name": "ADV-2006-3105",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3105"
            },
            {
              "name": "27181",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27181"
            },
            {
              "name": "RHSA-2006:0603",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0603.html"
            },
            {
              "name": "20060901-01-P",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
            },
            {
              "name": "21304",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21304"
            },
            {
              "name": "SSA:2006-230-01",
              "refsource": "SLACKWARE",
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.536600"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-558",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-558"
            },
            {
              "name": "27832",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27832"
            },
            {
              "name": "21346",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21346"
            },
            {
              "name": "201331",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1"
            },
            {
              "name": "oval:org.mitre.oval:def:9910",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9910"
            },
            {
              "name": "21319",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21319"
            },
            {
              "name": "21392",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21392"
            },
            {
              "name": "21334",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21334"
            },
            {
              "name": "22036",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22036"
            },
            {
              "name": "2006-0044",
              "refsource": "TRUSTIX",
              "url": "http://lwn.net/Alerts/194228/"
            },
            {
              "name": "103160",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2006-3461",
    "datePublished": "2006-08-03T01:00:00",
    "dateReserved": "2006-07-10T00:00:00",
    "dateUpdated": "2024-08-07T18:30:33.565Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-17095
Vulnerability from cvelistv5
Published
2017-12-02 06:00
Modified
2024-08-05 20:43
Severity ?
Summary
tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.
References
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:43:59.318Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3606-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3606-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2750"
          },
          {
            "name": "43322",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/43322/"
          },
          {
            "name": "DSA-4349",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4349"
          },
          {
            "name": "102124",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102124"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2017/11/30/3"
          },
          {
            "name": "[debian-lts-announce] 20191126 [SECURITY] [DLA 2009-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html"
          },
          {
            "name": "GLSA-202003-25",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-25"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-12-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-15T16:06:03",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3606-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3606-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2750"
        },
        {
          "name": "43322",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/43322/"
        },
        {
          "name": "DSA-4349",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4349"
        },
        {
          "name": "102124",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102124"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2017/11/30/3"
        },
        {
          "name": "[debian-lts-announce] 20191126 [SECURITY] [DLA 2009-1] tiff security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html"
        },
        {
          "name": "GLSA-202003-25",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202003-25"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-17095",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3606-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3606-1/"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2750",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2750"
            },
            {
              "name": "43322",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/43322/"
            },
            {
              "name": "DSA-4349",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4349"
            },
            {
              "name": "102124",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102124"
            },
            {
              "name": "http://www.openwall.com/lists/oss-security/2017/11/30/3",
              "refsource": "MISC",
              "url": "http://www.openwall.com/lists/oss-security/2017/11/30/3"
            },
            {
              "name": "[debian-lts-announce] 20191126 [SECURITY] [DLA 2009-1] tiff security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html"
            },
            {
              "name": "GLSA-202003-25",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202003-25"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-17095",
    "datePublished": "2017-12-02T06:00:00",
    "dateReserved": "2017-12-02T00:00:00",
    "dateUpdated": "2024-08-05T20:43:59.318Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-9536
Vulnerability from cvelistv5
Published
2016-11-22 19:00
Modified
2024-08-06 02:50
Severity ?
Summary
tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka "t2p_process_jpeg_strip heap-buffer-overflow."
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:50:38.569Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:0225",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html"
          },
          {
            "name": "94484",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94484"
          },
          {
            "name": "DSA-3762",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3762"
          },
          {
            "name": "94745",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94745"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5173a9b3b48146e4fd86d7b9b346115e"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-11-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka \"t2p_process_jpeg_strip heap-buffer-overflow.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2017:0225",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html"
        },
        {
          "name": "94484",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94484"
        },
        {
          "name": "DSA-3762",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3762"
        },
        {
          "name": "94745",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94745"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5173a9b3b48146e4fd86d7b9b346115e"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-9536",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka \"t2p_process_jpeg_strip heap-buffer-overflow.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:0225",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0225.html"
            },
            {
              "name": "94484",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94484"
            },
            {
              "name": "DSA-3762",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3762"
            },
            {
              "name": "94745",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94745"
            },
            {
              "name": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5173a9b3b48146e4fd86d7b9b346115e",
              "refsource": "CONFIRM",
              "url": "https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5173a9b3b48146e4fd86d7b9b346115e"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-9536",
    "datePublished": "2016-11-22T19:00:00",
    "dateReserved": "2016-11-21T00:00:00",
    "dateUpdated": "2024-08-06T02:50:38.569Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-3164
Vulnerability from cvelistv5
Published
2023-11-02 11:26
Modified
2024-10-11 17:04
Summary
Heap-buffer-overflow in extractimagesection()
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:48:08.047Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-3164"
          },
          {
            "name": "RHBZ#2213531",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213531"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/542"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3164",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2023-12-08T17:05:44.992035Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-11T17:04:00.410Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "libtiff",
          "vendor": "n/a"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "affected",
          "packageName": "compat-libtiff3",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "affected",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "compat-libtiff3",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://packages.fedoraproject.org/",
          "defaultStatus": "affected",
          "packageName": "mingw-libtiff",
          "product": "Fedora",
          "vendor": "Fedora"
        },
        {
          "collectionURL": "https://packages.fedoraproject.org/",
          "defaultStatus": "affected",
          "packageName": "libtiff",
          "product": "Fedora",
          "vendor": "Fedora"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank haolaiwei187@gmail.com for reporting this issue."
        }
      ],
      "datePublic": "2023-04-03T00:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-08T11:23:19.581Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-3164"
        },
        {
          "name": "RHBZ#2213531",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213531"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/542"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-06-08T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-04-03T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Heap-buffer-overflow in extractimagesection()",
      "x_redhatCweChain": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-3164",
    "datePublished": "2023-11-02T11:26:28.533Z",
    "dateReserved": "2023-06-08T13:31:04.848Z",
    "dateUpdated": "2024-10-11T17:04:00.410Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-5315
Vulnerability from cvelistv5
Published
2017-03-07 15:00
Modified
2024-08-06 01:01
Severity ?
Summary
The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.
References
http://www.securityfocus.com/bid/91204vdb-entry, x_refsource_BID
http://www.openwall.com/lists/oss-security/2016/06/15/2mailing-list, x_refsource_MLIST
https://security.gentoo.org/glsa/201701-16vendor-advisory, x_refsource_GENTOO
https://bugzilla.redhat.com/show_bug.cgi?id=1346694x_refsource_CONFIRM
http://www.debian.org/security/2017/dsa-3762vendor-advisory, x_refsource_DEBIAN
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:01:00.074Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "91204",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91204"
          },
          {
            "name": "[oss-security] 20160615 CVE-2016-5315: libtiff 4.0.6 tif_dir.c: setByteArray() Read access violation",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/15/2"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346694"
          },
          {
            "name": "DSA-3762",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3762"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-06-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-03-07T12:57:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "91204",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91204"
        },
        {
          "name": "[oss-security] 20160615 CVE-2016-5315: libtiff 4.0.6 tif_dir.c: setByteArray() Read access violation",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/15/2"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346694"
        },
        {
          "name": "DSA-3762",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3762"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-5315",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "91204",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91204"
            },
            {
              "name": "[oss-security] 20160615 CVE-2016-5315: libtiff 4.0.6 tif_dir.c: setByteArray() Read access violation",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/06/15/2"
            },
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1346694",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346694"
            },
            {
              "name": "DSA-3762",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3762"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-5315",
    "datePublished": "2017-03-07T15:00:00",
    "dateReserved": "2016-06-06T00:00:00",
    "dateUpdated": "2024-08-06T01:01:00.074Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-10092
Vulnerability from cvelistv5
Published
2017-03-01 15:00
Modified
2024-08-06 03:07
Severity ?
Summary
Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:07:32.141Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2620"
          },
          {
            "name": "[oss-security] 20170101 Re: Re: libtiff: multiple heap-based buffer overflow",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2017/01/01/12"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2622"
          },
          {
            "name": "95218",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95218"
          },
          {
            "name": "[oss-security] 20170101 Re: libtiff: multiple heap-based buffer overflow",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2017/01/01/10"
          },
          {
            "name": "DSA-3762",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3762"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2016-10092"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-01-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-05T16:30:56",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2620"
        },
        {
          "name": "[oss-security] 20170101 Re: Re: libtiff: multiple heap-based buffer overflow",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2017/01/01/12"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2622"
        },
        {
          "name": "95218",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95218"
        },
        {
          "name": "[oss-security] 20170101 Re: libtiff: multiple heap-based buffer overflow",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2017/01/01/10"
        },
        {
          "name": "DSA-3762",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3762"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2016-10092"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-10092",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/",
              "refsource": "MISC",
              "url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2620",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2620"
            },
            {
              "name": "[oss-security] 20170101 Re: Re: libtiff: multiple heap-based buffer overflow",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2017/01/01/12"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2622",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2622"
            },
            {
              "name": "95218",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95218"
            },
            {
              "name": "[oss-security] 20170101 Re: libtiff: multiple heap-based buffer overflow",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2017/01/01/10"
            },
            {
              "name": "DSA-3762",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3762"
            },
            {
              "name": "https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a",
              "refsource": "CONFIRM",
              "url": "https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a"
            },
            {
              "name": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2016-10092",
              "refsource": "MISC",
              "url": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2016-10092"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-10092",
    "datePublished": "2017-03-01T15:00:00",
    "dateReserved": "2017-01-01T00:00:00",
    "dateUpdated": "2024-08-06T03:07:32.141Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-10094
Vulnerability from cvelistv5
Published
2017-03-01 15:00
Modified
2024-08-06 03:07
Severity ?
Summary
Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:07:32.077Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/"
          },
          {
            "name": "95214",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95214"
          },
          {
            "name": "[oss-security] 20170101 Re: Re: libtiff: multiple heap-based buffer overflow",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2017/01/01/12"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/vadz/libtiff/commit/c7153361a4041260719b340f73f2f76"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2640"
          },
          {
            "name": "[oss-security] 20170101 Re: libtiff: multiple heap-based buffer overflow",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2017/01/01/10"
          },
          {
            "name": "DSA-3762",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3762"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-01-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-03T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/"
        },
        {
          "name": "95214",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95214"
        },
        {
          "name": "[oss-security] 20170101 Re: Re: libtiff: multiple heap-based buffer overflow",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2017/01/01/12"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vadz/libtiff/commit/c7153361a4041260719b340f73f2f76"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2640"
        },
        {
          "name": "[oss-security] 20170101 Re: libtiff: multiple heap-based buffer overflow",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2017/01/01/10"
        },
        {
          "name": "DSA-3762",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3762"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-10094",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/",
              "refsource": "MISC",
              "url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/"
            },
            {
              "name": "95214",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95214"
            },
            {
              "name": "[oss-security] 20170101 Re: Re: libtiff: multiple heap-based buffer overflow",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2017/01/01/12"
            },
            {
              "name": "https://github.com/vadz/libtiff/commit/c7153361a4041260719b340f73f2f76",
              "refsource": "CONFIRM",
              "url": "https://github.com/vadz/libtiff/commit/c7153361a4041260719b340f73f2f76"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2640",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2640"
            },
            {
              "name": "[oss-security] 20170101 Re: libtiff: multiple heap-based buffer overflow",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2017/01/01/10"
            },
            {
              "name": "DSA-3762",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3762"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-10094",
    "datePublished": "2017-03-01T15:00:00",
    "dateReserved": "2017-01-01T00:00:00",
    "dateUpdated": "2024-08-06T03:07:32.077Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-7596
Vulnerability from cvelistv5
Published
2017-04-09 14:00
Modified
2024-08-05 16:04
Severity ?
Summary
LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
References
https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashesx_refsource_MISC
http://www.debian.org/security/2017/dsa-3844vendor-advisory, x_refsource_DEBIAN
https://security.gentoo.org/glsa/201709-27vendor-advisory, x_refsource_GENTOO
https://usn.ubuntu.com/3602-1/vendor-advisory, x_refsource_UBUNTU
http://www.securityfocus.com/bid/97506vdb-entry, x_refsource_BID
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:04:12.010Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes"
          },
          {
            "name": "DSA-3844",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3844"
          },
          {
            "name": "GLSA-201709-27",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-27"
          },
          {
            "name": "USN-3602-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3602-1/"
          },
          {
            "name": "97506",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97506"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-04-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF 4.0.7 has an \"outside the range of representable values of type float\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-21T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes"
        },
        {
          "name": "DSA-3844",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3844"
        },
        {
          "name": "GLSA-201709-27",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-27"
        },
        {
          "name": "USN-3602-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3602-1/"
        },
        {
          "name": "97506",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97506"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-7596",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "LibTIFF 4.0.7 has an \"outside the range of representable values of type float\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes",
              "refsource": "MISC",
              "url": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes"
            },
            {
              "name": "DSA-3844",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3844"
            },
            {
              "name": "GLSA-201709-27",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-27"
            },
            {
              "name": "USN-3602-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3602-1/"
            },
            {
              "name": "97506",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97506"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-7596",
    "datePublished": "2017-04-09T14:00:00",
    "dateReserved": "2017-04-09T00:00:00",
    "dateUpdated": "2024-08-05T16:04:12.010Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-1354
Vulnerability from cvelistv5
Published
2022-08-31 00:00
Modified
2024-08-03 00:03
Severity ?
Summary
A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service.
Impacted products
n/alibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:03:06.284Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074404"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/319"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a542798"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2022-1354"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20221014-0007/"
          },
          {
            "name": "GLSA-202210-10",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-10"
          },
          {
            "name": "[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
          },
          {
            "name": "DSA-5333",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5333"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Not-Known"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A heap buffer overflow flaw was found in Libtiffs\u0027 tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 - Out-of-bounds Read.",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-30T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074404"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/319"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a542798"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2022-1354"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20221014-0007/"
        },
        {
          "name": "GLSA-202210-10",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-10"
        },
        {
          "name": "[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
        },
        {
          "name": "DSA-5333",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5333"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-1354",
    "datePublished": "2022-08-31T00:00:00",
    "dateReserved": "2022-04-14T00:00:00",
    "dateUpdated": "2024-08-03T00:03:06.284Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-25433
Vulnerability from cvelistv5
Published
2023-06-29 00:00
Modified
2024-08-02 11:18
Severity ?
Summary
libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:18:36.338Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/520"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/467"
          },
          {
            "name": "[debian-lts-announce] 20230731 [SECURITY] [DLA 3513-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-01T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/520"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/467"
        },
        {
          "name": "[debian-lts-announce] 20230731 [SECURITY] [DLA 3513-1] tiff security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-25433",
    "datePublished": "2023-06-29T00:00:00",
    "dateReserved": "2023-02-06T00:00:00",
    "dateUpdated": "2024-08-02T11:18:36.338Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-10126
Vulnerability from cvelistv5
Published
2018-04-21 21:00
Modified
2024-08-20 04:17
Severity ?
Summary
ijg-libjpeg before 9d, as used in tiff2pdf (from LibTIFF) and other products, does not check for a NULL pointer at a certain place in jpeg_fdct_16x16 in jfdctint.c.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:32:01.140Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2786"
          },
          {
            "name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-04-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "ijg-libjpeg before 9d, as used in tiff2pdf (from LibTIFF) and other products, does not check for a NULL pointer at a certain place in jpeg_fdct_16x16 in jfdctint.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-20T04:17:24.678828",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2786"
        },
        {
          "name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/128"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-10126",
    "datePublished": "2018-04-21T21:00:00",
    "dateReserved": "2018-04-16T00:00:00",
    "dateUpdated": "2024-08-20T04:17:24.678828",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-25435
Vulnerability from cvelistv5
Published
2023-06-21 00:00
Modified
2024-08-02 11:18
Severity ?
Summary
libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:18:36.340Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/518"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-21T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/518"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-25435",
    "datePublished": "2023-06-21T00:00:00",
    "dateReserved": "2023-02-06T00:00:00",
    "dateUpdated": "2024-08-02T11:18:36.340Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-9937
Vulnerability from cvelistv5
Published
2017-06-26 12:00
Modified
2024-08-05 17:24
Severity ?
Summary
In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:24:59.960Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2707"
          },
          {
            "name": "99304",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99304"
          },
          {
            "name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-06-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-25T16:06:28",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2707"
        },
        {
          "name": "99304",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99304"
        },
        {
          "name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-9937",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2707",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2707"
            },
            {
              "name": "99304",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99304"
            },
            {
              "name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-9937",
    "datePublished": "2017-06-26T12:00:00",
    "dateReserved": "2017-06-26T00:00:00",
    "dateUpdated": "2024-08-05T17:24:59.960Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-19210
Vulnerability from cvelistv5
Published
2018-11-12 19:00
Modified
2024-08-05 11:30
Severity ?
Summary
In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:30:04.380Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "105932",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105932"
          },
          {
            "name": "USN-3906-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3906-1/"
          },
          {
            "name": "[debian-lts-announce] 20190218 [SECURITY] [DLA 1680-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00026.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2820"
          },
          {
            "name": "openSUSE-SU-2019:1161",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html"
          },
          {
            "name": "FEDORA-2019-fa3e40f00a",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TX5UEYHGMTNEHJB4FHE7HCJ75UQDNKGB/"
          },
          {
            "name": "FEDORA-2019-70d89f8806",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C6IL2QFKE6MGVUTOPU2UUWITTE36KRDF/"
          },
          {
            "name": "20191104 [slackware-security] libtiff (SSA:2019-308-01)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Nov/5"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/155095/Slackware-Security-Advisory-libtiff-Updates.html"
          },
          {
            "name": "GLSA-202003-25",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-25"
          },
          {
            "name": "DSA-4670",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4670"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-11-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-30T12:06:18",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "105932",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105932"
        },
        {
          "name": "USN-3906-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3906-1/"
        },
        {
          "name": "[debian-lts-announce] 20190218 [SECURITY] [DLA 1680-1] tiff security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00026.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2820"
        },
        {
          "name": "openSUSE-SU-2019:1161",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html"
        },
        {
          "name": "FEDORA-2019-fa3e40f00a",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TX5UEYHGMTNEHJB4FHE7HCJ75UQDNKGB/"
        },
        {
          "name": "FEDORA-2019-70d89f8806",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C6IL2QFKE6MGVUTOPU2UUWITTE36KRDF/"
        },
        {
          "name": "20191104 [slackware-security] libtiff (SSA:2019-308-01)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Nov/5"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/155095/Slackware-Security-Advisory-libtiff-Updates.html"
        },
        {
          "name": "GLSA-202003-25",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202003-25"
        },
        {
          "name": "DSA-4670",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4670"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-19210",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "105932",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105932"
            },
            {
              "name": "USN-3906-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3906-1/"
            },
            {
              "name": "[debian-lts-announce] 20190218 [SECURITY] [DLA 1680-1] tiff security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00026.html"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2820",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2820"
            },
            {
              "name": "openSUSE-SU-2019:1161",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html"
            },
            {
              "name": "FEDORA-2019-fa3e40f00a",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TX5UEYHGMTNEHJB4FHE7HCJ75UQDNKGB/"
            },
            {
              "name": "FEDORA-2019-70d89f8806",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C6IL2QFKE6MGVUTOPU2UUWITTE36KRDF/"
            },
            {
              "name": "20191104 [slackware-security] libtiff (SSA:2019-308-01)",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Nov/5"
            },
            {
              "name": "http://packetstormsecurity.com/files/155095/Slackware-Security-Advisory-libtiff-Updates.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/155095/Slackware-Security-Advisory-libtiff-Updates.html"
            },
            {
              "name": "GLSA-202003-25",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202003-25"
            },
            {
              "name": "DSA-4670",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4670"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-19210",
    "datePublished": "2018-11-12T19:00:00",
    "dateReserved": "2018-11-12T00:00:00",
    "dateUpdated": "2024-08-05T11:30:04.380Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-5102
Vulnerability from cvelistv5
Published
2017-02-06 17:00
Modified
2024-08-06 00:53
Severity ?
Summary
Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file.
References
http://www.securityfocus.com/bid/96049vdb-entry, x_refsource_BID
https://usn.ubuntu.com/3606-1/vendor-advisory, x_refsource_UBUNTU
http://bugzilla.maptools.org/show_bug.cgi?id=2552x_refsource_CONFIRM
https://security.gentoo.org/glsa/201701-16vendor-advisory, x_refsource_GENTOO
https://bugzilla.redhat.com/show_bug.cgi?id=1343407x_refsource_CONFIRM
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:53:48.284Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "96049",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/96049"
          },
          {
            "name": "USN-3606-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3606-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2552"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343407"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-06-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-27T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "96049",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/96049"
        },
        {
          "name": "USN-3606-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3606-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2552"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343407"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-5102",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "96049",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/96049"
            },
            {
              "name": "USN-3606-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3606-1/"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2552",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2552"
            },
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343407",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343407"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-5102",
    "datePublished": "2017-02-06T17:00:00",
    "dateReserved": "2016-05-26T00:00:00",
    "dateUpdated": "2024-08-06T00:53:48.284Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-5321
Vulnerability from cvelistv5
Published
2017-01-20 15:00
Modified
2024-08-06 01:01
Severity ?
Summary
The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image.
References
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.htmlvendor-advisory, x_refsource_SUSE
https://security.gentoo.org/glsa/201701-16vendor-advisory, x_refsource_GENTOO
http://www.securityfocus.com/bid/91209vdb-entry, x_refsource_BID
http://www.debian.org/security/2017/dsa-3762vendor-advisory, x_refsource_DEBIAN
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:01:00.404Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2016:3035",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "name": "91209",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91209"
          },
          {
            "name": "DSA-3762",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3762"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-12-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-03T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "openSUSE-SU-2016:3035",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "name": "91209",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91209"
        },
        {
          "name": "DSA-3762",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3762"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-5321",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2016:3035",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html"
            },
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "91209",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91209"
            },
            {
              "name": "DSA-3762",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3762"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-5321",
    "datePublished": "2017-01-20T15:00:00",
    "dateReserved": "2016-06-06T00:00:00",
    "dateUpdated": "2024-08-06T01:01:00.404Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-5360
Vulnerability from cvelistv5
Published
2018-01-14 02:00
Modified
2024-08-05 05:33
Severity ?
Summary
LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:33:44.182Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://sourceforge.net/p/graphicsmagick/bugs/540/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/commit/739dcd28a061738b317c1e9f91029d9cbc157159"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2500"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-01-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-19T17:51:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://sourceforge.net/p/graphicsmagick/bugs/540/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://gitlab.com/libtiff/libtiff/commit/739dcd28a061738b317c1e9f91029d9cbc157159"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2500"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-5360",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://sourceforge.net/p/graphicsmagick/bugs/540/",
              "refsource": "MISC",
              "url": "https://sourceforge.net/p/graphicsmagick/bugs/540/"
            },
            {
              "name": "https://gitlab.com/libtiff/libtiff/commit/739dcd28a061738b317c1e9f91029d9cbc157159",
              "refsource": "CONFIRM",
              "url": "https://gitlab.com/libtiff/libtiff/commit/739dcd28a061738b317c1e9f91029d9cbc157159"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2500",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2500"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-5360",
    "datePublished": "2018-01-14T02:00:00",
    "dateReserved": "2018-01-12T00:00:00",
    "dateUpdated": "2024-08-05T05:33:44.182Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-9539
Vulnerability from cvelistv5
Published
2016-11-22 19:00
Modified
2024-08-06 02:50
Severity ?
Summary
tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:50:38.435Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "94484",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94484"
          },
          {
            "name": "94754",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94754"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/vadz/libtiff/commit/ae9365db1b271b62b35ce018eac8799b1d5e8a53"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-11-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-09T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "94484",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94484"
        },
        {
          "name": "94754",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94754"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vadz/libtiff/commit/ae9365db1b271b62b35ce018eac8799b1d5e8a53"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-9539",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "94484",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94484"
            },
            {
              "name": "94754",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94754"
            },
            {
              "name": "https://github.com/vadz/libtiff/commit/ae9365db1b271b62b35ce018eac8799b1d5e8a53",
              "refsource": "CONFIRM",
              "url": "https://github.com/vadz/libtiff/commit/ae9365db1b271b62b35ce018eac8799b1d5e8a53"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-9539",
    "datePublished": "2016-11-22T19:00:00",
    "dateReserved": "2016-11-21T00:00:00",
    "dateUpdated": "2024-08-06T02:50:38.435Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-1622
Vulnerability from cvelistv5
Published
2022-05-11 00:00
Modified
2024-08-03 00:10
Summary
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.
Impacted products
libtifflibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:10:03.771Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/410"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1622.json"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220616-0005/"
          },
          {
            "name": "FEDORA-2022-ea3ebeff3d",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXAFOP6QQRNZD3HPZ6BMCEZZOM4YIZMK/"
          },
          {
            "name": "FEDORA-2022-e9fe21d102",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7IWZTB4J2N4F5OR5QY4VHDSKWKZSWN3/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213443"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213444"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213446"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213488"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213486"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213487"
          },
          {
            "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
          },
          {
            "name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Oct/28"
          },
          {
            "name": "20221030 APPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Oct/39"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "libtiff",
          "versions": [
            {
              "status": "affected",
              "version": "3079627ea0dee150e6a208cec8381de611bb842b"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "wangdw.augustus@gmail.com"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bounds read in libtiff",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-30T00:00:00",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/410"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a"
        },
        {
          "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1622.json"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220616-0005/"
        },
        {
          "name": "FEDORA-2022-ea3ebeff3d",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXAFOP6QQRNZD3HPZ6BMCEZZOM4YIZMK/"
        },
        {
          "name": "FEDORA-2022-e9fe21d102",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7IWZTB4J2N4F5OR5QY4VHDSKWKZSWN3/"
        },
        {
          "url": "https://support.apple.com/kb/HT213443"
        },
        {
          "url": "https://support.apple.com/kb/HT213444"
        },
        {
          "url": "https://support.apple.com/kb/HT213446"
        },
        {
          "url": "https://support.apple.com/kb/HT213488"
        },
        {
          "url": "https://support.apple.com/kb/HT213486"
        },
        {
          "url": "https://support.apple.com/kb/HT213487"
        },
        {
          "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
        },
        {
          "name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Oct/28"
        },
        {
          "name": "20221030 APPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Oct/39"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2022-1622",
    "datePublished": "2022-05-11T00:00:00",
    "dateReserved": "2022-05-09T00:00:00",
    "dateUpdated": "2024-08-03T00:10:03.771Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-10267
Vulnerability from cvelistv5
Published
2017-03-24 19:00
Modified
2024-08-06 03:14
Severity ?
Summary
LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:14:42.896Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-3844",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3844"
          },
          {
            "name": "GLSA-201709-27",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-27"
          },
          {
            "name": "97117",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97117"
          },
          {
            "name": "USN-3602-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3602-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-divide-by-zero"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/vadz/libtiff/commit/43bc256d8ae44b92d2734a3c5bc73957a4d7c1ec"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-03-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-21T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-3844",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3844"
        },
        {
          "name": "GLSA-201709-27",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-27"
        },
        {
          "name": "97117",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97117"
        },
        {
          "name": "USN-3602-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3602-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-divide-by-zero"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vadz/libtiff/commit/43bc256d8ae44b92d2734a3c5bc73957a4d7c1ec"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-10267",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-3844",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3844"
            },
            {
              "name": "GLSA-201709-27",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-27"
            },
            {
              "name": "97117",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97117"
            },
            {
              "name": "USN-3602-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3602-1/"
            },
            {
              "name": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-divide-by-zero",
              "refsource": "MISC",
              "url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-divide-by-zero"
            },
            {
              "name": "https://github.com/vadz/libtiff/commit/43bc256d8ae44b92d2734a3c5bc73957a4d7c1ec",
              "refsource": "MISC",
              "url": "https://github.com/vadz/libtiff/commit/43bc256d8ae44b92d2734a3c5bc73957a4d7c1ec"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-10267",
    "datePublished": "2017-03-24T19:00:00",
    "dateReserved": "2017-03-24T00:00:00",
    "dateUpdated": "2024-08-06T03:14:42.896Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-7592
Vulnerability from cvelistv5
Published
2017-04-09 14:00
Modified
2024-08-05 16:04
Severity ?
Summary
The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
References
http://www.debian.org/security/2017/dsa-3844vendor-advisory, x_refsource_DEBIAN
http://bugzilla.maptools.org/show_bug.cgi?id=2658x_refsource_MISC
https://security.gentoo.org/glsa/201709-27vendor-advisory, x_refsource_GENTOO
https://usn.ubuntu.com/3602-1/vendor-advisory, x_refsource_UBUNTU
http://www.securityfocus.com/bid/97510vdb-entry, x_refsource_BID
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:04:11.971Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-3844",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3844"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2658"
          },
          {
            "name": "GLSA-201709-27",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-27"
          },
          {
            "name": "USN-3602-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3602-1/"
          },
          {
            "name": "97510",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97510"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-04-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-21T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-3844",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3844"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2658"
        },
        {
          "name": "GLSA-201709-27",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-27"
        },
        {
          "name": "USN-3602-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3602-1/"
        },
        {
          "name": "97510",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97510"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-7592",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-3844",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3844"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2658",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2658"
            },
            {
              "name": "GLSA-201709-27",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-27"
            },
            {
              "name": "USN-3602-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3602-1/"
            },
            {
              "name": "97510",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97510"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-7592",
    "datePublished": "2017-04-09T14:00:00",
    "dateReserved": "2017-04-09T00:00:00",
    "dateUpdated": "2024-08-05T16:04:11.971Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-2521
Vulnerability from cvelistv5
Published
2022-08-31 00:00
Modified
2024-08-03 00:39
Severity ?
Summary
It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input.
Impacted products
n/alibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:39:08.062Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/422"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/378"
          },
          {
            "name": "DSA-5333",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5333"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "libtiff 4.4.0rc1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-763",
              "description": "CWE-763",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-30T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/422"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/378"
        },
        {
          "name": "DSA-5333",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5333"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-2521",
    "datePublished": "2022-08-31T00:00:00",
    "dateReserved": "2022-07-22T00:00:00",
    "dateUpdated": "2024-08-03T00:39:08.062Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-5314
Vulnerability from cvelistv5
Published
2018-03-12 02:00
Modified
2024-08-06 01:00
Severity ?
Summary
Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:00:58.231Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-3762",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-3762"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "name": "openSUSE-SU-2016:3035",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html"
          },
          {
            "name": "91195",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91195"
          },
          {
            "name": "openSUSE-SU-2016:2321",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00060.html"
          },
          {
            "name": "[oss-security] 20160615 CVE-2016-5314: libtiff 4.0.6 PixarLogDecode() out-of-bound writes",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/15/1"
          },
          {
            "name": "91245",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91245"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346687"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/vadz/libtiff/commit/391e77fcd217e78b2c51342ac3ddb7100ecacdd2"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "name": "openSUSE-SU-2016:1889",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00087.html"
          },
          {
            "name": "openSUSE-SU-2016:2375",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00090.html"
          },
          {
            "name": "[oss-security] 20160615 CVE-2016-5320: libtiff 4.0.6 rgb2ycbcr: command excution",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/15/9"
          },
          {
            "name": "[oss-security] 20160630 Re: Re: CVE request: Heap-based buffer overflow in LibTIFF when using the PixarLog compression format",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/30/3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2554"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-06-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-12T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-3762",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-3762"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "name": "openSUSE-SU-2016:3035",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html"
        },
        {
          "name": "91195",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91195"
        },
        {
          "name": "openSUSE-SU-2016:2321",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00060.html"
        },
        {
          "name": "[oss-security] 20160615 CVE-2016-5314: libtiff 4.0.6 PixarLogDecode() out-of-bound writes",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/15/1"
        },
        {
          "name": "91245",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91245"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346687"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vadz/libtiff/commit/391e77fcd217e78b2c51342ac3ddb7100ecacdd2"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "name": "openSUSE-SU-2016:1889",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00087.html"
        },
        {
          "name": "openSUSE-SU-2016:2375",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00090.html"
        },
        {
          "name": "[oss-security] 20160615 CVE-2016-5320: libtiff 4.0.6 rgb2ycbcr: command excution",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/15/9"
        },
        {
          "name": "[oss-security] 20160630 Re: Re: CVE request: Heap-based buffer overflow in LibTIFF when using the PixarLog compression format",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/30/3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2554"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-5314",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-3762",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-3762"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "name": "openSUSE-SU-2016:3035",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html"
            },
            {
              "name": "91195",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91195"
            },
            {
              "name": "openSUSE-SU-2016:2321",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00060.html"
            },
            {
              "name": "[oss-security] 20160615 CVE-2016-5314: libtiff 4.0.6 PixarLogDecode() out-of-bound writes",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/06/15/1"
            },
            {
              "name": "91245",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91245"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1346687",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346687"
            },
            {
              "name": "https://github.com/vadz/libtiff/commit/391e77fcd217e78b2c51342ac3ddb7100ecacdd2",
              "refsource": "CONFIRM",
              "url": "https://github.com/vadz/libtiff/commit/391e77fcd217e78b2c51342ac3ddb7100ecacdd2"
            },
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "openSUSE-SU-2016:1889",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00087.html"
            },
            {
              "name": "openSUSE-SU-2016:2375",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00090.html"
            },
            {
              "name": "[oss-security] 20160615 CVE-2016-5320: libtiff 4.0.6 rgb2ycbcr: command excution",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/06/15/9"
            },
            {
              "name": "[oss-security] 20160630 Re: Re: CVE request: Heap-based buffer overflow in LibTIFF when using the PixarLog compression format",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/06/30/3"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2554",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2554"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-5314",
    "datePublished": "2018-03-12T02:00:00",
    "dateReserved": "2016-06-06T00:00:00",
    "dateUpdated": "2024-08-06T01:00:58.231Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-2065
Vulnerability from cvelistv5
Published
2010-06-23 18:00
Modified
2024-08-07 02:17
Severity ?
Summary
Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF file that triggers a buffer overflow.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:17:14.560Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "40181",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40181"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blogs.sun.com/security/entry/cve_2010_2065_cve_2010"
          },
          {
            "name": "[oss-security] 20100623 CVE requests: LibTIFF",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=127731610612908\u0026w=2"
          },
          {
            "name": "ADV-2010-1638",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1638"
          },
          {
            "name": "SSA:2010-180-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.596424"
          },
          {
            "name": "ADV-2011-0621",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0621"
          },
          {
            "name": "USN-954-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-954-1"
          },
          {
            "name": "GLSA-201209-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
          },
          {
            "name": "ADV-2011-0204",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0204"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.remotesensing.org/libtiff/v3.9.3.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=601274"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/589565"
          },
          {
            "name": "MDVSA-2011:043",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:043"
          },
          {
            "name": "40381",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40381"
          },
          {
            "name": "50726",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50726"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-06-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF file that triggers a buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-07-08T09:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "40181",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40181"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blogs.sun.com/security/entry/cve_2010_2065_cve_2010"
        },
        {
          "name": "[oss-security] 20100623 CVE requests: LibTIFF",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=127731610612908\u0026w=2"
        },
        {
          "name": "ADV-2010-1638",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1638"
        },
        {
          "name": "SSA:2010-180-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.596424"
        },
        {
          "name": "ADV-2011-0621",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0621"
        },
        {
          "name": "USN-954-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-954-1"
        },
        {
          "name": "GLSA-201209-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
        },
        {
          "name": "ADV-2011-0204",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0204"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.remotesensing.org/libtiff/v3.9.3.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=601274"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/589565"
        },
        {
          "name": "MDVSA-2011:043",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:043"
        },
        {
          "name": "40381",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40381"
        },
        {
          "name": "50726",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50726"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-2065",
    "datePublished": "2010-06-23T18:00:00",
    "dateReserved": "2010-05-25T00:00:00",
    "dateUpdated": "2024-08-07T02:17:14.560Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-3186
Vulnerability from cvelistv5
Published
2016-04-19 14:00
Modified
2024-08-05 23:47
Severity ?
Summary
Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file.
References
https://bugzilla.redhat.com/show_bug.cgi?id=1319503x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2016-04/msg00064.htmlvendor-advisory, x_refsource_SUSE
https://usn.ubuntu.com/3606-1/vendor-advisory, x_refsource_UBUNTU
https://security.gentoo.org/glsa/201701-16vendor-advisory, x_refsource_GENTOO
http://www.securitytracker.com/id/1035442vdb-entry, x_refsource_SECTRACK
http://lists.opensuse.org/opensuse-updates/2016-04/msg00075.htmlvendor-advisory, x_refsource_SUSE
https://access.redhat.com/errata/RHSA-2019:2053vendor-advisory, x_refsource_REDHAT
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:47:58.971Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1319503"
          },
          {
            "name": "openSUSE-SU-2016:1081",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00064.html"
          },
          {
            "name": "USN-3606-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3606-1/"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "name": "1035442",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035442"
          },
          {
            "name": "openSUSE-SU-2016:1103",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00075.html"
          },
          {
            "name": "RHSA-2019:2053",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2053"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-06T16:06:33",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1319503"
        },
        {
          "name": "openSUSE-SU-2016:1081",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00064.html"
        },
        {
          "name": "USN-3606-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3606-1/"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "name": "1035442",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035442"
        },
        {
          "name": "openSUSE-SU-2016:1103",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00075.html"
        },
        {
          "name": "RHSA-2019:2053",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2053"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-3186",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1319503",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1319503"
            },
            {
              "name": "openSUSE-SU-2016:1081",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00064.html"
            },
            {
              "name": "USN-3606-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3606-1/"
            },
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "1035442",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035442"
            },
            {
              "name": "openSUSE-SU-2016:1103",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00075.html"
            },
            {
              "name": "RHSA-2019:2053",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2053"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-3186",
    "datePublished": "2016-04-19T14:00:00",
    "dateReserved": "2016-03-15T00:00:00",
    "dateUpdated": "2024-08-05T23:47:58.971Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-9936
Vulnerability from cvelistv5
Published
2017-06-26 12:00
Modified
2024-08-05 17:24
Severity ?
Summary
In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack.
References
http://www.securityfocus.com/bid/99300vdb-entry, x_refsource_BID
https://usn.ubuntu.com/3602-1/vendor-advisory, x_refsource_UBUNTU
https://www.exploit-db.com/exploits/42300/exploit, x_refsource_EXPLOIT-DB
http://bugzilla.maptools.org/show_bug.cgi?id=2706x_refsource_MISC
http://www.debian.org/security/2017/dsa-3903vendor-advisory, x_refsource_DEBIAN
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:24:59.743Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "99300",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99300"
          },
          {
            "name": "USN-3602-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3602-1/"
          },
          {
            "name": "42300",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/42300/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2706"
          },
          {
            "name": "DSA-3903",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3903"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-06-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-21T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "99300",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99300"
        },
        {
          "name": "USN-3602-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3602-1/"
        },
        {
          "name": "42300",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/42300/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2706"
        },
        {
          "name": "DSA-3903",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3903"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-9936",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "99300",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99300"
            },
            {
              "name": "USN-3602-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3602-1/"
            },
            {
              "name": "42300",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/42300/"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2706",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2706"
            },
            {
              "name": "DSA-3903",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3903"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-9936",
    "datePublished": "2017-06-26T12:00:00",
    "dateReserved": "2017-06-26T00:00:00",
    "dateUpdated": "2024-08-05T17:24:59.743Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-7663
Vulnerability from cvelistv5
Published
2019-02-09 16:00
Modified
2024-08-04 20:54
Severity ?
Summary
An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:54:28.439Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2833"
          },
          {
            "name": "USN-3906-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3906-1/"
          },
          {
            "name": "[debian-lts-announce] 20190218 [SECURITY] [DLA 1680-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00026.html"
          },
          {
            "name": "USN-3906-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3906-2/"
          },
          {
            "name": "openSUSE-SU-2019:1161",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/commit/802d3cbf3043be5dce5317e140ccb1c17a6a2d39"
          },
          {
            "name": "GLSA-202003-25",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-25"
          },
          {
            "name": "DSA-4670",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4670"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-02-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-30T12:06:15",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2833"
        },
        {
          "name": "USN-3906-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3906-1/"
        },
        {
          "name": "[debian-lts-announce] 20190218 [SECURITY] [DLA 1680-1] tiff security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00026.html"
        },
        {
          "name": "USN-3906-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3906-2/"
        },
        {
          "name": "openSUSE-SU-2019:1161",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://gitlab.com/libtiff/libtiff/commit/802d3cbf3043be5dce5317e140ccb1c17a6a2d39"
        },
        {
          "name": "GLSA-202003-25",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202003-25"
        },
        {
          "name": "DSA-4670",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4670"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-7663",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2833",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2833"
            },
            {
              "name": "USN-3906-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3906-1/"
            },
            {
              "name": "[debian-lts-announce] 20190218 [SECURITY] [DLA 1680-1] tiff security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00026.html"
            },
            {
              "name": "USN-3906-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3906-2/"
            },
            {
              "name": "openSUSE-SU-2019:1161",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html"
            },
            {
              "name": "https://gitlab.com/libtiff/libtiff/commit/802d3cbf3043be5dce5317e140ccb1c17a6a2d39",
              "refsource": "CONFIRM",
              "url": "https://gitlab.com/libtiff/libtiff/commit/802d3cbf3043be5dce5317e140ccb1c17a6a2d39"
            },
            {
              "name": "GLSA-202003-25",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202003-25"
            },
            {
              "name": "DSA-4670",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4670"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-7663",
    "datePublished": "2019-02-09T16:00:00",
    "dateReserved": "2019-02-09T00:00:00",
    "dateUpdated": "2024-08-04T20:54:28.439Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-10095
Vulnerability from cvelistv5
Published
2017-03-01 15:00
Modified
2024-08-06 03:07
Severity ?
Summary
Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7 and 4.0.8 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:07:32.130Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "95178",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95178"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2625"
          },
          {
            "name": "[oss-security] 20170101 libtiff: stack-based buffer overflow in _TIFFVGetField (tif_dir.c)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2017/01/01/7"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-stack-based-buffer-overflow-in-_tiffvgetfield-tif_dir-c/"
          },
          {
            "name": "[oss-security] 20170101 Re: libtiff: stack-based buffer overflow in _TIFFVGetField (tif_dir.c)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2017/01/01/11"
          },
          {
            "name": "DSA-3903",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3903"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-01-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7 and 4.0.8 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-29T19:38:54",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "95178",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95178"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2625"
        },
        {
          "name": "[oss-security] 20170101 libtiff: stack-based buffer overflow in _TIFFVGetField (tif_dir.c)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2017/01/01/7"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-stack-based-buffer-overflow-in-_tiffvgetfield-tif_dir-c/"
        },
        {
          "name": "[oss-security] 20170101 Re: libtiff: stack-based buffer overflow in _TIFFVGetField (tif_dir.c)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2017/01/01/11"
        },
        {
          "name": "DSA-3903",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3903"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-10095",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7 and 4.0.8 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "95178",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95178"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2625",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2625"
            },
            {
              "name": "[oss-security] 20170101 libtiff: stack-based buffer overflow in _TIFFVGetField (tif_dir.c)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2017/01/01/7"
            },
            {
              "name": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-stack-based-buffer-overflow-in-_tiffvgetfield-tif_dir-c/",
              "refsource": "MISC",
              "url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-stack-based-buffer-overflow-in-_tiffvgetfield-tif_dir-c/"
            },
            {
              "name": "[oss-security] 20170101 Re: libtiff: stack-based buffer overflow in _TIFFVGetField (tif_dir.c)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2017/01/01/11"
            },
            {
              "name": "DSA-3903",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3903"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-10095",
    "datePublished": "2017-03-01T15:00:00",
    "dateReserved": "2017-01-01T00:00:00",
    "dateUpdated": "2024-08-06T03:07:32.130Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-48281
Vulnerability from cvelistv5
Published
2023-01-23 00:00
Modified
2024-08-03 15:10
Severity ?
Summary
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:10:59.710Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/488"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/commit/d1b6b9c1b3cae2d9e37754506c1ad8f4f7b646b5"
          },
          {
            "name": "DSA-5333",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5333"
          },
          {
            "name": "[debian-lts-announce] 20230130 [SECURITY] [DLA 3297-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00037.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230302-0004/"
          },
          {
            "name": "GLSA-202305-31",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-31"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., \"WRITE of size 307203\") via a crafted TIFF image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-30T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/488"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/commit/d1b6b9c1b3cae2d9e37754506c1ad8f4f7b646b5"
        },
        {
          "name": "DSA-5333",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5333"
        },
        {
          "name": "[debian-lts-announce] 20230130 [SECURITY] [DLA 3297-1] tiff security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00037.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230302-0004/"
        },
        {
          "name": "GLSA-202305-31",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202305-31"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-48281",
    "datePublished": "2023-01-23T00:00:00",
    "dateReserved": "2023-01-23T00:00:00",
    "dateUpdated": "2024-08-03T15:10:59.710Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-35523
Vulnerability from cvelistv5
Published
2021-03-09 19:17
Modified
2024-08-04 17:02
Severity ?
Summary
An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Impacted products
n/alibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:02:08.176Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/160"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932040"
          },
          {
            "name": "DSA-4869",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4869"
          },
          {
            "name": "FEDORA-2021-1bf4f2f13a",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/"
          },
          {
            "name": "GLSA-202104-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202104-06"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210521-0009/"
          },
          {
            "name": "[debian-lts-announce] 20210627 [SECURITY] [DLA 2694-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00023.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "libtiff 4.2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-28T01:06:13",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/160"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932040"
        },
        {
          "name": "DSA-4869",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4869"
        },
        {
          "name": "FEDORA-2021-1bf4f2f13a",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/"
        },
        {
          "name": "GLSA-202104-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202104-06"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210521-0009/"
        },
        {
          "name": "[debian-lts-announce] 20210627 [SECURITY] [DLA 2694-1] tiff security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00023.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-35523",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "libtiff",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "libtiff 4.2.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-190"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2",
              "refsource": "MISC",
              "url": "https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2"
            },
            {
              "name": "https://gitlab.com/libtiff/libtiff/-/merge_requests/160",
              "refsource": "MISC",
              "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/160"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1932040",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932040"
            },
            {
              "name": "DSA-4869",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4869"
            },
            {
              "name": "FEDORA-2021-1bf4f2f13a",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/"
            },
            {
              "name": "GLSA-202104-06",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202104-06"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210521-0009/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210521-0009/"
            },
            {
              "name": "[debian-lts-announce] 20210627 [SECURITY] [DLA 2694-1] tiff security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00023.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-35523",
    "datePublished": "2021-03-09T19:17:24",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-04T17:02:08.176Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-9273
Vulnerability from cvelistv5
Published
2017-01-18 17:00
Modified
2024-08-06 02:42
Severity ?
Summary
tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode.
References
http://www.openwall.com/lists/oss-security/2016/11/09/20mailing-list, x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2016/11/11/6mailing-list, x_refsource_MLIST
https://security.gentoo.org/glsa/201701-16vendor-advisory, x_refsource_GENTOO
http://www.securityfocus.com/bid/94271vdb-entry, x_refsource_BID
http://bugzilla.maptools.org/show_bug.cgi?id=2587x_refsource_CONFIRM
http://www.debian.org/security/2017/dsa-3762vendor-advisory, x_refsource_DEBIAN
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:42:11.262Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20161109 CVE Request: libtiff: heap buffer overflow/read outside of array",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/11/09/20"
          },
          {
            "name": "[oss-security] 20161111 Re: CVE Request: libtiff: heap buffer overflow/read outside of array",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/11/11/6"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "name": "94271",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94271"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2587"
          },
          {
            "name": "DSA-3762",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3762"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-11-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-03T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[oss-security] 20161109 CVE Request: libtiff: heap buffer overflow/read outside of array",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/11/09/20"
        },
        {
          "name": "[oss-security] 20161111 Re: CVE Request: libtiff: heap buffer overflow/read outside of array",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/11/11/6"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "name": "94271",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94271"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2587"
        },
        {
          "name": "DSA-3762",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3762"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-9273",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20161109 CVE Request: libtiff: heap buffer overflow/read outside of array",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/11/09/20"
            },
            {
              "name": "[oss-security] 20161111 Re: CVE Request: libtiff: heap buffer overflow/read outside of array",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/11/11/6"
            },
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "94271",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94271"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2587",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2587"
            },
            {
              "name": "DSA-3762",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3762"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-9273",
    "datePublished": "2017-01-18T17:00:00",
    "dateReserved": "2016-11-11T00:00:00",
    "dateUpdated": "2024-08-06T02:42:11.262Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-0562
Vulnerability from cvelistv5
Published
2022-02-11 00:00
Modified
2024-08-02 23:32
Summary
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.
Impacted products
libtifflibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:32:46.296Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/362"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0562.json"
          },
          {
            "name": "FEDORA-2022-df1df6debd",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZEHZ35XVO2VBZ4HHCMM6J6TQIDSBQOM/"
          },
          {
            "name": "[debian-lts-announce] 20220306 [SECURITY] [DLA 2932-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00001.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220318-0001/"
          },
          {
            "name": "DSA-5108",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5108"
          },
          {
            "name": "GLSA-202210-10",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-10"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "libtiff",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e=4.0, \u003c=4.3.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "shahchintanh@gmail.com"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Null pointer dereference in libtiff",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-31T00:00:00",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/362"
        },
        {
          "url": "https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b"
        },
        {
          "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0562.json"
        },
        {
          "name": "FEDORA-2022-df1df6debd",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZEHZ35XVO2VBZ4HHCMM6J6TQIDSBQOM/"
        },
        {
          "name": "[debian-lts-announce] 20220306 [SECURITY] [DLA 2932-1] tiff security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00001.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220318-0001/"
        },
        {
          "name": "DSA-5108",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5108"
        },
        {
          "name": "GLSA-202210-10",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-10"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2022-0562",
    "datePublished": "2022-02-11T00:00:00",
    "dateReserved": "2022-02-10T00:00:00",
    "dateUpdated": "2024-08-02T23:32:46.296Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-3631
Vulnerability from cvelistv5
Published
2016-10-03 16:00
Modified
2024-08-06 00:03
Severity ?
Summary
The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the bytecounts[] array variable.
References
http://www.securitytracker.com/id/1035508vdb-entry, x_refsource_SECTRACK
https://security.gentoo.org/glsa/201701-16vendor-advisory, x_refsource_GENTOO
http://www.openwall.com/lists/oss-security/2016/04/08/10mailing-list, x_refsource_MLIST
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:03:34.097Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1035508",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035508"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "name": "[oss-security] 20160408 CVE-2016-3631 - libtiff 4.0.6 illegel read",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/04/08/10"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the bytecounts[] array variable."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-02T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1035508",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035508"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "name": "[oss-security] 20160408 CVE-2016-3631 - libtiff 4.0.6 illegel read",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/04/08/10"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-3631",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the bytecounts[] array variable."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1035508",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035508"
            },
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "[oss-security] 20160408 CVE-2016-3631 - libtiff 4.0.6 illegel read",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/04/08/10"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-3631",
    "datePublished": "2016-10-03T16:00:00",
    "dateReserved": "2016-03-22T00:00:00",
    "dateUpdated": "2024-08-06T00:03:34.097Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-3620
Vulnerability from cvelistv5
Published
2016-10-03 16:00
Modified
2024-08-06 00:03
Severity ?
Summary
The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c zip" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.
References
http://www.securitytracker.com/id/1035508vdb-entry, x_refsource_SECTRACK
http://bugzilla.maptools.org/show_bug.cgi?id=2570x_refsource_MISC
https://security.gentoo.org/glsa/201701-16vendor-advisory, x_refsource_GENTOO
http://www.openwall.com/lists/oss-security/2016/04/07/2mailing-list, x_refsource_MLIST
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:03:34.323Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1035508",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035508"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2570"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "name": "[oss-security] 20160407 CVE-2016-3620 libtiff: Out-of-bounds Read in the bmp2tiff tool",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/04/07/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the \"-c zip\" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-02T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1035508",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035508"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2570"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "name": "[oss-security] 20160407 CVE-2016-3620 libtiff: Out-of-bounds Read in the bmp2tiff tool",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/04/07/2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-3620",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the \"-c zip\" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1035508",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035508"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2570",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2570"
            },
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "[oss-security] 20160407 CVE-2016-3620 libtiff: Out-of-bounds Read in the bmp2tiff tool",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/04/07/2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-3620",
    "datePublished": "2016-10-03T16:00:00",
    "dateReserved": "2016-03-21T00:00:00",
    "dateUpdated": "2024-08-06T00:03:34.323Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-2025
Vulnerability from cvelistv5
Published
2006-04-25 23:00
Modified
2024-08-07 17:35
Severity ?
Summary
Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image.
References
http://www.vupen.com/english/advisories/2006/1563vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/20210third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/19949third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/26134vdb-entry, x_refsource_XF
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933x_refsource_CONFIRM
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1vendor-advisory, x_refsource_SUNALERT
https://usn.ubuntu.com/277-1/vendor-advisory, x_refsource_UBUNTU
http://www.gentoo.org/security/en/glsa/glsa-200605-17.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/20667third-party-advisory, x_refsource_SECUNIA
http://bugzilla.remotesensing.org/show_bug.cgi?id=1102x_refsource_MISC
http://secunia.com/advisories/19936third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/19964third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1vendor-advisory, x_refsource_SUNALERT
http://www.trustix.org/errata/2006/0024vendor-advisory, x_refsource_TRUSTIX
http://secunia.com/advisories/20345third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2006/dsa-1054vendor-advisory, x_refsource_DEBIAN
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.ascvendor-advisory, x_refsource_SGI
http://www.securityfocus.com/bid/17732vdb-entry, x_refsource_BID
http://support.avaya.com/elmodocs2/security/ASA-2006-119.htmx_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2006-0425.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/19838third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10593vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/20021third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:082vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/19897third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/20023third-party-advisory, x_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2006_04_28.htmlvendor-advisory, x_refsource_SUSE
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:35:31.264Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2006-1563",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1563"
          },
          {
            "name": "20210",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20210"
          },
          {
            "name": "19949",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19949"
          },
          {
            "name": "libtiff-tifffetchdata-overflow(26134)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26134"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933"
          },
          {
            "name": "103099",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1"
          },
          {
            "name": "USN-277-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/277-1/"
          },
          {
            "name": "GLSA-200605-17",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml"
          },
          {
            "name": "20667",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20667"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1102"
          },
          {
            "name": "19936",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19936"
          },
          {
            "name": "19964",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19964"
          },
          {
            "name": "201332",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1"
          },
          {
            "name": "2006-0024",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://www.trustix.org/errata/2006/0024"
          },
          {
            "name": "20345",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20345"
          },
          {
            "name": "DSA-1054",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1054"
          },
          {
            "name": "20060501-01-U",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
          },
          {
            "name": "17732",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/17732"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm"
          },
          {
            "name": "RHSA-2006:0425",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0425.html"
          },
          {
            "name": "19838",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19838"
          },
          {
            "name": "oval:org.mitre.oval:def:10593",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10593"
          },
          {
            "name": "20021",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20021"
          },
          {
            "name": "MDKSA-2006:082",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:082"
          },
          {
            "name": "19897",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19897"
          },
          {
            "name": "20023",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20023"
          },
          {
            "name": "SUSE-SR:2006:009",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-04-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-03T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2006-1563",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1563"
        },
        {
          "name": "20210",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20210"
        },
        {
          "name": "19949",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19949"
        },
        {
          "name": "libtiff-tifffetchdata-overflow(26134)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26134"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933"
        },
        {
          "name": "103099",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1"
        },
        {
          "name": "USN-277-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/277-1/"
        },
        {
          "name": "GLSA-200605-17",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml"
        },
        {
          "name": "20667",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20667"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1102"
        },
        {
          "name": "19936",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19936"
        },
        {
          "name": "19964",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19964"
        },
        {
          "name": "201332",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1"
        },
        {
          "name": "2006-0024",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://www.trustix.org/errata/2006/0024"
        },
        {
          "name": "20345",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20345"
        },
        {
          "name": "DSA-1054",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1054"
        },
        {
          "name": "20060501-01-U",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
        },
        {
          "name": "17732",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/17732"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm"
        },
        {
          "name": "RHSA-2006:0425",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0425.html"
        },
        {
          "name": "19838",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19838"
        },
        {
          "name": "oval:org.mitre.oval:def:10593",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10593"
        },
        {
          "name": "20021",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20021"
        },
        {
          "name": "MDKSA-2006:082",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:082"
        },
        {
          "name": "19897",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19897"
        },
        {
          "name": "20023",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20023"
        },
        {
          "name": "SUSE-SR:2006:009",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-2025",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2006-1563",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/1563"
            },
            {
              "name": "20210",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20210"
            },
            {
              "name": "19949",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19949"
            },
            {
              "name": "libtiff-tifffetchdata-overflow(26134)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26134"
            },
            {
              "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933"
            },
            {
              "name": "103099",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1"
            },
            {
              "name": "USN-277-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/277-1/"
            },
            {
              "name": "GLSA-200605-17",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml"
            },
            {
              "name": "20667",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20667"
            },
            {
              "name": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1102",
              "refsource": "MISC",
              "url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1102"
            },
            {
              "name": "19936",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19936"
            },
            {
              "name": "19964",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19964"
            },
            {
              "name": "201332",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1"
            },
            {
              "name": "2006-0024",
              "refsource": "TRUSTIX",
              "url": "http://www.trustix.org/errata/2006/0024"
            },
            {
              "name": "20345",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20345"
            },
            {
              "name": "DSA-1054",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1054"
            },
            {
              "name": "20060501-01-U",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
            },
            {
              "name": "17732",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/17732"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm"
            },
            {
              "name": "RHSA-2006:0425",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0425.html"
            },
            {
              "name": "19838",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19838"
            },
            {
              "name": "oval:org.mitre.oval:def:10593",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10593"
            },
            {
              "name": "20021",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20021"
            },
            {
              "name": "MDKSA-2006:082",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:082"
            },
            {
              "name": "19897",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19897"
            },
            {
              "name": "20023",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20023"
            },
            {
              "name": "SUSE-SR:2006:009",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-2025",
    "datePublished": "2006-04-25T23:00:00",
    "dateReserved": "2006-04-25T00:00:00",
    "dateUpdated": "2024-08-07T17:35:31.264Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-10688
Vulnerability from cvelistv5
Published
2017-06-29 23:00
Modified
2024-08-05 17:41
Severity ?
Summary
In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A crafted input will lead to a remote denial of service attack.
References
http://www.securityfocus.com/bid/99359vdb-entry, x_refsource_BID
https://www.exploit-db.com/exploits/42299/exploit, x_refsource_EXPLOIT-DB
https://usn.ubuntu.com/3602-1/vendor-advisory, x_refsource_UBUNTU
http://bugzilla.maptools.org/show_bug.cgi?id=2712x_refsource_MISC
http://www.debian.org/security/2017/dsa-3903vendor-advisory, x_refsource_DEBIAN
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:41:55.619Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "99359",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99359"
          },
          {
            "name": "42299",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/42299/"
          },
          {
            "name": "USN-3602-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3602-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2712"
          },
          {
            "name": "DSA-3903",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3903"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-06-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A crafted input will lead to a remote denial of service attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-21T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "99359",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99359"
        },
        {
          "name": "42299",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/42299/"
        },
        {
          "name": "USN-3602-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3602-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2712"
        },
        {
          "name": "DSA-3903",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3903"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-10688",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A crafted input will lead to a remote denial of service attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "99359",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99359"
            },
            {
              "name": "42299",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/42299/"
            },
            {
              "name": "USN-3602-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3602-1/"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2712",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2712"
            },
            {
              "name": "DSA-3903",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3903"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-10688",
    "datePublished": "2017-06-29T23:00:00",
    "dateReserved": "2017-06-29T00:00:00",
    "dateUpdated": "2024-08-05T17:41:55.619Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-7599
Vulnerability from cvelistv5
Published
2017-04-09 14:00
Modified
2024-08-05 16:04
Severity ?
Summary
LibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
References
https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashesx_refsource_MISC
http://www.debian.org/security/2017/dsa-3844vendor-advisory, x_refsource_DEBIAN
https://security.gentoo.org/glsa/201709-27vendor-advisory, x_refsource_GENTOO
https://usn.ubuntu.com/3602-1/vendor-advisory, x_refsource_UBUNTU
http://www.securityfocus.com/bid/97505vdb-entry, x_refsource_BID
http://www.securityfocus.com/bid/97508vdb-entry, x_refsource_BID
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:04:12.014Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes"
          },
          {
            "name": "DSA-3844",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3844"
          },
          {
            "name": "GLSA-201709-27",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-27"
          },
          {
            "name": "USN-3602-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3602-1/"
          },
          {
            "name": "97505",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97505"
          },
          {
            "name": "97508",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97508"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-04-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF 4.0.7 has an \"outside the range of representable values of type short\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-21T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes"
        },
        {
          "name": "DSA-3844",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3844"
        },
        {
          "name": "GLSA-201709-27",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-27"
        },
        {
          "name": "USN-3602-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3602-1/"
        },
        {
          "name": "97505",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97505"
        },
        {
          "name": "97508",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97508"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-7599",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "LibTIFF 4.0.7 has an \"outside the range of representable values of type short\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes",
              "refsource": "MISC",
              "url": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes"
            },
            {
              "name": "DSA-3844",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3844"
            },
            {
              "name": "GLSA-201709-27",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-27"
            },
            {
              "name": "USN-3602-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3602-1/"
            },
            {
              "name": "97505",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97505"
            },
            {
              "name": "97508",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97508"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-7599",
    "datePublished": "2017-04-09T14:00:00",
    "dateReserved": "2017-04-09T00:00:00",
    "dateUpdated": "2024-08-05T16:04:12.014Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-9404
Vulnerability from cvelistv5
Published
2017-06-02 19:00
Modified
2024-08-05 17:02
Severity ?
Summary
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file.
References
https://usn.ubuntu.com/3602-1/vendor-advisory, x_refsource_UBUNTU
http://bugzilla.maptools.org/show_bug.cgi?id=2688x_refsource_CONFIRM
http://www.debian.org/security/2017/dsa-3903vendor-advisory, x_refsource_DEBIAN
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:02:44.358Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3602-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3602-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2688"
          },
          {
            "name": "DSA-3903",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3903"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-06-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-21T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3602-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3602-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2688"
        },
        {
          "name": "DSA-3903",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3903"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-9404",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3602-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3602-1/"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2688",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2688"
            },
            {
              "name": "DSA-3903",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3903"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-9404",
    "datePublished": "2017-06-02T19:00:00",
    "dateReserved": "2017-06-02T00:00:00",
    "dateUpdated": "2024-08-05T17:02:44.358Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-17100
Vulnerability from cvelistv5
Published
2018-09-16 21:00
Modified
2024-08-05 10:39
Severity ?
Summary
An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T10:39:59.671Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3864-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3864-1/"
          },
          {
            "name": "[debian-lts-announce] 20181028 [SECURITY] [DLA 1557-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00019.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2810"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/merge_requests/33/diffs?commit_id=6da1fb3f64d43be37e640efbec60400d1f1ac39e"
          },
          {
            "name": "USN-3906-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3906-2/"
          },
          {
            "name": "RHSA-2019:2053",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2053"
          },
          {
            "name": "DSA-4670",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4670"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-09-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-30T12:06:16",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3864-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3864-1/"
        },
        {
          "name": "[debian-lts-announce] 20181028 [SECURITY] [DLA 1557-1] tiff security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00019.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2810"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/libtiff/libtiff/merge_requests/33/diffs?commit_id=6da1fb3f64d43be37e640efbec60400d1f1ac39e"
        },
        {
          "name": "USN-3906-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3906-2/"
        },
        {
          "name": "RHSA-2019:2053",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2053"
        },
        {
          "name": "DSA-4670",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4670"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-17100",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3864-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3864-1/"
            },
            {
              "name": "[debian-lts-announce] 20181028 [SECURITY] [DLA 1557-1] tiff security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00019.html"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2810",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2810"
            },
            {
              "name": "https://gitlab.com/libtiff/libtiff/merge_requests/33/diffs?commit_id=6da1fb3f64d43be37e640efbec60400d1f1ac39e",
              "refsource": "MISC",
              "url": "https://gitlab.com/libtiff/libtiff/merge_requests/33/diffs?commit_id=6da1fb3f64d43be37e640efbec60400d1f1ac39e"
            },
            {
              "name": "USN-3906-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3906-2/"
            },
            {
              "name": "RHSA-2019:2053",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2053"
            },
            {
              "name": "DSA-4670",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4670"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-17100",
    "datePublished": "2018-09-16T21:00:00",
    "dateReserved": "2018-09-16T00:00:00",
    "dateUpdated": "2024-08-05T10:39:59.671Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-1056
Vulnerability from cvelistv5
Published
2022-03-28 00:00
Modified
2024-08-02 23:47
Summary
Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.
Impacted products
libtifflibtiff
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:47:43.287Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/issues/391"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/307"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1056.json"
          },
          {
            "name": "GLSA-202210-10",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-10"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20221228-0008/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libtiff",
          "vendor": "libtiff",
          "versions": [
            {
              "status": "affected",
              "version": "=4.3.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "wangdw.augustus@gmail.com"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bounds read in libtiff",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-28T00:00:00",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/issues/391"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/307"
        },
        {
          "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1056.json"
        },
        {
          "name": "GLSA-202210-10",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-10"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20221228-0008/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2022-1056",
    "datePublished": "2022-03-28T00:00:00",
    "dateReserved": "2022-03-23T00:00:00",
    "dateUpdated": "2024-08-02T23:47:43.287Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-1547
Vulnerability from cvelistv5
Published
2016-04-13 17:00
Modified
2024-08-06 04:47
Severity ?
Summary
The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:47:16.216Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "name": "RHSA-2016:1547",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "name": "73438",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73438"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "RHSA-2016:1546",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
          },
          {
            "name": "[oss-security] 20150207 Re: Multiple vulnerabilities in LibTIFF and associated tools",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2015/02/07/5"
          },
          {
            "name": "DSA-3467",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3467"
          },
          {
            "name": "[oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2015/01/24/16"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "name": "RHSA-2016:1547",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "name": "73438",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/73438"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "name": "RHSA-2016:1546",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
        },
        {
          "name": "[oss-security] 20150207 Re: Multiple vulnerabilities in LibTIFF and associated tools",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2015/02/07/5"
        },
        {
          "name": "DSA-3467",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3467"
        },
        {
          "name": "[oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2015/01/24/16"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-1547",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "name": "RHSA-2016:1547",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "73438",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/73438"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "RHSA-2016:1546",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
            },
            {
              "name": "[oss-security] 20150207 Re: Multiple vulnerabilities in LibTIFF and associated tools",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2015/02/07/5"
            },
            {
              "name": "DSA-3467",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3467"
            },
            {
              "name": "[oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2015/01/24/16"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-1547",
    "datePublished": "2016-04-13T17:00:00",
    "dateReserved": "2015-02-07T00:00:00",
    "dateUpdated": "2024-08-06T04:47:16.216Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-9403
Vulnerability from cvelistv5
Published
2017-06-02 19:00
Modified
2024-08-05 17:02
Severity ?
Summary
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.
References
https://security.gentoo.org/glsa/201709-27vendor-advisory, x_refsource_GENTOO
https://usn.ubuntu.com/3602-1/vendor-advisory, x_refsource_UBUNTU
http://bugzilla.maptools.org/show_bug.cgi?id=2689x_refsource_CONFIRM
http://www.debian.org/security/2017/dsa-3903vendor-advisory, x_refsource_DEBIAN
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:02:44.407Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201709-27",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201709-27"
          },
          {
            "name": "USN-3602-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3602-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2689"
          },
          {
            "name": "DSA-3903",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3903"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-06-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-21T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-201709-27",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201709-27"
        },
        {
          "name": "USN-3602-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3602-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2689"
        },
        {
          "name": "DSA-3903",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3903"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-9403",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201709-27",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201709-27"
            },
            {
              "name": "USN-3602-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3602-1/"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2689",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2689"
            },
            {
              "name": "DSA-3903",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3903"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-9403",
    "datePublished": "2017-06-02T19:00:00",
    "dateReserved": "2017-06-02T00:00:00",
    "dateUpdated": "2024-08-05T17:02:44.407Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-0929
Vulnerability from cvelistv5
Published
2004-10-26 04:00
Modified
2024-08-08 00:31
Severity ?
Summary
Heap-based buffer overflow in the OJPEGVSetField function in tif_ojpeg.c for libtiff 3.6.1 and earlier, when compiled with the OJPEG_SUPPORT (old JPEG support) option, allows remote attackers to execute arbitrary code via a malformed TIFF image.
References
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:31:48.135Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20041022 Novell SuSe Linux LibTIFF Heap Overflow Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://www.idefense.com/application/poi/display?id=154\u0026type=vulnerabilities"
          },
          {
            "name": "SUSE-SA:2004:038",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2004_38_libtiff.html"
          },
          {
            "name": "libtiff-ojpegvsetfield-bo(17843)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17843"
          },
          {
            "name": "VU#129910",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/129910"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-10-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the OJPEGVSetField function in tif_ojpeg.c for libtiff 3.6.1 and earlier, when compiled with the OJPEG_SUPPORT (old JPEG support) option, allows remote attackers to execute arbitrary code via a malformed TIFF image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20041022 Novell SuSe Linux LibTIFF Heap Overflow Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://www.idefense.com/application/poi/display?id=154\u0026type=vulnerabilities"
        },
        {
          "name": "SUSE-SA:2004:038",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2004_38_libtiff.html"
        },
        {
          "name": "libtiff-ojpegvsetfield-bo(17843)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17843"
        },
        {
          "name": "VU#129910",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/129910"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0929",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in the OJPEGVSetField function in tif_ojpeg.c for libtiff 3.6.1 and earlier, when compiled with the OJPEG_SUPPORT (old JPEG support) option, allows remote attackers to execute arbitrary code via a malformed TIFF image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20041022 Novell SuSe Linux LibTIFF Heap Overflow Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://www.idefense.com/application/poi/display?id=154\u0026type=vulnerabilities"
            },
            {
              "name": "SUSE-SA:2004:038",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2004_38_libtiff.html"
            },
            {
              "name": "libtiff-ojpegvsetfield-bo(17843)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17843"
            },
            {
              "name": "VU#129910",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/129910"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0929",
    "datePublished": "2004-10-26T04:00:00",
    "dateReserved": "2004-10-04T00:00:00",
    "dateUpdated": "2024-08-08T00:31:48.135Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-1173
Vulnerability from cvelistv5
Published
2012-06-04 20:00
Modified
2024-08-06 18:53
Severity ?
Summary
Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow.
References
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078835.htmlvendor-advisory, x_refsource_FEDORA
http://bugzilla.maptools.org/attachment.cgi?id=477&action=diffx_refsource_MISC
https://hermes.opensuse.org/messages/14302713vendor-advisory, x_refsource_SUSE
http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.htmlvendor-advisory, x_refsource_APPLE
http://secunia.com/advisories/48722third-party-advisory, x_refsource_SECUNIA
http://support.apple.com/kb/HT5503x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077463.htmlvendor-advisory, x_refsource_FEDORA
http://www.osvdb.org/81025vdb-entry, x_refsource_OSVDB
http://rhn.redhat.com/errata/RHSA-2012-0468.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/48893third-party-advisory, x_refsource_SECUNIA
http://www.securitytracker.com/id?1026895vdb-entry, x_refsource_SECTRACK
https://exchange.xforce.ibmcloud.com/vulnerabilities/74656vdb-entry, x_refsource_XF
http://secunia.com/advisories/48757third-party-advisory, x_refsource_SECUNIA
http://home.gdal.org/private/zdi-can-1221/zdi-can-1221.txtx_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078403.htmlvendor-advisory, x_refsource_FEDORA
http://www.securityfocus.com/bid/52891vdb-entry, x_refsource_BID
http://security.gentoo.org/glsa/glsa-201209-02.xmlvendor-advisory, x_refsource_GENTOO
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.htmlvendor-advisory, x_refsource_APPLE
http://www.mandriva.com/security/advisories?name=MDVSA-2012:054vendor-advisory, x_refsource_MANDRIVA
http://support.apple.com/kb/HT5501x_refsource_CONFIRM
http://ubuntu.com/usn/usn-1416-1vendor-advisory, x_refsource_UBUNTU
http://bugzilla.maptools.org/show_bug.cgi?id=2369x_refsource_CONFIRM
http://www.debian.org/security/2012/dsa-2447vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/48735third-party-advisory, x_refsource_SECUNIA
https://downloads.avaya.com/css/P8/documents/100161772x_refsource_CONFIRM
http://secunia.com/advisories/48684third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/50726third-party-advisory, x_refsource_SECUNIA
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:53:35.683Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2012-5410",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078835.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/attachment.cgi?id=477\u0026action=diff"
          },
          {
            "name": "openSUSE-SU-2012:0539",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "https://hermes.opensuse.org/messages/14302713"
          },
          {
            "name": "APPLE-SA-2012-09-19-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
          },
          {
            "name": "48722",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48722"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5503"
          },
          {
            "name": "FEDORA-2012-5463",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077463.html"
          },
          {
            "name": "81025",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/81025"
          },
          {
            "name": "RHSA-2012:0468",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0468.html"
          },
          {
            "name": "48893",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48893"
          },
          {
            "name": "1026895",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026895"
          },
          {
            "name": "libtiff-gttileseparate-bo(74656)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74656"
          },
          {
            "name": "48757",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48757"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://home.gdal.org/private/zdi-can-1221/zdi-can-1221.txt"
          },
          {
            "name": "FEDORA-2012-5406",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078403.html"
          },
          {
            "name": "52891",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/52891"
          },
          {
            "name": "GLSA-201209-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
          },
          {
            "name": "APPLE-SA-2012-09-19-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
          },
          {
            "name": "MDVSA-2012:054",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:054"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5501"
          },
          {
            "name": "USN-1416-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://ubuntu.com/usn/usn-1416-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2369"
          },
          {
            "name": "DSA-2447",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2447"
          },
          {
            "name": "48735",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48735"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://downloads.avaya.com/css/P8/documents/100161772"
          },
          {
            "name": "48684",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48684"
          },
          {
            "name": "50726",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50726"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-03-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-17T19:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "FEDORA-2012-5410",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078835.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/attachment.cgi?id=477\u0026action=diff"
        },
        {
          "name": "openSUSE-SU-2012:0539",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "https://hermes.opensuse.org/messages/14302713"
        },
        {
          "name": "APPLE-SA-2012-09-19-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
        },
        {
          "name": "48722",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48722"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5503"
        },
        {
          "name": "FEDORA-2012-5463",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077463.html"
        },
        {
          "name": "81025",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/81025"
        },
        {
          "name": "RHSA-2012:0468",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0468.html"
        },
        {
          "name": "48893",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48893"
        },
        {
          "name": "1026895",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026895"
        },
        {
          "name": "libtiff-gttileseparate-bo(74656)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74656"
        },
        {
          "name": "48757",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48757"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://home.gdal.org/private/zdi-can-1221/zdi-can-1221.txt"
        },
        {
          "name": "FEDORA-2012-5406",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078403.html"
        },
        {
          "name": "52891",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/52891"
        },
        {
          "name": "GLSA-201209-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
        },
        {
          "name": "APPLE-SA-2012-09-19-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
        },
        {
          "name": "MDVSA-2012:054",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:054"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5501"
        },
        {
          "name": "USN-1416-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://ubuntu.com/usn/usn-1416-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2369"
        },
        {
          "name": "DSA-2447",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2447"
        },
        {
          "name": "48735",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48735"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://downloads.avaya.com/css/P8/documents/100161772"
        },
        {
          "name": "48684",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48684"
        },
        {
          "name": "50726",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50726"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-1173",
    "datePublished": "2012-06-04T20:00:00",
    "dateReserved": "2012-02-14T00:00:00",
    "dateUpdated": "2024-08-06T18:53:35.683Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-14973
Vulnerability from cvelistv5
Published
2019-08-14 05:15
Modified
2024-08-05 00:34
Severity ?
Summary
_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:34:53.020Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/merge_requests/90"
          },
          {
            "name": "[debian-lts-announce] 20190825 [SECURITY] [DLA 1897-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00031.html"
          },
          {
            "name": "20191104 [slackware-security] libtiff (SSA:2019-308-01)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Nov/5"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/155095/Slackware-Security-Advisory-libtiff-Updates.html"
          },
          {
            "name": "FEDORA-2019-6eeff0f801",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ADNPG7JJTRRK22GUVTAFH3GJ6WGKUZJB/"
          },
          {
            "name": "FEDORA-2019-e45019c690",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63BVT6N5KQPHWOWM4B3I7Z3ODBXUVNPS/"
          },
          {
            "name": "20200121 [SECURITY] [DSA 4608-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2020/Jan/32"
          },
          {
            "name": "DSA-4608",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4608"
          },
          {
            "name": "DSA-4670",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4670"
          },
          {
            "name": "openSUSE-SU-2020:1561",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00102.html"
          },
          {
            "name": "openSUSE-SU-2020:1840",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00023.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-11-06T00:06:21",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://gitlab.com/libtiff/libtiff/merge_requests/90"
        },
        {
          "name": "[debian-lts-announce] 20190825 [SECURITY] [DLA 1897-1] tiff security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00031.html"
        },
        {
          "name": "20191104 [slackware-security] libtiff (SSA:2019-308-01)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Nov/5"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/155095/Slackware-Security-Advisory-libtiff-Updates.html"
        },
        {
          "name": "FEDORA-2019-6eeff0f801",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ADNPG7JJTRRK22GUVTAFH3GJ6WGKUZJB/"
        },
        {
          "name": "FEDORA-2019-e45019c690",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63BVT6N5KQPHWOWM4B3I7Z3ODBXUVNPS/"
        },
        {
          "name": "20200121 [SECURITY] [DSA 4608-1] tiff security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2020/Jan/32"
        },
        {
          "name": "DSA-4608",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4608"
        },
        {
          "name": "DSA-4670",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4670"
        },
        {
          "name": "openSUSE-SU-2020:1561",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00102.html"
        },
        {
          "name": "openSUSE-SU-2020:1840",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00023.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-14973",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://gitlab.com/libtiff/libtiff/merge_requests/90",
              "refsource": "CONFIRM",
              "url": "https://gitlab.com/libtiff/libtiff/merge_requests/90"
            },
            {
              "name": "[debian-lts-announce] 20190825 [SECURITY] [DLA 1897-1] tiff security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00031.html"
            },
            {
              "name": "20191104 [slackware-security] libtiff (SSA:2019-308-01)",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Nov/5"
            },
            {
              "name": "http://packetstormsecurity.com/files/155095/Slackware-Security-Advisory-libtiff-Updates.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/155095/Slackware-Security-Advisory-libtiff-Updates.html"
            },
            {
              "name": "FEDORA-2019-6eeff0f801",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADNPG7JJTRRK22GUVTAFH3GJ6WGKUZJB/"
            },
            {
              "name": "FEDORA-2019-e45019c690",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63BVT6N5KQPHWOWM4B3I7Z3ODBXUVNPS/"
            },
            {
              "name": "20200121 [SECURITY] [DSA 4608-1] tiff security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2020/Jan/32"
            },
            {
              "name": "DSA-4608",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4608"
            },
            {
              "name": "DSA-4670",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4670"
            },
            {
              "name": "openSUSE-SU-2020:1561",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00102.html"
            },
            {
              "name": "openSUSE-SU-2020:1840",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00023.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-14973",
    "datePublished": "2019-08-14T05:15:29",
    "dateReserved": "2019-08-12T00:00:00",
    "dateUpdated": "2024-08-05T00:34:53.020Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-6228
Vulnerability from cvelistv5
Published
2023-12-18 13:43
Modified
2024-10-11 15:25
Summary
Libtiff: heap-based buffer overflow in cpstriptotile() in tools/tiffcp.c
References
https://access.redhat.com/errata/RHSA-2024:2289vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:5079vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-6228vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2240995issue-tracking, x_refsource_REDHAT
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:21:17.893Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:2289",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2289"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-6228"
          },
          {
            "name": "RHBZ#2240995",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240995"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream",
            "cpe:/a:redhat:enterprise_linux:8::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.9-32.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.4.0-12.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "compat-libtiff3",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "libtiff",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "compat-libtiff3",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2023-09-07T00:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Low"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-11T15:25:37.257Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:2289",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2289"
        },
        {
          "name": "RHSA-2024:5079",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:5079"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-6228"
        },
        {
          "name": "RHBZ#2240995",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240995"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-09-27T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-09-07T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Libtiff: heap-based buffer overflow in cpstriptotile() in tools/tiffcp.c",
      "x_redhatCweChain": "CWE-787: Out-of-bounds Write"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-6228",
    "datePublished": "2023-12-18T13:43:08.775Z",
    "dateReserved": "2023-11-21T05:33:19.718Z",
    "dateUpdated": "2024-10-11T15:25:37.257Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-12900
Vulnerability from cvelistv5
Published
2018-06-26 22:00
Modified
2024-08-05 08:45
Severity ?
Summary
Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.
References
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T08:45:02.541Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2798"
          },
          {
            "name": "USN-3906-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3906-1/"
          },
          {
            "name": "USN-3906-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3906-2/"
          },
          {
            "name": "RHSA-2019:2053",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2053"
          },
          {
            "name": "RHSA-2019:3419",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3419"
          },
          {
            "name": "[debian-lts-announce] 20191126 [SECURITY] [DLA 2009-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html"
          },
          {
            "name": "DSA-4670",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4670"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-12900"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-06-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-05T18:18:41",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2798"
        },
        {
          "name": "USN-3906-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3906-1/"
        },
        {
          "name": "USN-3906-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3906-2/"
        },
        {
          "name": "RHSA-2019:2053",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2053"
        },
        {
          "name": "RHSA-2019:3419",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3419"
        },
        {
          "name": "[debian-lts-announce] 20191126 [SECURITY] [DLA 2009-1] tiff security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html"
        },
        {
          "name": "DSA-4670",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4670"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-12900"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-12900",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2798",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2798"
            },
            {
              "name": "USN-3906-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3906-1/"
            },
            {
              "name": "USN-3906-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3906-2/"
            },
            {
              "name": "RHSA-2019:2053",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2053"
            },
            {
              "name": "RHSA-2019:3419",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3419"
            },
            {
              "name": "[debian-lts-announce] 20191126 [SECURITY] [DLA 2009-1] tiff security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html"
            },
            {
              "name": "DSA-4670",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4670"
            },
            {
              "name": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-12900",
              "refsource": "MISC",
              "url": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-12900"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-12900",
    "datePublished": "2018-06-26T22:00:00",
    "dateReserved": "2018-06-26T00:00:00",
    "dateUpdated": "2024-08-05T08:45:02.541Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-18768
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-10-04 16:36
Severity ?
Summary
There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.0.10, which allows an attacker to cause a denial-of-service through a crafted tiff file.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T14:08:30.461Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2848"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-18768",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T16:35:49.864320Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T16:36:53.098Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.0.10, which allows an attacker to cause a denial-of-service through a crafted tiff file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-22T15:44:19.666709",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2848"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-18768",
    "datePublished": "2023-08-22T00:00:00",
    "dateReserved": "2020-08-13T00:00:00",
    "dateUpdated": "2024-10-04T16:36:53.098Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-3970
Vulnerability from cvelistv5
Published
2022-11-13 00:00
Modified
2024-08-03 01:27
Summary
LibTIFF tif_getimage.c TIFFReadRGBATileExt integer overflow
Impacted products
unspecifiedLibTIFF
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:27:53.968Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://oss-fuzz.com/download?testcase_id=5738253143900160"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.213549"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20221215-0009/"
          },
          {
            "name": "[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213843"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213841"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "LibTIFF",
          "vendor": "unspecified",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-189",
              "description": "CWE-189 Numeric Error -\u003e CWE-190 Integer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-31T23:06:22.614192",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137"
        },
        {
          "url": "https://oss-fuzz.com/download?testcase_id=5738253143900160"
        },
        {
          "url": "https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be"
        },
        {
          "url": "https://vuldb.com/?id.213549"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20221215-0009/"
        },
        {
          "name": "[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"
        },
        {
          "url": "https://support.apple.com/kb/HT213843"
        },
        {
          "url": "https://support.apple.com/kb/HT213841"
        }
      ],
      "title": "LibTIFF tif_getimage.c TIFFReadRGBATileExt integer overflow",
      "x_generator": "vuldb.com"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2022-3970",
    "datePublished": "2022-11-13T00:00:00",
    "dateReserved": "2022-11-13T00:00:00",
    "dateUpdated": "2024-08-03T01:27:53.968Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-17101
Vulnerability from cvelistv5
Published
2018-09-16 21:00
Modified
2024-08-05 10:39
Severity ?
Summary
An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T10:39:59.585Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/libtiff/libtiff/merge_requests/33/diffs?commit_id=f1b94e8a3ba49febdd3361c0214a1d1149251577"
          },
          {
            "name": "USN-3864-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3864-1/"
          },
          {
            "name": "105370",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105370"
          },
          {
            "name": "DSA-4349",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4349"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2807"
          },
          {
            "name": "[debian-lts-announce] 20181028 [SECURITY] [DLA 1557-1] tiff security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00019.html"
          },
          {
            "name": "USN-3906-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3906-2/"
          },
          {
            "name": "RHSA-2019:2053",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2053"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-09-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-06T16:06:34",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/libtiff/libtiff/merge_requests/33/diffs?commit_id=f1b94e8a3ba49febdd3361c0214a1d1149251577"
        },
        {
          "name": "USN-3864-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3864-1/"
        },
        {
          "name": "105370",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105370"
        },
        {
          "name": "DSA-4349",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4349"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2807"
        },
        {
          "name": "[debian-lts-announce] 20181028 [SECURITY] [DLA 1557-1] tiff security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00019.html"
        },
        {
          "name": "USN-3906-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3906-2/"
        },
        {
          "name": "RHSA-2019:2053",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2053"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-17101",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://gitlab.com/libtiff/libtiff/merge_requests/33/diffs?commit_id=f1b94e8a3ba49febdd3361c0214a1d1149251577",
              "refsource": "MISC",
              "url": "https://gitlab.com/libtiff/libtiff/merge_requests/33/diffs?commit_id=f1b94e8a3ba49febdd3361c0214a1d1149251577"
            },
            {
              "name": "USN-3864-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3864-1/"
            },
            {
              "name": "105370",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105370"
            },
            {
              "name": "DSA-4349",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4349"
            },
            {
              "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2807",
              "refsource": "MISC",
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2807"
            },
            {
              "name": "[debian-lts-announce] 20181028 [SECURITY] [DLA 1557-1] tiff security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00019.html"
            },
            {
              "name": "USN-3906-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3906-2/"
            },
            {
              "name": "RHSA-2019:2053",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2053"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-17101",
    "datePublished": "2018-09-16T21:00:00",
    "dateReserved": "2018-09-16T00:00:00",
    "dateUpdated": "2024-08-05T10:39:59.585Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-10272
Vulnerability from cvelistv5
Published
2017-03-24 19:00
Modified
2024-08-06 03:14
Severity ?
Summary
LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "WRITE of size 2048" and libtiff/tif_next.c:64:9.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:14:42.837Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a"
          },
          {
            "name": "97197",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97197"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-03-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to \"WRITE of size 2048\" and libtiff/tif_next.c:64:9."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-03-30T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a"
        },
        {
          "name": "97197",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97197"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-10272",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to \"WRITE of size 2048\" and libtiff/tif_next.c:64:9."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/",
              "refsource": "MISC",
              "url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/"
            },
            {
              "name": "https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a",
              "refsource": "MISC",
              "url": "https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a"
            },
            {
              "name": "97197",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97197"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-10272",
    "datePublished": "2017-03-24T19:00:00",
    "dateReserved": "2017-03-24T00:00:00",
    "dateUpdated": "2024-08-06T03:14:42.837Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

var-201103-0290
Vulnerability from variot

Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding. libTIFF is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code within the context of an application using the affected library. Failed exploit attempts will result in a denial-of-service condition. Silicon Graphics LibTIFF is a library for reading and writing TIFF (Tagged Image File Format) files from Silicon Graphics in the United States. This library contains some command line tools for working with TIFF files. A buffer overflow vulnerability exists in LibTIFF 3.9.4 and other versions used in ImageIO in versions prior to 10.2 of Apple iTunes on Windows. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1


Debian Security Advisory DSA-2210-2 security@debian.org http://www.debian.org/security/ Luciano Bello June 25, 2011 http://www.debian.org/security/faq


Package : tiff Vulnerability : several Problem type : local (remote) Debian-specific: no CVE ID : CVE-2011-0191 CVE-2011-0192 CVE-2011-1167 Debian Bug : 619614 630042

The recent tiff update DSA-2210-1 introduced a regression that could lead to encoding problems of tiff files. This issue affects the Debian 5.0 Lenny package only.

CVE-2011-1167

Heap-based buffer overflow in the thunder (aka ThunderScan) decoder allows to execute arbitrary code via a TIFF file that has an unexpected BitsPerSample value.

For the oldstable distribution (lenny), this problem has been fixed in version 3.8.2-11.5.

For the stable distribution (squeeze), this problem has been fixed in version 3.9.4-5+squeeze3.

For the testing distribution (wheezy), this problem has been fixed in version 3.9.5-1.

For the unstable distribution (sid), this problem has been fixed in version 3.9.5-1.

We recommend that you upgrade your tiff packages.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk4FuRIACgkQNxpp46476aqJsgCfZHj2QAEkb1yPGsR3w4VFDT0l OgcAniwL8jNLWEIZitLaTmF89e9H0Cop =7afE -----END PGP SIGNATURE-----


Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . =========================================================== Ubuntu Security Notice USN-1085-2 March 15, 2011 tiff regression https://launchpad.net/bugs/731540 ===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: libtiff4 3.7.4-1ubuntu3.10

Ubuntu 8.04 LTS: libtiff4 3.8.2-7ubuntu3.8

Ubuntu 9.10: libtiff4 3.8.2-13ubuntu0.5

Ubuntu 10.04 LTS: libtiff4 3.9.2-2ubuntu0.5

Ubuntu 10.10: libtiff4 3.9.4-2ubuntu0.2

After a standard system update you need to restart your session to make all the necessary changes.

Details follow:

USN-1085-1 fixed vulnerabilities in the system TIFF library. The upstream fixes were incomplete and created problems for certain CCITTFAX4 files. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Sauli Pahlman discovered that the TIFF library incorrectly handled invalid td_stripbytecount fields. This issue only affected Ubuntu 10.04 LTS and 10.10. (CVE-2010-2482)

Sauli Pahlman discovered that the TIFF library incorrectly handled TIFF files with an invalid combination of SamplesPerPixel and Photometric values. This issue only affected Ubuntu 10.10. (CVE-2010-2482)

Nicolae Ghimbovschi discovered that the TIFF library incorrectly handled invalid ReferenceBlackWhite values. (CVE-2010-2595)

Sauli Pahlman discovered that the TIFF library incorrectly handled certain default fields. (CVE-2010-2597, CVE-2010-2598)

It was discovered that the TIFF library incorrectly validated certain data types. (CVE-2010-2630)

It was discovered that the TIFF library incorrectly handled downsampled JPEG data. This issue only affected Ubuntu 10.04 LTS and 10.10. (CVE-2010-3087)

It was discovered that the TIFF library incorrectly handled certain JPEG data. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS and 9.10. (CVE-2011-0191)

It was discovered that the TIFF library incorrectly handled certain TIFF FAX images. (CVE-2011-0191)

Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.10.diff.gz
  Size/MD5:    24707 92ee677a20237cfdb17b5dcbe024fc81
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.10.dsc
  Size/MD5:     1445 19186c480eda8ade1d4fd194a7e08bf6
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4.orig.tar.gz
  Size/MD5:  1280113 02cf5c3820bda83b35bb35b45ae27005

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.10_amd64.deb
  Size/MD5:   220784 7b8f336c5190b816fb92f498b30755c9
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.10_amd64.deb
  Size/MD5:   283278 2633a7f81897814f7bddb303f6952b34
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.10_amd64.deb
  Size/MD5:   488554 bd11ebd5ae319660ec0eff4f22b55268
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.10_amd64.deb
  Size/MD5:    45210 2d75169ed1d84f4907d505780123691d
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.10_amd64.deb
  Size/MD5:    50372 d606202ec431cee4d43658887b7c53f7

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.10_i386.deb
  Size/MD5:   206424 d346905ce628f3b5afdfe1a4b5e46ee8
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.10_i386.deb
  Size/MD5:   260146 f8a0af4bb2a87fab5833e8bea85b4179
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.10_i386.deb
  Size/MD5:   462812 81f1884d1f83fbc7cf670233e79e464b
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.10_i386.deb
  Size/MD5:    45144 047a98941044eb476ff601a50a94cb97
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.10_i386.deb
  Size/MD5:    49650 0298317461310597a873c28bbe6c9c2d

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.10_powerpc.deb
  Size/MD5:   240378 8f832fa2e7ca2122ea17b8440db407a3
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.10_powerpc.deb
  Size/MD5:   289250 7118c8a2b9ee67fb759d89631b80ec33
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.10_powerpc.deb
  Size/MD5:   477164 46d81e5cca275c4f9fa490bccf5e1b54
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.10_powerpc.deb
  Size/MD5:    47366 8f493b29a1c6af1ede1ae20bb340542e
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.10_powerpc.deb
  Size/MD5:    52018 9cbc82320c0fb9160a55d9e966935308

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.10_sparc.deb
  Size/MD5:   209294 1c075ff5d8fe054cfbe59767156f2b12
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.10_sparc.deb
  Size/MD5:   271226 083721bbf42b3a9c2ba0619725cdea1c
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.10_sparc.deb
  Size/MD5:   467842 244140481e39cbae1caeea1cbc7242fb
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.10_sparc.deb
  Size/MD5:    45072 0ecf1aa2519fd0f70a54e97299a9a2aa
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.10_sparc.deb
  Size/MD5:    50206 1fd3434ab16f251802c05e69b2ec4172

Updated packages for Ubuntu 8.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu3.8.diff.gz
  Size/MD5:    23098 1ee89aac13034400cc5f65bc82350576
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu3.8.dsc
  Size/MD5:     1534 db81aff18857a6a792e8e3d9f6419c25
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2.orig.tar.gz
  Size/MD5:  1333780 e6ec4ab957ef49d5aabc38b7a376910b

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.8_amd64.deb
  Size/MD5:   186052 117b7fef507321d3b40f31e82121d65c
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.8_amd64.deb
  Size/MD5:   583498 356ff0e0f3fa15764371a8d0ffbd2574
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.8_amd64.deb
  Size/MD5:   132044 f21e514b5f9ffa5e083d48e3ff2876be
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.8_amd64.deb
  Size/MD5:     5060 bd0be2af72fb9789ef27a5cf3445a960
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.8_amd64.deb
  Size/MD5:    10482 a49a0b07d12a18248a56d1c64322687b

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.8_i386.deb
  Size/MD5:   175314 d510325b149f2106114857e9cd1887a1
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.8_i386.deb
  Size/MD5:   552824 044e167a1106988f710d4b26cd480c13
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.8_i386.deb
  Size/MD5:   123468 8c41a5b4deb4daf59a27aa18bafc2a33
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.8_i386.deb
  Size/MD5:     5044 221fabdeb10a45b0e39b30fcd9876d57
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.8_i386.deb
  Size/MD5:     9934 139ed154385849ed4a76c21f14d1824c

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.8_lpia.deb
  Size/MD5:   177010 f861eceecd6f08085a7e66038b28d148
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.8_lpia.deb
  Size/MD5:   555294 27b3f40726cd5cf866dd80b5fb5f652d
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.8_lpia.deb
  Size/MD5:   124582 a101756bd948bc2d526bbb3793655c46
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.8_lpia.deb
  Size/MD5:     4916 0fde80306a67eb766b878040048003fa
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.8_lpia.deb
  Size/MD5:     9976 36fdc7a9337f4a5391a5d951624775df

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.8_powerpc.deb
  Size/MD5:   223488 04f35d447aa797b255c249719f467896
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.8_powerpc.deb
  Size/MD5:   577476 53e4f31126ecae60b54a2614c29a02ef
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.8_powerpc.deb
  Size/MD5:   135174 24d5e5f4e4903eae9ba2b4163eb0ab44
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.8_powerpc.deb
  Size/MD5:     7512 a361eb4c3985a90189342aced3932676
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.8_powerpc.deb
  Size/MD5:    13288 2f458ba98bbf136958d2a8cdc87a83ab

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.8_sparc.deb
  Size/MD5:   178860 d48dc98bba2aaaf1830ad3a9d69b99db
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.8_sparc.deb
  Size/MD5:   558838 c9ffd065811bf117f5c57dae82c4173b
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.8_sparc.deb
  Size/MD5:   123254 e11f44522f5cef8b3f4a8a633be5437d
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.8_sparc.deb
  Size/MD5:     4796 498f87c694b19560fe59ee3afb605af4
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.8_sparc.deb
  Size/MD5:    10700 5bb66a32a926f8fbd1a5b864a3d88cd7

Updated packages for Ubuntu 9.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-13ubuntu0.5.diff.gz
  Size/MD5:    43070 e8b35ecf046a7c3619e1d9929de8b830
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-13ubuntu0.5.dsc
  Size/MD5:     1978 d8a8180b56ba05c422d4b443afb1d44e
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2.orig.tar.gz
  Size/MD5:  1333780 e6ec4ab957ef49d5aabc38b7a376910b

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.8.2-13ubuntu0.5_all.deb
  Size/MD5:   348112 a84bc452f3a0eea39c87ac3ac744112c

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_amd64.deb
  Size/MD5:   191416 300ef146f5155ff8ccdf51e8a684ff34
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_amd64.deb
  Size/MD5:   252426 b78ec6fcac494ac67fb4b357632dace3
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_amd64.deb
  Size/MD5:   135940 d3f0cb6e3491b6d335e905ddb2139dfc
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_amd64.deb
  Size/MD5:     6332 b7da9edb5b42f9c08596a6b1966cb6e0
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_amd64.deb
  Size/MD5:    12004 3107c05e0644d55184c568fbd205c8d4

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_i386.deb
  Size/MD5:   176368 b2b0a5ed89fa9405dea1a1944bf4e606
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_i386.deb
  Size/MD5:   232588 71573f111b56ed24c2bb95e70cf24950
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_i386.deb
  Size/MD5:   125002 9127f1c5991d7bebf346d7996aa05549
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_i386.deb
  Size/MD5:     6446 8535ecbdf277f311afe69e053e7027eb
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_i386.deb
  Size/MD5:    11292 21192b1ec3a90204f70ac7e715f6ef94

armel architecture (ARM Architecture):

http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_armel.deb
  Size/MD5:   182752 27e8c1ba005bb913056725f27afed10b
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_armel.deb
  Size/MD5:   233860 7bb2dfcf30084a32cfda47150de12820
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_armel.deb
  Size/MD5:   124716 5bf3991de9df681e72aeb2b9cb0157e3
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_armel.deb
  Size/MD5:     5966 f7269719e2c4b9f44abb54ea640452b9
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_armel.deb
  Size/MD5:    11160 213b7115f391a62a039e86bd2aed21e3

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_lpia.deb
  Size/MD5:   177048 6f228aae0027ce228001ab1e03c1420f
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_lpia.deb
  Size/MD5:   234412 2be52c2f11d51dc60ebd6358921ed539
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_lpia.deb
  Size/MD5:   126608 5b98943322e5546def050c29f0137c51
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_lpia.deb
  Size/MD5:     6312 9dfcffd32f1aa8e42e6e5f94c8171333
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_lpia.deb
  Size/MD5:    11340 69f92d56438e597d2733cca9fe192e09

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_powerpc.deb
  Size/MD5:   191484 3af0b1c5f8e037c97831d2321c144069
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_powerpc.deb
  Size/MD5:   256554 94513c2b20ec5e2206d5b5476ac4b6e1
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_powerpc.deb
  Size/MD5:   137434 0dd8d58ca4136b26395ec9619352cbf4
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_powerpc.deb
  Size/MD5:     6724 752b5398be235d406db9b0070c8b4bcc
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_powerpc.deb
  Size/MD5:    12080 857d09fbe80934ec33149da04cf5b4fe

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_sparc.deb
  Size/MD5:   184288 a83a8a638af348c50d3bb64a2c0490e4
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_sparc.deb
  Size/MD5:   237164 9a5c6358c6c65dfc8e5154f79c5937a1
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_sparc.deb
  Size/MD5:   125062 2e70ed4b0b98f15d9b6d4d1aa2c223fe
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_sparc.deb
  Size/MD5:     6096 e374e39bdeb2b16f8944713dc6b59ec2
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_sparc.deb
  Size/MD5:    12036 3bd0ece44e01a49c32decff3d318bcc3

Updated packages for Ubuntu 10.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2-2ubuntu0.5.diff.gz
  Size/MD5:    20142 b939eddaecc09a223f750ddc9ec300a7
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2-2ubuntu0.5.dsc
  Size/MD5:     1974 0ab3539d8af96ca2ca23c1d74d79e8c6
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2.orig.tar.gz
  Size/MD5:  1419742 93e56e421679c591de7552db13384cb8

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.9.2-2ubuntu0.5_all.deb
  Size/MD5:   359126 ddf2cb68732e7fd96ea2078ce0ad4742

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.5_amd64.deb
  Size/MD5:   250490 975aec44c621ff1e524a7d0c344c461d
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.5_amd64.deb
  Size/MD5:   269922 24ffd793f4f4cab1c419281358f95b06
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.5_amd64.deb
  Size/MD5:   149244 8de4b36f57fd254339472d92d58df436
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.5_amd64.deb
  Size/MD5:     6384 dd647e2d96b24485c9a3d512568a33e8
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.5_amd64.deb
  Size/MD5:    12028 f312a06be417327ccaab3bc83fce43ee

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.5_i386.deb
  Size/MD5:   234120 b80a26f6acbf41fc2835dea7be97d332
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.5_i386.deb
  Size/MD5:   246962 2aced2d3476f07034714c32581451fca
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.5_i386.deb
  Size/MD5:   136750 9e662029ab9932f9bb5cf551c9a25c70
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.5_i386.deb
  Size/MD5:     6486 588d1bff01cbec45eefbfb25864b48c7
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.5_i386.deb
  Size/MD5:    11282 028b976bcc83292a2a436961a26cff1b

armel architecture (ARM Architecture):

http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.5_armel.deb
  Size/MD5:   237816 b1bb7396d24ca82d5a72012e7f5902df
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.5_armel.deb
  Size/MD5:   238800 82ec468a735c037f758424ee05ab0eda
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.5_armel.deb
  Size/MD5:   129636 b6277537fd8ca0a7258d156b8185fc6c
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.5_armel.deb
  Size/MD5:     5980 5ee322e0d78f7f440501872a91e78c98
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.5_armel.deb
  Size/MD5:    11300 c0120b282e1fa3c9922b9218a1d86271

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.5_powerpc.deb
  Size/MD5:   253514 208b8a67298bb8435b790579c2369258
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.5_powerpc.deb
  Size/MD5:   275256 4ccb314e621e464c06a709fbd7632384
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.5_powerpc.deb
  Size/MD5:   150724 4787f755ef29dd7198699c9456ca5fd0
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.5_powerpc.deb
  Size/MD5:     6770 759c330d4a755d3d217ca8afef8cb191
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.5_powerpc.deb
  Size/MD5:    12092 86dd9f88b6d3f4e3f7ee0c3f98ce4448

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.5_sparc.deb
  Size/MD5:   248776 0e081f6795686de636fdb537d0da0af3
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.5_sparc.deb
  Size/MD5:   257346 b1cb2500a7b1ada561852e12546279a4
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.5_sparc.deb
  Size/MD5:   143484 b24ccd56b9eee79c062d8a1e13e65326
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.5_sparc.deb
  Size/MD5:     6226 28e807e1ae69640a7e0a35ea79b8913a
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.5_sparc.deb
  Size/MD5:    11922 1acad867116630bb02cf53831f49fb91

Updated packages for Ubuntu 10.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.4-2ubuntu0.2.debian.tar.gz
  Size/MD5:    18124 6b91f60b7bc92c8f0710f4088c1f38f3
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.4-2ubuntu0.2.dsc
  Size/MD5:     1991 020c2a94b61792b09f6d01752f2c7f5d
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.4.orig.tar.gz
  Size/MD5:  1436968 2006c1bdd12644dbf02956955175afd6

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.9.4-2ubuntu0.2_all.deb
  Size/MD5:   342928 4d7df4c971ba92ab11d738820853fcc4

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.4-2ubuntu0.2_amd64.deb
  Size/MD5:   248246 dd83a166330ad6268952b8e49f075012
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.4-2ubuntu0.2_amd64.deb
  Size/MD5:   270788 73525f6754327725fd2e93fe1fc0e4fb
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.4-2ubuntu0.2_amd64.deb
  Size/MD5:   149490 2da1a59a5a933e822256d2b6d89454c6
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.4-2ubuntu0.2_amd64.deb
  Size/MD5:     6310 b566e3ac1e893179519b2596798ad492
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.4-2ubuntu0.2_amd64.deb
  Size/MD5:    11806 a523fb6ef9ac518e5869fdc9bd72d937

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.4-2ubuntu0.2_i386.deb
  Size/MD5:   230148 a676650de4cfea04a7bfd000de0da151
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.4-2ubuntu0.2_i386.deb
  Size/MD5:   247138 95194c2ea2ab0ca87e6b8867dae07385
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.4-2ubuntu0.2_i386.deb
  Size/MD5:   136668 f0931de0028f3538f92ef2547cde7bba
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.4-2ubuntu0.2_i386.deb
  Size/MD5:     6424 ad458d476aa6df65bfaec35f5cba9c0b
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.4-2ubuntu0.2_i386.deb
  Size/MD5:    11144 efd76c12cc9f9df3ba719e8f073a6bfa

armel architecture (ARM Architecture):

http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.4-2ubuntu0.2_armel.deb
  Size/MD5:   256880 6aedba603449a04715b504caac95ed22
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.4-2ubuntu0.2_armel.deb
  Size/MD5:   271424 0587dc26b90416181bb71f0ee0acbed3
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.4-2ubuntu0.2_armel.deb
  Size/MD5:   151800 0a97a3959787ce6e4d4a60db21f4bd19
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.4-2ubuntu0.2_armel.deb
  Size/MD5:     5844 6efde8a677921feabc6dd5156181d72a
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.4-2ubuntu0.2_armel.deb
  Size/MD5:    11228 9e354f5270bc717488682dfc4712e74a

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.4-2ubuntu0.2_powerpc.deb
  Size/MD5:   250366 6fa58ac5fb03e3b6866499f53cb3e79d
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.4-2ubuntu0.2_powerpc.deb
  Size/MD5:   275860 d4f92d8330e793d8056e4bc5c180fba9
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.4-2ubuntu0.2_powerpc.deb
  Size/MD5:   150712 c47116bbde1de23b39bd86ce6733e033
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.4-2ubuntu0.2_powerpc.deb
  Size/MD5:     6702 d9524527cbcbd6b38cb782d73adbdc3b
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.4-2ubuntu0.2_powerpc.deb
  Size/MD5:    11962 a31983d4e49adaa4fa0321c16105bae3

.

Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1167


Updated Packages:

Mandriva Linux 2009.0: 469f83f325486ac28efade864c4c04dd 2009.0/i586/libtiff3-3.8.2-12.5mdv2009.0.i586.rpm 60ed02c79ace2efc9d360c6a254484d8 2009.0/i586/libtiff3-devel-3.8.2-12.5mdv2009.0.i586.rpm 9eec6c7a71319a0dbe42043e3ce0143c 2009.0/i586/libtiff3-static-devel-3.8.2-12.5mdv2009.0.i586.rpm c83359e62f148232dbf4716c3db1da27 2009.0/i586/libtiff-progs-3.8.2-12.5mdv2009.0.i586.rpm 394324226f6347b8adde7d5a3b94e616 2009.0/SRPMS/libtiff-3.8.2-12.5mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64: 12d1c6b013d1001804dcff1607ba0cbf 2009.0/x86_64/lib64tiff3-3.8.2-12.5mdv2009.0.x86_64.rpm 7160228a5f9eb015f7c39b034e4168fe 2009.0/x86_64/lib64tiff3-devel-3.8.2-12.5mdv2009.0.x86_64.rpm dd60de9c42e6e6db115866b0729d11a6 2009.0/x86_64/lib64tiff3-static-devel-3.8.2-12.5mdv2009.0.x86_64.rpm 019b6c2c67897e9e15b61c5bd5290d7c 2009.0/x86_64/libtiff-progs-3.8.2-12.5mdv2009.0.x86_64.rpm 394324226f6347b8adde7d5a3b94e616 2009.0/SRPMS/libtiff-3.8.2-12.5mdv2009.0.src.rpm

Mandriva Linux 2010.0: 516da8a4ac19bd931ec94c948e2202b3 2010.0/i586/libtiff3-3.9.1-4.4mdv2010.0.i586.rpm bb474b98be4cee2d5ce83b18a97e0b0a 2010.0/i586/libtiff-devel-3.9.1-4.4mdv2010.0.i586.rpm 91bbafe5b93099fa6bc91a4ae2c792c5 2010.0/i586/libtiff-progs-3.9.1-4.4mdv2010.0.i586.rpm cfe592e3c30c76e9e814c828f4e9c850 2010.0/i586/libtiff-static-devel-3.9.1-4.4mdv2010.0.i586.rpm 82734445474583997f82f61a6bca5477 2010.0/SRPMS/libtiff-3.9.1-4.4mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64: 89d02f64104cdeefcfff27251ac493e3 2010.0/x86_64/lib64tiff3-3.9.1-4.4mdv2010.0.x86_64.rpm 184361a7a031fd0040ef210289e659ad 2010.0/x86_64/lib64tiff-devel-3.9.1-4.4mdv2010.0.x86_64.rpm ea63a95bea50aa8c6173b7e018b52c16 2010.0/x86_64/lib64tiff-static-devel-3.9.1-4.4mdv2010.0.x86_64.rpm b683c3de7768e3be291f3cd0810f29f7 2010.0/x86_64/libtiff-progs-3.9.1-4.4mdv2010.0.x86_64.rpm 82734445474583997f82f61a6bca5477 2010.0/SRPMS/libtiff-3.9.1-4.4mdv2010.0.src.rpm

Mandriva Linux 2010.1: 6cae776a3869cba91324d4db8c3e445b 2010.1/i586/libtiff3-3.9.2-2.4mdv2010.2.i586.rpm 9eb7c8e16bdccb2a08bbd51b842d6b8a 2010.1/i586/libtiff-devel-3.9.2-2.4mdv2010.2.i586.rpm b22f03fcab8549799bd989a1ac5b9505 2010.1/i586/libtiff-progs-3.9.2-2.4mdv2010.2.i586.rpm 5207df22c3ce3a1dc5487e5a9f1386f5 2010.1/i586/libtiff-static-devel-3.9.2-2.4mdv2010.2.i586.rpm edc5ff22e092f6c0c761ea064beec57e 2010.1/SRPMS/libtiff-3.9.2-2.4mdv2010.2.src.rpm

Mandriva Linux 2010.1/X86_64: fead69647d8429a2e0f3bde99440a81e 2010.1/x86_64/lib64tiff3-3.9.2-2.4mdv2010.2.x86_64.rpm f8eefcab2c69e31dc9e59b7c5fd1370a 2010.1/x86_64/lib64tiff-devel-3.9.2-2.4mdv2010.2.x86_64.rpm a14aa71d4721718fc2312f04b76163db 2010.1/x86_64/lib64tiff-static-devel-3.9.2-2.4mdv2010.2.x86_64.rpm cd214410be00ea40859776ac4f95f1da 2010.1/x86_64/libtiff-progs-3.9.2-2.4mdv2010.2.x86_64.rpm edc5ff22e092f6c0c761ea064beec57e 2010.1/SRPMS/libtiff-3.9.2-2.4mdv2010.2.src.rpm

Corporate 4.0: 26f8d583111883193418679358070dac corporate/4.0/i586/libtiff3-3.6.1-12.11.20060mlcs4.i586.rpm 6cc27c218fc154873d80b9f20d0026a0 corporate/4.0/i586/libtiff3-devel-3.6.1-12.11.20060mlcs4.i586.rpm d2cc27f255b5c06ac0270501742d075a corporate/4.0/i586/libtiff3-static-devel-3.6.1-12.11.20060mlcs4.i586.rpm 1dce21141558e525afac04376ee88b0e corporate/4.0/i586/libtiff-progs-3.6.1-12.11.20060mlcs4.i586.rpm b71b082cfc6e374765bdcc433074876e corporate/4.0/SRPMS/libtiff-3.6.1-12.11.20060mlcs4.src.rpm

Corporate 4.0/X86_64: 909321cebadb1a6a98363111aafaa51f corporate/4.0/x86_64/lib64tiff3-3.6.1-12.11.20060mlcs4.x86_64.rpm 1e65799b8f71945b8577caa953f26f1a corporate/4.0/x86_64/lib64tiff3-devel-3.6.1-12.11.20060mlcs4.x86_64.rpm e0f3f375533db24c097249e2865d67c5 corporate/4.0/x86_64/lib64tiff3-static-devel-3.6.1-12.11.20060mlcs4.x86_64.rpm 45d3bf776d6b0bf18b6dd475719d5109 corporate/4.0/x86_64/libtiff-progs-3.6.1-12.11.20060mlcs4.x86_64.rpm b71b082cfc6e374765bdcc433074876e corporate/4.0/SRPMS/libtiff-3.6.1-12.11.20060mlcs4.src.rpm

Mandriva Enterprise Server 5: 0e74dc01232af741c73b5429222c104b mes5/i586/libtiff3-3.8.2-12.5mdvmes5.2.i586.rpm cf4880e23bca7320947faffb7493fe1c mes5/i586/libtiff3-devel-3.8.2-12.5mdvmes5.2.i586.rpm 35e2c51269229b05e8127d8ff7a70559 mes5/i586/libtiff3-static-devel-3.8.2-12.5mdvmes5.2.i586.rpm 053e112ce08dee96024c78cf1cc62c68 mes5/i586/libtiff-progs-3.8.2-12.5mdvmes5.2.i586.rpm b11fe44b7f27853a08cb447713ba2b5d mes5/SRPMS/libtiff-3.8.2-12.5mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64: 8b9eee08db52a402ff116c6f4f66e1cc mes5/x86_64/lib64tiff3-3.8.2-12.5mdvmes5.2.x86_64.rpm ae5a101036721b2f2cb852861dd9195a mes5/x86_64/lib64tiff3-devel-3.8.2-12.5mdvmes5.2.x86_64.rpm deb731157dd46e649eb01fb66bb9c4ca mes5/x86_64/lib64tiff3-static-devel-3.8.2-12.5mdvmes5.2.x86_64.rpm cf1e27dfce8783ba6dfa4d0d07949f8d mes5/x86_64/libtiff-progs-3.8.2-12.5mdvmes5.2.x86_64.rpm b11fe44b7f27853a08cb447713ba2b5d mes5/SRPMS/libtiff-3.8.2-12.5mdvmes5.2.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. ----------------------------------------------------------------------

Q1 Factsheets released:

http://secunia.com/resources/factsheets/2011_vendor/


TITLE: Debian update for tiff

SECUNIA ADVISORY ID: SA43934

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43934/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43934

RELEASE DATE: 2011-04-05

DISCUSS ADVISORY: http://secunia.com/advisories/43934/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/43934/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=43934

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: Debian has issued an update for tiff. This fixes some vulnerabilities, which can be exploited by malicious people to potentially compromise an application using the library.

For more information: SA43582 SA43593

SOLUTION: Apply update packages via the apt-get package manager.

ORIGINAL ADVISORY: DSA-2210-1: http://lists.debian.org/debian-security-announce/2011/msg00079.html

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/


About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201103-0290",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "4.6"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "4.5"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "4.7"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "4.1.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "4.6.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "4.0.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "4.7.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "4.2.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "4.5.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "9.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "7.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "8.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "6.0.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "7.3.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "4.7.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "6.0.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "8.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "9.0.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "10.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "9.2.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "6.0.5"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "7.3.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "9.2"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "apple",
        "version": "10"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "apple",
        "version": "4.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "8.0.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.7.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "6.0.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.1.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "9.0.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.7.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.4.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "8.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "8.1.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "6.0.4.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.5"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.7.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.6.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.4.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.7"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.2.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.6.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "9.0.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.6"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "8.0.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.3.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.9.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.0.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.8.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.5.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.1.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.4.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.6.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "6.0.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.4.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "5.0.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "8.2.1"
      },
      {
        "model": "itunes",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.1.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5.8"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5.8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "3.0 to  4.2.1 (iphone 3gs after )"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "3.1 to  4.2.1 (ipod touch (3rd generation) after )"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "3.2 to  4.2.1 (ipad for )"
      },
      {
        "model": "ipad",
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "iphone",
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "ipod touch",
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "5"
      },
      {
        "model": "linux armel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "safari",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.2.20"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.7"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "safari for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.4"
      },
      {
        "model": "linux enterprise sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.6"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.1.8"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.5.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2010.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5"
      },
      {
        "model": "enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.2"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.5.5"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.9.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "beta28",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.4"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "beta35",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.4"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.2"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.6"
      },
      {
        "model": "beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "4.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.2"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.9.2"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pardus",
        "version": "20110"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "model": "beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.6.0"
      },
      {
        "model": "alpha4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.5.7"
      },
      {
        "model": "beta24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.4"
      },
      {
        "model": "esignal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "esignal",
        "version": "6.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.1"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.9.3"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.8"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "beta6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "4.0"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.8"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "alpha2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.5.7"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.7.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.5"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.5.7"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.7.4"
      },
      {
        "model": "itunes",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.6.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.2"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.2"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.5.4"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux lpia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.10"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2010.0"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2010.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.3"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.7.2"
      },
      {
        "model": "linux enterprise sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2009.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.6.1"
      },
      {
        "model": "linux enterprise sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.5.7"
      },
      {
        "model": "beta31",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.4"
      },
      {
        "model": "beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.6.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.5.6"
      },
      {
        "model": "beta5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "4.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.10"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.4"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.7.2-7"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.10"
      },
      {
        "model": "ios beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.9.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.4"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.10"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.2"
      },
      {
        "model": "linux lts lpia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.8.1"
      },
      {
        "model": "mobile safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.10"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "alpha3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.5.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.7"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.9.2-5.2.1"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.5.2"
      },
      {
        "model": "beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.5.6"
      },
      {
        "model": "beta18",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "beta36",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.8"
      },
      {
        "model": "beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "4.0"
      },
      {
        "model": "beta34",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.5"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.7.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.4"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.4"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.5"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.7.3"
      },
      {
        "model": "beta29",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.5.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.1"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.8.2"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0"
      },
      {
        "model": "beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "4.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.3"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2010.0"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.3"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.7.1"
      },
      {
        "model": "tv",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.5"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2009.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.8"
      },
      {
        "model": "beta32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.72"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.2"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.3"
      },
      {
        "model": "alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "4.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "beta4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "4.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "enterprise server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.9"
      },
      {
        "model": "beta37",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.4"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.5.7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.7.0"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.10"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11.3"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.9.4"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "mac os server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.7"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.3"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "46657"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001351"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-0191"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201103-111"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:4.2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:4.7.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:4.7.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:6.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:6.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:6.0.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.4.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.4.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:4.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:4.7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:5.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:6.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.6.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.6.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:8.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:8.1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:9.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:9.2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:8.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:8.2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:10.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:10.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:4.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:4.5.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:4.8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:4.9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:6.0.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:6.0.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.4.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.7.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:8.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:9.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:9.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:10.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:10.1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:4.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:4.6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:5.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:5.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:6.0.4.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.3.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.3.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.5.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:8.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:8.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:9.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:9.0.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.1.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-0191"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "BID",
        "id": "46657"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2011-0191",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2011-0191",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-48136",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2011-0191",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201103-111",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-48136",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-48136"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001351"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-0191"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201103-111"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding. libTIFF is prone to a buffer-overflow  vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. \nAn attacker can exploit this issue to execute arbitrary code within the context of an application using the affected library. Failed exploit attempts will result in a denial-of-service condition. Silicon Graphics LibTIFF is a library for reading and writing TIFF (Tagged Image File Format) files from Silicon Graphics in the United States. This library contains some command line tools for working with TIFF files. A buffer overflow vulnerability exists in LibTIFF 3.9.4 and other versions used in ImageIO in versions prior to 10.2 of Apple iTunes on Windows. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2210-2                   security@debian.org\nhttp://www.debian.org/security/                             Luciano Bello\nJune 25, 2011                          http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : tiff\nVulnerability  : several\nProblem type   : local (remote)\nDebian-specific: no\nCVE ID         : CVE-2011-0191 CVE-2011-0192 CVE-2011-1167\nDebian Bug     : 619614 630042\n\nThe recent tiff update DSA-2210-1 introduced a regression that could\nlead to encoding problems of tiff files. \n  This issue affects the Debian 5.0 Lenny package only. \n\nCVE-2011-1167\n\n  Heap-based buffer overflow in the thunder (aka ThunderScan)\n  decoder allows to execute arbitrary code via a TIFF file that\n  has an unexpected BitsPerSample value. \n\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 3.8.2-11.5. \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.9.4-5+squeeze3. \n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 3.9.5-1. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.9.5-1. \n\nWe recommend that you upgrade your tiff packages. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niEYEARECAAYFAk4FuRIACgkQNxpp46476aqJsgCfZHj2QAEkb1yPGsR3w4VFDT0l\nOgcAniwL8jNLWEIZitLaTmF89e9H0Cop\n=7afE\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. ===========================================================\nUbuntu Security Notice USN-1085-2            March 15, 2011\ntiff regression\nhttps://launchpad.net/bugs/731540\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 8.04 LTS\nUbuntu 9.10\nUbuntu 10.04 LTS\nUbuntu 10.10\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n  libtiff4                        3.7.4-1ubuntu3.10\n\nUbuntu 8.04 LTS:\n  libtiff4                        3.8.2-7ubuntu3.8\n\nUbuntu 9.10:\n  libtiff4                        3.8.2-13ubuntu0.5\n\nUbuntu 10.04 LTS:\n  libtiff4                        3.9.2-2ubuntu0.5\n\nUbuntu 10.10:\n  libtiff4                        3.9.4-2ubuntu0.2\n\nAfter a standard system update you need to restart your session to make\nall the necessary changes. \n\nDetails follow:\n\nUSN-1085-1 fixed vulnerabilities in the system TIFF library. The upstream\nfixes were incomplete and created problems for certain CCITTFAX4 files. \nThis update fixes the problem. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\n Sauli Pahlman discovered that the TIFF library incorrectly handled invalid\n td_stripbytecount fields. This issue only affected\n Ubuntu 10.04 LTS and 10.10. (CVE-2010-2482)\n \n Sauli Pahlman discovered that the TIFF library incorrectly handled TIFF\n files with an invalid combination of SamplesPerPixel and Photometric\n values. This issue only affected Ubuntu 10.10. \n (CVE-2010-2482)\n \n Nicolae Ghimbovschi discovered that the TIFF library incorrectly handled\n invalid ReferenceBlackWhite values. \n (CVE-2010-2595)\n \n Sauli Pahlman discovered that the TIFF library incorrectly handled certain\n default fields. (CVE-2010-2597, CVE-2010-2598)\n \n It was discovered that the TIFF library incorrectly validated certain\n data types. (CVE-2010-2630)\n \n It was discovered that the TIFF library incorrectly handled downsampled\n JPEG data. This issue only affected Ubuntu 10.04 LTS and 10.10. \n (CVE-2010-3087)\n \n It was discovered that the TIFF library incorrectly handled certain JPEG\n data. \n This issue only affected Ubuntu 6.06 LTS, 8.04 LTS and 9.10. \n (CVE-2011-0191)\n \n It was discovered that the TIFF library incorrectly handled certain TIFF\n FAX images. (CVE-2011-0191)\n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n  Source archives:\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.10.diff.gz\n      Size/MD5:    24707 92ee677a20237cfdb17b5dcbe024fc81\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.10.dsc\n      Size/MD5:     1445 19186c480eda8ade1d4fd194a7e08bf6\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4.orig.tar.gz\n      Size/MD5:  1280113 02cf5c3820bda83b35bb35b45ae27005\n\n  amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.10_amd64.deb\n      Size/MD5:   220784 7b8f336c5190b816fb92f498b30755c9\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.10_amd64.deb\n      Size/MD5:   283278 2633a7f81897814f7bddb303f6952b34\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.10_amd64.deb\n      Size/MD5:   488554 bd11ebd5ae319660ec0eff4f22b55268\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.10_amd64.deb\n      Size/MD5:    45210 2d75169ed1d84f4907d505780123691d\n    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.10_amd64.deb\n      Size/MD5:    50372 d606202ec431cee4d43658887b7c53f7\n\n  i386 architecture (x86 compatible Intel/AMD):\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.10_i386.deb\n      Size/MD5:   206424 d346905ce628f3b5afdfe1a4b5e46ee8\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.10_i386.deb\n      Size/MD5:   260146 f8a0af4bb2a87fab5833e8bea85b4179\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.10_i386.deb\n      Size/MD5:   462812 81f1884d1f83fbc7cf670233e79e464b\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.10_i386.deb\n      Size/MD5:    45144 047a98941044eb476ff601a50a94cb97\n    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.10_i386.deb\n      Size/MD5:    49650 0298317461310597a873c28bbe6c9c2d\n\n  powerpc architecture (Apple Macintosh G3/G4/G5):\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.10_powerpc.deb\n      Size/MD5:   240378 8f832fa2e7ca2122ea17b8440db407a3\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.10_powerpc.deb\n      Size/MD5:   289250 7118c8a2b9ee67fb759d89631b80ec33\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.10_powerpc.deb\n      Size/MD5:   477164 46d81e5cca275c4f9fa490bccf5e1b54\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.10_powerpc.deb\n      Size/MD5:    47366 8f493b29a1c6af1ede1ae20bb340542e\n    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.10_powerpc.deb\n      Size/MD5:    52018 9cbc82320c0fb9160a55d9e966935308\n\n  sparc architecture (Sun SPARC/UltraSPARC):\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.10_sparc.deb\n      Size/MD5:   209294 1c075ff5d8fe054cfbe59767156f2b12\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.10_sparc.deb\n      Size/MD5:   271226 083721bbf42b3a9c2ba0619725cdea1c\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.10_sparc.deb\n      Size/MD5:   467842 244140481e39cbae1caeea1cbc7242fb\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.10_sparc.deb\n      Size/MD5:    45072 0ecf1aa2519fd0f70a54e97299a9a2aa\n    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.10_sparc.deb\n      Size/MD5:    50206 1fd3434ab16f251802c05e69b2ec4172\n\nUpdated packages for Ubuntu 8.04 LTS:\n\n  Source archives:\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu3.8.diff.gz\n      Size/MD5:    23098 1ee89aac13034400cc5f65bc82350576\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu3.8.dsc\n      Size/MD5:     1534 db81aff18857a6a792e8e3d9f6419c25\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2.orig.tar.gz\n      Size/MD5:  1333780 e6ec4ab957ef49d5aabc38b7a376910b\n\n  amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.8_amd64.deb\n      Size/MD5:   186052 117b7fef507321d3b40f31e82121d65c\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.8_amd64.deb\n      Size/MD5:   583498 356ff0e0f3fa15764371a8d0ffbd2574\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.8_amd64.deb\n      Size/MD5:   132044 f21e514b5f9ffa5e083d48e3ff2876be\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.8_amd64.deb\n      Size/MD5:     5060 bd0be2af72fb9789ef27a5cf3445a960\n    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.8_amd64.deb\n      Size/MD5:    10482 a49a0b07d12a18248a56d1c64322687b\n\n  i386 architecture (x86 compatible Intel/AMD):\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.8_i386.deb\n      Size/MD5:   175314 d510325b149f2106114857e9cd1887a1\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.8_i386.deb\n      Size/MD5:   552824 044e167a1106988f710d4b26cd480c13\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.8_i386.deb\n      Size/MD5:   123468 8c41a5b4deb4daf59a27aa18bafc2a33\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.8_i386.deb\n      Size/MD5:     5044 221fabdeb10a45b0e39b30fcd9876d57\n    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.8_i386.deb\n      Size/MD5:     9934 139ed154385849ed4a76c21f14d1824c\n\n  lpia architecture (Low Power Intel Architecture):\n\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.8_lpia.deb\n      Size/MD5:   177010 f861eceecd6f08085a7e66038b28d148\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.8_lpia.deb\n      Size/MD5:   555294 27b3f40726cd5cf866dd80b5fb5f652d\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.8_lpia.deb\n      Size/MD5:   124582 a101756bd948bc2d526bbb3793655c46\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.8_lpia.deb\n      Size/MD5:     4916 0fde80306a67eb766b878040048003fa\n    http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.8_lpia.deb\n      Size/MD5:     9976 36fdc7a9337f4a5391a5d951624775df\n\n  powerpc architecture (Apple Macintosh G3/G4/G5):\n\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.8_powerpc.deb\n      Size/MD5:   223488 04f35d447aa797b255c249719f467896\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.8_powerpc.deb\n      Size/MD5:   577476 53e4f31126ecae60b54a2614c29a02ef\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.8_powerpc.deb\n      Size/MD5:   135174 24d5e5f4e4903eae9ba2b4163eb0ab44\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.8_powerpc.deb\n      Size/MD5:     7512 a361eb4c3985a90189342aced3932676\n    http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.8_powerpc.deb\n      Size/MD5:    13288 2f458ba98bbf136958d2a8cdc87a83ab\n\n  sparc architecture (Sun SPARC/UltraSPARC):\n\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.8_sparc.deb\n      Size/MD5:   178860 d48dc98bba2aaaf1830ad3a9d69b99db\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.8_sparc.deb\n      Size/MD5:   558838 c9ffd065811bf117f5c57dae82c4173b\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.8_sparc.deb\n      Size/MD5:   123254 e11f44522f5cef8b3f4a8a633be5437d\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.8_sparc.deb\n      Size/MD5:     4796 498f87c694b19560fe59ee3afb605af4\n    http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.8_sparc.deb\n      Size/MD5:    10700 5bb66a32a926f8fbd1a5b864a3d88cd7\n\nUpdated packages for Ubuntu 9.10:\n\n  Source archives:\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-13ubuntu0.5.diff.gz\n      Size/MD5:    43070 e8b35ecf046a7c3619e1d9929de8b830\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-13ubuntu0.5.dsc\n      Size/MD5:     1978 d8a8180b56ba05c422d4b443afb1d44e\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2.orig.tar.gz\n      Size/MD5:  1333780 e6ec4ab957ef49d5aabc38b7a376910b\n\n  Architecture independent packages:\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.8.2-13ubuntu0.5_all.deb\n      Size/MD5:   348112 a84bc452f3a0eea39c87ac3ac744112c\n\n  amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_amd64.deb\n      Size/MD5:   191416 300ef146f5155ff8ccdf51e8a684ff34\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_amd64.deb\n      Size/MD5:   252426 b78ec6fcac494ac67fb4b357632dace3\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_amd64.deb\n      Size/MD5:   135940 d3f0cb6e3491b6d335e905ddb2139dfc\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_amd64.deb\n      Size/MD5:     6332 b7da9edb5b42f9c08596a6b1966cb6e0\n    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_amd64.deb\n      Size/MD5:    12004 3107c05e0644d55184c568fbd205c8d4\n\n  i386 architecture (x86 compatible Intel/AMD):\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_i386.deb\n      Size/MD5:   176368 b2b0a5ed89fa9405dea1a1944bf4e606\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_i386.deb\n      Size/MD5:   232588 71573f111b56ed24c2bb95e70cf24950\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_i386.deb\n      Size/MD5:   125002 9127f1c5991d7bebf346d7996aa05549\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_i386.deb\n      Size/MD5:     6446 8535ecbdf277f311afe69e053e7027eb\n    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_i386.deb\n      Size/MD5:    11292 21192b1ec3a90204f70ac7e715f6ef94\n\n  armel architecture (ARM Architecture):\n\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_armel.deb\n      Size/MD5:   182752 27e8c1ba005bb913056725f27afed10b\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_armel.deb\n      Size/MD5:   233860 7bb2dfcf30084a32cfda47150de12820\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_armel.deb\n      Size/MD5:   124716 5bf3991de9df681e72aeb2b9cb0157e3\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_armel.deb\n      Size/MD5:     5966 f7269719e2c4b9f44abb54ea640452b9\n    http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_armel.deb\n      Size/MD5:    11160 213b7115f391a62a039e86bd2aed21e3\n\n  lpia architecture (Low Power Intel Architecture):\n\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_lpia.deb\n      Size/MD5:   177048 6f228aae0027ce228001ab1e03c1420f\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_lpia.deb\n      Size/MD5:   234412 2be52c2f11d51dc60ebd6358921ed539\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_lpia.deb\n      Size/MD5:   126608 5b98943322e5546def050c29f0137c51\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_lpia.deb\n      Size/MD5:     6312 9dfcffd32f1aa8e42e6e5f94c8171333\n    http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_lpia.deb\n      Size/MD5:    11340 69f92d56438e597d2733cca9fe192e09\n\n  powerpc architecture (Apple Macintosh G3/G4/G5):\n\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_powerpc.deb\n      Size/MD5:   191484 3af0b1c5f8e037c97831d2321c144069\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_powerpc.deb\n      Size/MD5:   256554 94513c2b20ec5e2206d5b5476ac4b6e1\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_powerpc.deb\n      Size/MD5:   137434 0dd8d58ca4136b26395ec9619352cbf4\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_powerpc.deb\n      Size/MD5:     6724 752b5398be235d406db9b0070c8b4bcc\n    http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_powerpc.deb\n      Size/MD5:    12080 857d09fbe80934ec33149da04cf5b4fe\n\n  sparc architecture (Sun SPARC/UltraSPARC):\n\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_sparc.deb\n      Size/MD5:   184288 a83a8a638af348c50d3bb64a2c0490e4\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_sparc.deb\n      Size/MD5:   237164 9a5c6358c6c65dfc8e5154f79c5937a1\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_sparc.deb\n      Size/MD5:   125062 2e70ed4b0b98f15d9b6d4d1aa2c223fe\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_sparc.deb\n      Size/MD5:     6096 e374e39bdeb2b16f8944713dc6b59ec2\n    http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_sparc.deb\n      Size/MD5:    12036 3bd0ece44e01a49c32decff3d318bcc3\n\nUpdated packages for Ubuntu 10.04 LTS:\n\n  Source archives:\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2-2ubuntu0.5.diff.gz\n      Size/MD5:    20142 b939eddaecc09a223f750ddc9ec300a7\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2-2ubuntu0.5.dsc\n      Size/MD5:     1974 0ab3539d8af96ca2ca23c1d74d79e8c6\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2.orig.tar.gz\n      Size/MD5:  1419742 93e56e421679c591de7552db13384cb8\n\n  Architecture independent packages:\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.9.2-2ubuntu0.5_all.deb\n      Size/MD5:   359126 ddf2cb68732e7fd96ea2078ce0ad4742\n\n  amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.5_amd64.deb\n      Size/MD5:   250490 975aec44c621ff1e524a7d0c344c461d\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.5_amd64.deb\n      Size/MD5:   269922 24ffd793f4f4cab1c419281358f95b06\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.5_amd64.deb\n      Size/MD5:   149244 8de4b36f57fd254339472d92d58df436\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.5_amd64.deb\n      Size/MD5:     6384 dd647e2d96b24485c9a3d512568a33e8\n    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.5_amd64.deb\n      Size/MD5:    12028 f312a06be417327ccaab3bc83fce43ee\n\n  i386 architecture (x86 compatible Intel/AMD):\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.5_i386.deb\n      Size/MD5:   234120 b80a26f6acbf41fc2835dea7be97d332\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.5_i386.deb\n      Size/MD5:   246962 2aced2d3476f07034714c32581451fca\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.5_i386.deb\n      Size/MD5:   136750 9e662029ab9932f9bb5cf551c9a25c70\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.5_i386.deb\n      Size/MD5:     6486 588d1bff01cbec45eefbfb25864b48c7\n    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.5_i386.deb\n      Size/MD5:    11282 028b976bcc83292a2a436961a26cff1b\n\n  armel architecture (ARM Architecture):\n\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.5_armel.deb\n      Size/MD5:   237816 b1bb7396d24ca82d5a72012e7f5902df\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.5_armel.deb\n      Size/MD5:   238800 82ec468a735c037f758424ee05ab0eda\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.5_armel.deb\n      Size/MD5:   129636 b6277537fd8ca0a7258d156b8185fc6c\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.5_armel.deb\n      Size/MD5:     5980 5ee322e0d78f7f440501872a91e78c98\n    http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.5_armel.deb\n      Size/MD5:    11300 c0120b282e1fa3c9922b9218a1d86271\n\n  powerpc architecture (Apple Macintosh G3/G4/G5):\n\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.5_powerpc.deb\n      Size/MD5:   253514 208b8a67298bb8435b790579c2369258\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.5_powerpc.deb\n      Size/MD5:   275256 4ccb314e621e464c06a709fbd7632384\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.5_powerpc.deb\n      Size/MD5:   150724 4787f755ef29dd7198699c9456ca5fd0\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.5_powerpc.deb\n      Size/MD5:     6770 759c330d4a755d3d217ca8afef8cb191\n    http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.5_powerpc.deb\n      Size/MD5:    12092 86dd9f88b6d3f4e3f7ee0c3f98ce4448\n\n  sparc architecture (Sun SPARC/UltraSPARC):\n\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.5_sparc.deb\n      Size/MD5:   248776 0e081f6795686de636fdb537d0da0af3\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.5_sparc.deb\n      Size/MD5:   257346 b1cb2500a7b1ada561852e12546279a4\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.5_sparc.deb\n      Size/MD5:   143484 b24ccd56b9eee79c062d8a1e13e65326\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.5_sparc.deb\n      Size/MD5:     6226 28e807e1ae69640a7e0a35ea79b8913a\n    http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.5_sparc.deb\n      Size/MD5:    11922 1acad867116630bb02cf53831f49fb91\n\nUpdated packages for Ubuntu 10.10:\n\n  Source archives:\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.4-2ubuntu0.2.debian.tar.gz\n      Size/MD5:    18124 6b91f60b7bc92c8f0710f4088c1f38f3\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.4-2ubuntu0.2.dsc\n      Size/MD5:     1991 020c2a94b61792b09f6d01752f2c7f5d\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.4.orig.tar.gz\n      Size/MD5:  1436968 2006c1bdd12644dbf02956955175afd6\n\n  Architecture independent packages:\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.9.4-2ubuntu0.2_all.deb\n      Size/MD5:   342928 4d7df4c971ba92ab11d738820853fcc4\n\n  amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.4-2ubuntu0.2_amd64.deb\n      Size/MD5:   248246 dd83a166330ad6268952b8e49f075012\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.4-2ubuntu0.2_amd64.deb\n      Size/MD5:   270788 73525f6754327725fd2e93fe1fc0e4fb\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.4-2ubuntu0.2_amd64.deb\n      Size/MD5:   149490 2da1a59a5a933e822256d2b6d89454c6\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.4-2ubuntu0.2_amd64.deb\n      Size/MD5:     6310 b566e3ac1e893179519b2596798ad492\n    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.4-2ubuntu0.2_amd64.deb\n      Size/MD5:    11806 a523fb6ef9ac518e5869fdc9bd72d937\n\n  i386 architecture (x86 compatible Intel/AMD):\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.4-2ubuntu0.2_i386.deb\n      Size/MD5:   230148 a676650de4cfea04a7bfd000de0da151\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.4-2ubuntu0.2_i386.deb\n      Size/MD5:   247138 95194c2ea2ab0ca87e6b8867dae07385\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.4-2ubuntu0.2_i386.deb\n      Size/MD5:   136668 f0931de0028f3538f92ef2547cde7bba\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.4-2ubuntu0.2_i386.deb\n      Size/MD5:     6424 ad458d476aa6df65bfaec35f5cba9c0b\n    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.4-2ubuntu0.2_i386.deb\n      Size/MD5:    11144 efd76c12cc9f9df3ba719e8f073a6bfa\n\n  armel architecture (ARM Architecture):\n\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.4-2ubuntu0.2_armel.deb\n      Size/MD5:   256880 6aedba603449a04715b504caac95ed22\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.4-2ubuntu0.2_armel.deb\n      Size/MD5:   271424 0587dc26b90416181bb71f0ee0acbed3\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.4-2ubuntu0.2_armel.deb\n      Size/MD5:   151800 0a97a3959787ce6e4d4a60db21f4bd19\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.4-2ubuntu0.2_armel.deb\n      Size/MD5:     5844 6efde8a677921feabc6dd5156181d72a\n    http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.4-2ubuntu0.2_armel.deb\n      Size/MD5:    11228 9e354f5270bc717488682dfc4712e74a\n\n  powerpc architecture (Apple Macintosh G3/G4/G5):\n\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.4-2ubuntu0.2_powerpc.deb\n      Size/MD5:   250366 6fa58ac5fb03e3b6866499f53cb3e79d\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.4-2ubuntu0.2_powerpc.deb\n      Size/MD5:   275860 d4f92d8330e793d8056e4bc5c180fba9\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.4-2ubuntu0.2_powerpc.deb\n      Size/MD5:   150712 c47116bbde1de23b39bd86ce6733e033\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.4-2ubuntu0.2_powerpc.deb\n      Size/MD5:     6702 d9524527cbcbd6b38cb782d73adbdc3b\n    http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.4-2ubuntu0.2_powerpc.deb\n      Size/MD5:    11962 a31983d4e49adaa4fa0321c16105bae3\n\n. \n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149\u0026amp;products_id=490\n \n The updated packages have been patched to correct these issues. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0191\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1167\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2009.0:\n 469f83f325486ac28efade864c4c04dd  2009.0/i586/libtiff3-3.8.2-12.5mdv2009.0.i586.rpm\n 60ed02c79ace2efc9d360c6a254484d8  2009.0/i586/libtiff3-devel-3.8.2-12.5mdv2009.0.i586.rpm\n 9eec6c7a71319a0dbe42043e3ce0143c  2009.0/i586/libtiff3-static-devel-3.8.2-12.5mdv2009.0.i586.rpm\n c83359e62f148232dbf4716c3db1da27  2009.0/i586/libtiff-progs-3.8.2-12.5mdv2009.0.i586.rpm \n 394324226f6347b8adde7d5a3b94e616  2009.0/SRPMS/libtiff-3.8.2-12.5mdv2009.0.src.rpm\n\n Mandriva Linux 2009.0/X86_64:\n 12d1c6b013d1001804dcff1607ba0cbf  2009.0/x86_64/lib64tiff3-3.8.2-12.5mdv2009.0.x86_64.rpm\n 7160228a5f9eb015f7c39b034e4168fe  2009.0/x86_64/lib64tiff3-devel-3.8.2-12.5mdv2009.0.x86_64.rpm\n dd60de9c42e6e6db115866b0729d11a6  2009.0/x86_64/lib64tiff3-static-devel-3.8.2-12.5mdv2009.0.x86_64.rpm\n 019b6c2c67897e9e15b61c5bd5290d7c  2009.0/x86_64/libtiff-progs-3.8.2-12.5mdv2009.0.x86_64.rpm \n 394324226f6347b8adde7d5a3b94e616  2009.0/SRPMS/libtiff-3.8.2-12.5mdv2009.0.src.rpm\n\n Mandriva Linux 2010.0:\n 516da8a4ac19bd931ec94c948e2202b3  2010.0/i586/libtiff3-3.9.1-4.4mdv2010.0.i586.rpm\n bb474b98be4cee2d5ce83b18a97e0b0a  2010.0/i586/libtiff-devel-3.9.1-4.4mdv2010.0.i586.rpm\n 91bbafe5b93099fa6bc91a4ae2c792c5  2010.0/i586/libtiff-progs-3.9.1-4.4mdv2010.0.i586.rpm\n cfe592e3c30c76e9e814c828f4e9c850  2010.0/i586/libtiff-static-devel-3.9.1-4.4mdv2010.0.i586.rpm \n 82734445474583997f82f61a6bca5477  2010.0/SRPMS/libtiff-3.9.1-4.4mdv2010.0.src.rpm\n\n Mandriva Linux 2010.0/X86_64:\n 89d02f64104cdeefcfff27251ac493e3  2010.0/x86_64/lib64tiff3-3.9.1-4.4mdv2010.0.x86_64.rpm\n 184361a7a031fd0040ef210289e659ad  2010.0/x86_64/lib64tiff-devel-3.9.1-4.4mdv2010.0.x86_64.rpm\n ea63a95bea50aa8c6173b7e018b52c16  2010.0/x86_64/lib64tiff-static-devel-3.9.1-4.4mdv2010.0.x86_64.rpm\n b683c3de7768e3be291f3cd0810f29f7  2010.0/x86_64/libtiff-progs-3.9.1-4.4mdv2010.0.x86_64.rpm \n 82734445474583997f82f61a6bca5477  2010.0/SRPMS/libtiff-3.9.1-4.4mdv2010.0.src.rpm\n\n Mandriva Linux 2010.1:\n 6cae776a3869cba91324d4db8c3e445b  2010.1/i586/libtiff3-3.9.2-2.4mdv2010.2.i586.rpm\n 9eb7c8e16bdccb2a08bbd51b842d6b8a  2010.1/i586/libtiff-devel-3.9.2-2.4mdv2010.2.i586.rpm\n b22f03fcab8549799bd989a1ac5b9505  2010.1/i586/libtiff-progs-3.9.2-2.4mdv2010.2.i586.rpm\n 5207df22c3ce3a1dc5487e5a9f1386f5  2010.1/i586/libtiff-static-devel-3.9.2-2.4mdv2010.2.i586.rpm \n edc5ff22e092f6c0c761ea064beec57e  2010.1/SRPMS/libtiff-3.9.2-2.4mdv2010.2.src.rpm\n\n Mandriva Linux 2010.1/X86_64:\n fead69647d8429a2e0f3bde99440a81e  2010.1/x86_64/lib64tiff3-3.9.2-2.4mdv2010.2.x86_64.rpm\n f8eefcab2c69e31dc9e59b7c5fd1370a  2010.1/x86_64/lib64tiff-devel-3.9.2-2.4mdv2010.2.x86_64.rpm\n a14aa71d4721718fc2312f04b76163db  2010.1/x86_64/lib64tiff-static-devel-3.9.2-2.4mdv2010.2.x86_64.rpm\n cd214410be00ea40859776ac4f95f1da  2010.1/x86_64/libtiff-progs-3.9.2-2.4mdv2010.2.x86_64.rpm \n edc5ff22e092f6c0c761ea064beec57e  2010.1/SRPMS/libtiff-3.9.2-2.4mdv2010.2.src.rpm\n\n Corporate 4.0:\n 26f8d583111883193418679358070dac  corporate/4.0/i586/libtiff3-3.6.1-12.11.20060mlcs4.i586.rpm\n 6cc27c218fc154873d80b9f20d0026a0  corporate/4.0/i586/libtiff3-devel-3.6.1-12.11.20060mlcs4.i586.rpm\n d2cc27f255b5c06ac0270501742d075a  corporate/4.0/i586/libtiff3-static-devel-3.6.1-12.11.20060mlcs4.i586.rpm\n 1dce21141558e525afac04376ee88b0e  corporate/4.0/i586/libtiff-progs-3.6.1-12.11.20060mlcs4.i586.rpm \n b71b082cfc6e374765bdcc433074876e  corporate/4.0/SRPMS/libtiff-3.6.1-12.11.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 909321cebadb1a6a98363111aafaa51f  corporate/4.0/x86_64/lib64tiff3-3.6.1-12.11.20060mlcs4.x86_64.rpm\n 1e65799b8f71945b8577caa953f26f1a  corporate/4.0/x86_64/lib64tiff3-devel-3.6.1-12.11.20060mlcs4.x86_64.rpm\n e0f3f375533db24c097249e2865d67c5  corporate/4.0/x86_64/lib64tiff3-static-devel-3.6.1-12.11.20060mlcs4.x86_64.rpm\n 45d3bf776d6b0bf18b6dd475719d5109  corporate/4.0/x86_64/libtiff-progs-3.6.1-12.11.20060mlcs4.x86_64.rpm \n b71b082cfc6e374765bdcc433074876e  corporate/4.0/SRPMS/libtiff-3.6.1-12.11.20060mlcs4.src.rpm\n\n Mandriva Enterprise Server 5:\n 0e74dc01232af741c73b5429222c104b  mes5/i586/libtiff3-3.8.2-12.5mdvmes5.2.i586.rpm\n cf4880e23bca7320947faffb7493fe1c  mes5/i586/libtiff3-devel-3.8.2-12.5mdvmes5.2.i586.rpm\n 35e2c51269229b05e8127d8ff7a70559  mes5/i586/libtiff3-static-devel-3.8.2-12.5mdvmes5.2.i586.rpm\n 053e112ce08dee96024c78cf1cc62c68  mes5/i586/libtiff-progs-3.8.2-12.5mdvmes5.2.i586.rpm \n b11fe44b7f27853a08cb447713ba2b5d  mes5/SRPMS/libtiff-3.8.2-12.5mdvmes5.2.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n 8b9eee08db52a402ff116c6f4f66e1cc  mes5/x86_64/lib64tiff3-3.8.2-12.5mdvmes5.2.x86_64.rpm\n ae5a101036721b2f2cb852861dd9195a  mes5/x86_64/lib64tiff3-devel-3.8.2-12.5mdvmes5.2.x86_64.rpm\n deb731157dd46e649eb01fb66bb9c4ca  mes5/x86_64/lib64tiff3-static-devel-3.8.2-12.5mdvmes5.2.x86_64.rpm\n cf1e27dfce8783ba6dfa4d0d07949f8d  mes5/x86_64/libtiff-progs-3.8.2-12.5mdvmes5.2.x86_64.rpm \n b11fe44b7f27853a08cb447713ba2b5d  mes5/SRPMS/libtiff-3.8.2-12.5mdvmes5.2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. ----------------------------------------------------------------------\n\n\nQ1 Factsheets released:\n\nhttp://secunia.com/resources/factsheets/2011_vendor/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nDebian update for tiff\n\nSECUNIA ADVISORY ID:\nSA43934\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/43934/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43934\n\nRELEASE DATE:\n2011-04-05\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/43934/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/43934/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43934\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nDebian has issued an update for tiff. This fixes some\nvulnerabilities, which can be exploited by malicious people to\npotentially compromise an application using the library. \n\nFor more information:\nSA43582\nSA43593\n\nSOLUTION:\nApply update packages via the apt-get package manager. \n\nORIGINAL ADVISORY:\nDSA-2210-1:\nhttp://lists.debian.org/debian-security-announce/2011/msg00079.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-0191"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001351"
      },
      {
        "db": "BID",
        "id": "46657"
      },
      {
        "db": "VULHUB",
        "id": "VHN-48136"
      },
      {
        "db": "PACKETSTORM",
        "id": "100027"
      },
      {
        "db": "PACKETSTORM",
        "id": "99031"
      },
      {
        "db": "PACKETSTORM",
        "id": "102606"
      },
      {
        "db": "PACKETSTORM",
        "id": "99337"
      },
      {
        "db": "PACKETSTORM",
        "id": "100045"
      },
      {
        "db": "PACKETSTORM",
        "id": "100081"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2011-0191",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "46657",
        "trust": 1.4
      },
      {
        "db": "SECUNIA",
        "id": "43934",
        "trust": 1.2
      },
      {
        "db": "VUPEN",
        "id": "ADV-2011-0859",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2011-0845",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001351",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201103-111",
        "trust": 0.7
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2011-03-02-1",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "100045",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "102606",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "100027",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-48136",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "99031",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "99337",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "100081",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-48136"
      },
      {
        "db": "BID",
        "id": "46657"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001351"
      },
      {
        "db": "PACKETSTORM",
        "id": "100027"
      },
      {
        "db": "PACKETSTORM",
        "id": "99031"
      },
      {
        "db": "PACKETSTORM",
        "id": "102606"
      },
      {
        "db": "PACKETSTORM",
        "id": "99337"
      },
      {
        "db": "PACKETSTORM",
        "id": "100045"
      },
      {
        "db": "PACKETSTORM",
        "id": "100081"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-0191"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201103-111"
      }
    ]
  },
  "id": "VAR-201103-0290",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-48136"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:24:45.400000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT4565",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4565"
      },
      {
        "title": "HT4581",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4581"
      },
      {
        "title": "HT4554",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4554"
      },
      {
        "title": "HT4566",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4566"
      },
      {
        "title": "HT4564",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4564"
      },
      {
        "title": "HT4565",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4565?viewlocale=ja_jp"
      },
      {
        "title": "HT4581",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4581?viewlocale=ja_jp"
      },
      {
        "title": "HT4554",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4554?viewlocale=ja_jp"
      },
      {
        "title": "HT4566",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4566?viewlocale=ja_jp"
      },
      {
        "title": "HT4564",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4564?viewlocale=ja_jp"
      },
      {
        "title": "iTunes 10.2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39588"
      },
      {
        "title": "iTunes 10.2 for Windows (64 bit)",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39587"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001351"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201103-111"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-48136"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001351"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-0191"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2011/mar/msg00000.html"
      },
      {
        "trust": 1.7,
        "url": "http://support.apple.com/kb/ht4554"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2011//mar/msg00003.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2011//mar/msg00004.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2011//mar/msg00005.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2011/mar/msg00006.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/46657"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/kb/ht4564"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/kb/ht4565"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/kb/ht4566"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/kb/ht4581"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2011/dsa-2210"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2011:064"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/43934"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2011/0845"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2011/0859"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0191"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu636925"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu574588"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu556020"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu643615"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu867452"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0191"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0191"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0192"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/itunes/"
      },
      {
        "trust": 0.3,
        "url": "http://www.libtiff.org/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1167"
      },
      {
        "trust": 0.2,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.2,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.2,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2.orig.tar.gz"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2630"
      },
      {
        "trust": 0.2,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4.orig.tar.gz"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3087"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2595"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2598"
      },
      {
        "trust": 0.2,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2.orig.tar.gz"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2482"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2483"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2597"
      },
      {
        "trust": 0.2,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.4.orig.tar.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu3.7.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.7_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.4-2ubuntu0.1_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.8.2-13ubuntu0.4_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.7_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.4_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.4_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.9_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.7_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.9_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.4-2ubuntu0.1_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.4_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.9.4-2ubuntu0.1_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.4_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.4-2ubuntu0.1_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.9_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.4-2ubuntu0.1_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.4-2ubuntu0.1_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.9_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.4-2ubuntu0.1_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.7_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.9_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.7_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.7_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.7_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.9.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.9_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2-2ubuntu0.4.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.7_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.4_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.7_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.9_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.7_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.4-2ubuntu0.1_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.4_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.7_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.4_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.4-2ubuntu0.1_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.9_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.4_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.4_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.4_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.4_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.9.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.4_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.9.2-2ubuntu0.4_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.9_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.4_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.4-2ubuntu0.1_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.4_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.4-2ubuntu0.1_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.4-2ubuntu0.1_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.9_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.9_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.4_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.4-2ubuntu0.1_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.4-2ubuntu0.1_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.4_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.7_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.4-2ubuntu0.1_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.4_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.4-2ubuntu0.1_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.4_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.7_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.9_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.4_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.9_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.4_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.9_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.4-2ubuntu0.1_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu3.7.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.7_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.4_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.4-2ubuntu0.1_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.9_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.4-2ubuntu0.1_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.7_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.9_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.4-2ubuntu0.1_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.4_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.4-2ubuntu0.1.debian.tar.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.9_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.7_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.4-2ubuntu0.1.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.7_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.7_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.4_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.7_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.4_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.9_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.9_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.4_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.7_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.4_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.4_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-13ubuntu0.4.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.7_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.4_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.7_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.7_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.4_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.4_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.4_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.7_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2-2ubuntu0.4.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.4_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-13ubuntu0.4.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.4_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.7_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.4_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.9_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.4-2ubuntu0.1_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.4_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu3.8.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.8_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.9.4-2ubuntu0.2_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.4-2ubuntu0.2_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.10_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.5_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.10_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.10_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.4-2ubuntu0.2.debian.tar.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.10_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu3.8.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.10_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-13ubuntu0.5.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.5_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.4-2ubuntu0.2_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.5_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.10_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.5_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.10_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.4-2ubuntu0.2_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.8_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2-2ubuntu0.5.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.4-2ubuntu0.2_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.8_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.8_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.4-2ubuntu0.2.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.10_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.5_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.10.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.5_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.8_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.5_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.4-2ubuntu0.2_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.4-2ubuntu0.2_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.5_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.5_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.10_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/bugs/731540"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.5_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.4-2ubuntu0.2_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.4-2ubuntu0.2_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.10_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-13ubuntu0.5.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.10_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.10_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.10_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.4-2ubuntu0.2_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.5_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.10_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.5_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.4-2ubuntu0.2_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.5_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.8_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.4-2ubuntu0.2_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.5_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.8_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.4-2ubuntu0.2_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2-2ubuntu0.5.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.5_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.4-2ubuntu0.2_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.4-2ubuntu0.2_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.4-2ubuntu0.2_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.10_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.5_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.4-2ubuntu0.2_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.8_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.8_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.8_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.8_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.8_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.8_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.8_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.5_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.5_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.8.2-13ubuntu0.5_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.8_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.8_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.4-2ubuntu0.2_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.8_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.8_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.4-2ubuntu0.2_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.8_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.4-2ubuntu0.2_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.5_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.5_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.4-2ubuntu0.2_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.8_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.5_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.5_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.5_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.10_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.5_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.8_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.10_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.10.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.5_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.10_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.10_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.8_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.8_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.8_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.9.2-2ubuntu0.5_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.8_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.10_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1167"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "http://store.mandriva.com/product_info.php?cpath=149\u0026amp;products_id=490"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/products/corporate/evm/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.1,
        "url": "http://lists.debian.org/debian-security-announce/2011/msg00079.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43934"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/43934/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/43934/#comments"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/resources/factsheets/2011_vendor/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-48136"
      },
      {
        "db": "BID",
        "id": "46657"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001351"
      },
      {
        "db": "PACKETSTORM",
        "id": "100027"
      },
      {
        "db": "PACKETSTORM",
        "id": "99031"
      },
      {
        "db": "PACKETSTORM",
        "id": "102606"
      },
      {
        "db": "PACKETSTORM",
        "id": "99337"
      },
      {
        "db": "PACKETSTORM",
        "id": "100045"
      },
      {
        "db": "PACKETSTORM",
        "id": "100081"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-0191"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201103-111"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-48136"
      },
      {
        "db": "BID",
        "id": "46657"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001351"
      },
      {
        "db": "PACKETSTORM",
        "id": "100027"
      },
      {
        "db": "PACKETSTORM",
        "id": "99031"
      },
      {
        "db": "PACKETSTORM",
        "id": "102606"
      },
      {
        "db": "PACKETSTORM",
        "id": "99337"
      },
      {
        "db": "PACKETSTORM",
        "id": "100045"
      },
      {
        "db": "PACKETSTORM",
        "id": "100081"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-0191"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201103-111"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-03-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-48136"
      },
      {
        "date": "2011-03-02T00:00:00",
        "db": "BID",
        "id": "46657"
      },
      {
        "date": "2011-04-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-001351"
      },
      {
        "date": "2011-04-04T16:47:55",
        "db": "PACKETSTORM",
        "id": "100027"
      },
      {
        "date": "2011-03-07T16:03:11",
        "db": "PACKETSTORM",
        "id": "99031"
      },
      {
        "date": "2011-06-27T23:06:48",
        "db": "PACKETSTORM",
        "id": "102606"
      },
      {
        "date": "2011-03-15T20:48:58",
        "db": "PACKETSTORM",
        "id": "99337"
      },
      {
        "date": "2011-04-04T18:31:39",
        "db": "PACKETSTORM",
        "id": "100045"
      },
      {
        "date": "2011-04-05T09:58:27",
        "db": "PACKETSTORM",
        "id": "100081"
      },
      {
        "date": "2011-03-03T20:00:02.627000",
        "db": "NVD",
        "id": "CVE-2011-0191"
      },
      {
        "date": "2011-03-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201103-111"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-02-21T00:00:00",
        "db": "VULHUB",
        "id": "VHN-48136"
      },
      {
        "date": "2011-05-17T16:42:00",
        "db": "BID",
        "id": "46657"
      },
      {
        "date": "2011-04-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-001351"
      },
      {
        "date": "2014-02-21T04:39:23.877000",
        "db": "NVD",
        "id": "CVE-2011-0191"
      },
      {
        "date": "2011-07-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201103-111"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "100045"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201103-111"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Apple Product  LibTIFF Vulnerable to buffer overflow",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001351"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201103-111"
      }
    ],
    "trust": 0.6
  }
}

var-200412-0902
Vulnerability from variot

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow. Apple Terminal on Mac OS X fails to sanitize x-man-page URIs, allowing an attacker to execute arbitrary commands. LibTIFF Library TIFFFetchStripThing() Perform memory allocation in functions CheckMalloc() An integer overflow vulnerability exists due to a flaw in the validation of the value passed to the function.LibTIFF Arbitrary code may be executed with the execution authority of the application that uses the library

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200412-0902",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "sun",
        "version": "10.0"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "sun",
        "version": "8.0"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "libtiff",
        "version": "3.5.7"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "libtiff",
        "version": "3.7.0"
      },
      {
        "model": "mandrake linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mandrakesoft",
        "version": "10.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "conectiva",
        "version": "9.0"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "libtiff",
        "version": "3.6.0"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "libtiff",
        "version": "3.5.5"
      },
      {
        "model": "sunos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "5.7"
      },
      {
        "model": "modular messaging message storage server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.2"
      },
      {
        "model": "icontrol service manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "1.3.5"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.3"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "libtiff",
        "version": "3.6.1"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.3"
      },
      {
        "model": "call management system server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "11.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.7"
      },
      {
        "model": "call management system server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "12.0"
      },
      {
        "model": "unixware",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sco",
        "version": "7.1.4"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "libtiff",
        "version": "3.4"
      },
      {
        "model": "icontrol service manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "1.3.6"
      },
      {
        "model": "interactive response",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "1.2.1"
      },
      {
        "model": "propack",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.7"
      },
      {
        "model": "interactive response",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "1.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.8"
      },
      {
        "model": "mandrake linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mandrakesoft",
        "version": "10.0"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.8"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.6"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.4"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.4"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "conectiva",
        "version": "10.0"
      },
      {
        "model": "mn100",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "*"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.6"
      },
      {
        "model": "interactive response",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "*"
      },
      {
        "model": "modular messaging message storage server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "1.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "gentoo",
        "version": "*"
      },
      {
        "model": "icontrol service manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "1.3.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.1"
      },
      {
        "model": "mandrake linux corporate server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "intuity audix lx",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "*"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.1"
      },
      {
        "model": "icontrol service manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "1.3"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "libtiff",
        "version": "3.5.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.9"
      },
      {
        "model": "sunos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "5.8"
      },
      {
        "model": "integrated management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "*"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.9"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sun",
        "version": "9.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "libtiff",
        "version": "3.5.4"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "libtiff",
        "version": "3.5.3"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.5"
      },
      {
        "model": "call management system server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "cvlan",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "*"
      },
      {
        "model": "call management system server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "call management system server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avaya",
        "version": "13.0"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "libtiff",
        "version": "3.5.1"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.3.9"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.3.9"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (x86)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "7.0 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "7.0 (x86)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "8 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "8 (x86)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (x86)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (ws)"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3.0"
      },
      {
        "model": "linux advanced workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#356070"
      },
      {
        "db": "CERT/CC",
        "id": "VU#539110"
      },
      {
        "db": "CERT/CC",
        "id": "VU#706838"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000574"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-1307"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:avaya:call_management_system_server:13.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:avaya:call_management_system_server:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:icontrol_service_manager:1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:icontrol_service_manager:1.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:avaya:call_management_system_server:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:avaya:call_management_system_server:12.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:avaya:interactive_response:1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:avaya:intuity_audix_lx:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:avaya:integrated_management:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:avaya:interactive_response:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:avaya:interactive_response:1.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:avaya:call_management_system_server:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:avaya:cvlan:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:icontrol_service_manager:1.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:icontrol_service_manager:1.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sun:solaris:10.0:*:x86:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:avaya:modular_messaging_message_storage_server:1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:avaya:modular_messaging_message_storage_server:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sco:unixware:7.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sun:solaris:10.0:*:sparc:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sun:solaris:9.0:x86_update_2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:avaya:mn100:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:x86_64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-1307"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Discovery credited to infamous41md[at]hotpop.com.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-081"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2004-1307",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": true,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2004-1307",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-9737",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2004-1307",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#356070",
            "trust": 0.8,
            "value": "22.31"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#539110",
            "trust": 0.8,
            "value": "5.04"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#706838",
            "trust": 0.8,
            "value": "9.38"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200412-081",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-9737",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#356070"
      },
      {
        "db": "CERT/CC",
        "id": "VU#539110"
      },
      {
        "db": "CERT/CC",
        "id": "VU#706838"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9737"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000574"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-1307"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow. Apple Terminal on Mac OS X fails to sanitize x-man-page URIs, allowing an attacker to execute arbitrary commands. LibTIFF Library TIFFFetchStripThing() Perform memory allocation in functions CheckMalloc() An integer overflow vulnerability exists due to a flaw in the validation of the value passed to the function.LibTIFF Arbitrary code may be executed with the execution authority of the application that uses the library",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-1307"
      },
      {
        "db": "CERT/CC",
        "id": "VU#356070"
      },
      {
        "db": "CERT/CC",
        "id": "VU#539110"
      },
      {
        "db": "CERT/CC",
        "id": "VU#706838"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000574"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9737"
      }
    ],
    "trust": 3.87
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#539110",
        "trust": 3.3
      },
      {
        "db": "USCERT",
        "id": "TA05-136A",
        "trust": 2.5
      },
      {
        "db": "NVD",
        "id": "CVE-2004-1307",
        "trust": 2.5
      },
      {
        "db": "SECUNIA",
        "id": "15227",
        "trust": 2.4
      },
      {
        "db": "OSVDB",
        "id": "16084",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "13502",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#356070",
        "trust": 0.8
      },
      {
        "db": "SECTRACK",
        "id": "1012651",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "13607",
        "trust": 0.8
      },
      {
        "db": "OSVDB",
        "id": "16085",
        "trust": 0.8
      },
      {
        "db": "SECTRACK",
        "id": "1013887",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#706838",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000574",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-081",
        "trust": 0.7
      },
      {
        "db": "CERT/CC",
        "id": "TA05-136A",
        "trust": 0.6
      },
      {
        "db": "OVAL",
        "id": "OVAL:ORG.MITRE.OVAL:DEF:11175",
        "trust": 0.6
      },
      {
        "db": "SUNALERT",
        "id": "101677",
        "trust": 0.6
      },
      {
        "db": "SUNALERT",
        "id": "201072",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2005-05-03",
        "trust": 0.6
      },
      {
        "db": "IDEFENSE",
        "id": "20041221 LIBTIFF STRIPOFFSETS INTEGER OVERFLOW VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-9737",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#356070"
      },
      {
        "db": "CERT/CC",
        "id": "VU#539110"
      },
      {
        "db": "CERT/CC",
        "id": "VU#706838"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9737"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000574"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-1307"
      }
    ]
  },
  "id": "VAR-200412-0902",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-9737"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T20:51:12.187000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Security Update 2005-005",
        "trust": 0.8,
        "url": "http://docs.info.apple.com/article.html?artnum=301528"
      },
      {
        "title": "Security Update 2005-005",
        "trust": 0.8,
        "url": "http://docs.info.apple.com/jarticle.html?artnum=301528"
      },
      {
        "title": "RHSA-2004:577",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2004-577.html"
      },
      {
        "title": "101677",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1"
      },
      {
        "title": "RHSA-2004:577",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2004-577j.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000574"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-1307"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.us-cert.gov/cas/techalerts/ta05-136a.html"
      },
      {
        "trust": 2.5,
        "url": "http://www.kb.cert.org/vuls/id/539110"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/15227/"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2005/may/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1"
      },
      {
        "trust": 1.7,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1"
      },
      {
        "trust": 1.6,
        "url": "http://docs.info.apple.com/article.html?artnum=301528"
      },
      {
        "trust": 1.6,
        "url": "http://www.idefense.com/application/poi/display?id=173\u0026type=vulnerabilities\u0026flashstatus=true"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11175"
      },
      {
        "trust": 0.8,
        "url": "http://remahl.se/david/vuln/011/"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/13502/"
      },
      {
        "trust": 0.8,
        "url": "http://www.osvdb.org/displayvuln.php?osvdb_id=16084"
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/alerts/2004/dec/1012651.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.idefense.com/application/poi/display?id=173\u0026type=vulnerabilities"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/13607/"
      },
      {
        "trust": 0.8,
        "url": "http://www.idefense.com/application/poi/display?id=240\u0026type=vulnerabilities"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.org/bid/13488"
      },
      {
        "trust": 0.8,
        "url": "http://www.securitytracker.com/alerts/2005/may/1013887.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.osvdb.org/displayvuln.php?osvdb_id=16085"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-1307"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/wr/2005/wr052001.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta05-136a/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta05-136a/"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-1307"
      },
      {
        "trust": 0.6,
        "url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:11175"
      },
      {
        "trust": 0.1,
        "url": "http://www.idefense.com/application/poi/display?id=173\u0026amp;type=vulnerabilities\u0026amp;flashstatus=true"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#356070"
      },
      {
        "db": "CERT/CC",
        "id": "VU#539110"
      },
      {
        "db": "CERT/CC",
        "id": "VU#706838"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9737"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000574"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-1307"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#356070"
      },
      {
        "db": "CERT/CC",
        "id": "VU#539110"
      },
      {
        "db": "CERT/CC",
        "id": "VU#706838"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9737"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000574"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-1307"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2005-05-06T00:00:00",
        "db": "CERT/CC",
        "id": "VU#356070"
      },
      {
        "date": "2005-01-20T00:00:00",
        "db": "CERT/CC",
        "id": "VU#539110"
      },
      {
        "date": "2005-05-16T00:00:00",
        "db": "CERT/CC",
        "id": "VU#706838"
      },
      {
        "date": "2004-12-21T00:00:00",
        "db": "VULHUB",
        "id": "VHN-9737"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2004-000574"
      },
      {
        "date": "2004-12-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200412-081"
      },
      {
        "date": "2004-12-21T05:00:00",
        "db": "NVD",
        "id": "CVE-2004-1307"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2005-05-16T00:00:00",
        "db": "CERT/CC",
        "id": "VU#356070"
      },
      {
        "date": "2005-08-23T00:00:00",
        "db": "CERT/CC",
        "id": "VU#539110"
      },
      {
        "date": "2005-05-24T00:00:00",
        "db": "CERT/CC",
        "id": "VU#706838"
      },
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-9737"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2004-000574"
      },
      {
        "date": "2009-02-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200412-081"
      },
      {
        "date": "2018-10-30T16:26:22.763000",
        "db": "NVD",
        "id": "CVE-2004-1307"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-081"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Terminal fails to properly sanitize input for \"x-man-page\" URI",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#356070"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-081"
      }
    ],
    "trust": 0.6
  }
}

var-200412-0007
Vulnerability from variot

Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files. libtiff of tif_next.c , tif_thunder.c , tif_luv.c In RLE In the process of decompressing a compressed file, a buffer overflow vulnerability exists due to improper bounds checking.Crafted by a third party TIFF Format image files LibTIFF Interpretation via applications and components that use the library will cause the application to crash and cause denial of service (DoS) It may be possible to run into arbitrary code with the privileges of the target user. LibTIFF is affected by multiple buffer-overflow vulnerabilities because the software fails to properly perform boundary checks before copying user-supplied strings into finite process buffers. An attacker may leverage these issues to execute arbitrary code on a vulnerable computer with the privileges of the user running a vulnerable application, facilitating unauthorized access. The attacker may also leverage these issues to crash the affected application. libtiff is an application library responsible for encoding/decoding TIFF image format. kfax is a small tool for displaying FAX files, using the libtiff library. There is a problem with libtiff when processing fax files. kfax calls the libtiff library to process .g3 files. Attackers can build malformed .g3 files and entice users to process them, which can lead to buffer overflows. Carefully constructed file data may execute arbitrary instructions with user process privileges. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1


Debian Security Advisory DSA 567-1 security@debian.org http://www.debian.org/security/ Martin Schulze October 15th, 2004 http://www.debian.org/security/faq


Package : tiff Vulnerability : heap overflows Problem-Type : remote Debian-specific: no CVE ID : CAN-2004-0803 CAN-2004-0804 CAN-2004-0886

Several problems have been discovered in libtiff, the Tag Image File Format library for processing TIFF graphics files.

CAN-2004-0804

Matthias Clasen discovered a division by zero through an integer
overflow.

CAN-2004-0886

Dmitry V. Levin discovered several integer overflows that caused
malloc issues which can result to either plain crash or memory
corruption.

For the stable distribution (woody) these problems have been fixed in version 3.5.5-6woody1.

For the unstable distribution (sid) these problems have been fixed in version 3.6.1-2.

We recommend that you upgrade your libtiff package.

Upgrade Instructions


wget url will fetch the file for you dpkg -i file.deb will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update will update the internal database apt-get upgrade will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-6woody1.dsc
  Size/MD5 checksum:      635 11a374e916d818c05a373feb04cab6a0
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-6woody1.diff.gz
  Size/MD5 checksum:    36717 6f4d137f7c935d57757313a610dbd389
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5.orig.tar.gz
  Size/MD5 checksum:   693641 3b7199ba793dec6ca88f38bb0c8cc4d8

Alpha architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_alpha.deb
  Size/MD5 checksum:   141424 18b6e6b621178c1419de8a13a0a62366
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_alpha.deb
  Size/MD5 checksum:   105148 875257fb73ba05a575d06650c130a545
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_alpha.deb
  Size/MD5 checksum:   423194 9796f3e82553cedb237f1b574570f143

ARM architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_arm.deb
  Size/MD5 checksum:   116928 5ed91b9586d830e8da9a5086fc5a6e76
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_arm.deb
  Size/MD5 checksum:    90466 f04c381a418fd33602d1ba30158597d3
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_arm.deb
  Size/MD5 checksum:   404262 30f13bfdf54cfca30ee5ca0f6c6d0e4e

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_i386.deb
  Size/MD5 checksum:   112068 d15dfdf84f010be08799d456726e1d9d
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_i386.deb
  Size/MD5 checksum:    81054 293f5c99f0a589917257ec7fee0b92fe
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_i386.deb
  Size/MD5 checksum:   387052 9606adb1668decf5ac1ee02a94298e85

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_ia64.deb
  Size/MD5 checksum:   158774 80c1b7ad68ecc78091ea95414125e81c
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_ia64.deb
  Size/MD5 checksum:   135386 b17f87aa0ad98fc50aa8c137a6f5089c
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_ia64.deb
  Size/MD5 checksum:   446496 757f3b6cc9d3f1ec5a2dfb1c3485caf3

HP Precision architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_hppa.deb
  Size/MD5 checksum:   128298 46dece015f0282bca0af7f6e740e9d31
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_hppa.deb
  Size/MD5 checksum:   106788 b837005b41c54c341cbd61e8fdb581ff
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_hppa.deb
  Size/MD5 checksum:   420346 3a2b91ee22af99eec3ab42d81cf9d59f

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_m68k.deb
  Size/MD5 checksum:   107302 0c702a3e5c2ad7ad7bd96dae64fa2d61
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_m68k.deb
  Size/MD5 checksum:    79770 d67f4347d35bf898a6ab1914cb53a42f
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_m68k.deb
  Size/MD5 checksum:   380218 42e6f07cf2e70de01ca40ac4a97254bf

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_mips.deb
  Size/MD5 checksum:   124048 85d8c8cbb62cc62c876bf4ed721027cf
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_mips.deb
  Size/MD5 checksum:    87840 5f3312f22b0f345c7eae434f5b871993
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_mips.deb
  Size/MD5 checksum:   410770 be817ddffa91c423b55fda3388d7ce48

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_mipsel.deb
  Size/MD5 checksum:   123558 42594e9270de16ff802c11eccf7a0efb
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_mipsel.deb
  Size/MD5 checksum:    88198 a8f0abe9205431caf94dce77d11ac477
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_mipsel.deb
  Size/MD5 checksum:   410860 68a12ef6d37fc575105c4ceb9b766949

PowerPC architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_powerpc.deb
  Size/MD5 checksum:   116042 2258da94549ae05ffae643bc40790487
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_powerpc.deb
  Size/MD5 checksum:    89424 c8d782561a299ffb65ea84b59d88117a
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_powerpc.deb
  Size/MD5 checksum:   402372 1eca24adda52b40c7a8d789fdeb3cb2e

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_s390.deb
  Size/MD5 checksum:   116870 dcddc86a0d96296c07076391adc9d754
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_s390.deb
  Size/MD5 checksum:    91742 40c1de704b191e4abb65af8a4b7fd75d
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_s390.deb
  Size/MD5 checksum:   395332 86d351b75f1f146ddad6d562ca77005c

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_sparc.deb
  Size/MD5 checksum:   132888 9ed9db78d727ba8bfbb25c1e68b03bf2
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_sparc.deb
  Size/MD5 checksum:    88556 a4069600bd9295a27d4eb6e9e0995495
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_sparc.deb
  Size/MD5 checksum:   397026 149e12055c5711129552fa938b5af431

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBcA4UW5ql+IAeqTIRAgMFAKC3Kbs2MxW5XlOa3aK9oo76W8wt9gCfXzyA fD+15yHAK6bw15bB4ejaGV8= =KPqY -----END PGP SIGNATURE-----

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200412-0007",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "trustix",
        "version": "2.1"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "trustix",
        "version": "1.5"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "8.1"
      },
      {
        "model": "pdf library",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "pdflib",
        "version": "5.0.2"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "libtiff",
        "version": "3.6.1"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "libtiff",
        "version": "3.6.0"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "libtiff",
        "version": "3.5.7"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "libtiff",
        "version": "3.5.5"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "libtiff",
        "version": "3.5.4"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "libtiff",
        "version": "3.5.3"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "libtiff",
        "version": "3.5.2"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "libtiff",
        "version": "3.5.1"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "libtiff",
        "version": "3.4"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "kde",
        "version": "3.3.1"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "kde",
        "version": "3.3"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "kde",
        "version": "3.2.3"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "kde",
        "version": "3.2.2"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "kde",
        "version": "3.2.1"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "kde",
        "version": "3.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.2.6"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.2.6"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "9.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "1.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.2.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.2.1"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.2.3"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.2.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.2"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.2.2"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.2.7"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.2.2"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.2.7"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.2.8"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "8.2"
      },
      {
        "model": "mandrake linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mandrakesoft",
        "version": "10.0"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.2.8"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.6"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.2.4"
      },
      {
        "model": "wxgtk2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "wxgtk2",
        "version": "2.5_.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.4"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.4"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.6"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.1"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.2.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.2.5"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.1"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.2.5"
      },
      {
        "model": "fedora core",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "core_2.0"
      },
      {
        "model": "linux advanced workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.2"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.5"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "9.0"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "2.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "2.1"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "3.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "3.0 (x86-64)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (x86)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "7.0 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "7.0 (x86)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "8 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "8 (x86)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (x86)"
      },
      {
        "model": "turbolinux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10_f"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (hosting)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (workgroup)"
      },
      {
        "model": "turbolinux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "turbolinux workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "turbolinux workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (ws)"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3.0"
      },
      {
        "model": "linux advanced workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1"
      },
      {
        "model": "wxgtk2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "wxgtk2",
        "version": "2.5.0"
      },
      {
        "model": "wxgtk2",
        "scope": null,
        "trust": 0.3,
        "vendor": "wxgtk2",
        "version": null
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "tetex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tetex",
        "version": "1.0.7"
      },
      {
        "model": "tetex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tetex",
        "version": "1.0.6"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "1.0"
      },
      {
        "model": "solaris 9 x86 update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "2"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "9"
      },
      {
        "model": "solaris 8 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "solaris 8 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "solaris 7.0 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "solaris 10.0 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "10"
      },
      {
        "model": "propack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "unixware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sco",
        "version": "7.1.4"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.1"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.2"
      },
      {
        "model": "fedora core2",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "linux mandrake amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "10.0"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "do not use",
        "scope": null,
        "trust": 0.3,
        "vendor": "libtiff",
        "version": null
      },
      {
        "model": "modular messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "modular messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1"
      },
      {
        "model": "modular messaging s3400",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "mn100",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "integrated management",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "cvlan",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2"
      },
      {
        "model": "pdf library p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "pdflib",
        "version": "5.0.4"
      },
      {
        "model": "kde",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.3.2"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#948752"
      },
      {
        "db": "BID",
        "id": "11406"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000443"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0803"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-097"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pdflib:pdf_library:5.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wxgtk2:wxgtk2:2.5_.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.2.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:kde:kde:3.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:kde:kde:3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:kde:kde:3.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:kde:kde:3.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:kde:kde:3.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:kde:kde:3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:trustix:secure_linux:1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-0803"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Chris Evans\u203b chris@ferret.lmh.ox.ac.uk",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-097"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2004-0803",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": true,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2004-0803",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-9233",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2004-0803",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#948752",
            "trust": 0.8,
            "value": "7.43"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200412-097",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-9233",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#948752"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9233"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000443"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0803"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-097"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files. libtiff of tif_next.c , tif_thunder.c , tif_luv.c In RLE In the process of decompressing a compressed file, a buffer overflow vulnerability exists due to improper bounds checking.Crafted by a third party TIFF Format image files LibTIFF Interpretation via applications and components that use the library will cause the application to crash and cause denial of service (DoS) It may be possible to run into arbitrary code with the privileges of the target user. LibTIFF is affected by multiple buffer-overflow vulnerabilities because the software fails to properly perform boundary checks before copying user-supplied strings into finite process buffers. \nAn attacker may leverage these issues to execute arbitrary code on a vulnerable computer with the privileges of the user running a vulnerable application, facilitating unauthorized access.  The attacker may also leverage these issues to crash the affected application. libtiff is an application library responsible for encoding/decoding TIFF image format. kfax is a small tool for displaying FAX files, using the libtiff library. There is a problem with libtiff when processing fax files. kfax calls the libtiff library to process .g3 files. Attackers can build malformed .g3 files and entice users to process them, which can lead to buffer overflows. Carefully constructed file data may execute arbitrary instructions with user process privileges. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- --------------------------------------------------------------------------\nDebian Security Advisory DSA 567-1                     security@debian.org\nhttp://www.debian.org/security/                             Martin Schulze\nOctober 15th, 2004                      http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage        : tiff\nVulnerability  : heap overflows\nProblem-Type   : remote\nDebian-specific: no\nCVE ID         : CAN-2004-0803 CAN-2004-0804 CAN-2004-0886\n\nSeveral problems have been discovered in libtiff, the Tag Image File\nFormat library for processing TIFF graphics files. \n\nCAN-2004-0804\n\n    Matthias Clasen discovered a division by zero through an integer\n    overflow. \n\nCAN-2004-0886\n\n    Dmitry V. Levin discovered several integer overflows that caused\n    malloc issues which can result to either plain crash or memory\n    corruption. \n\n\nFor the stable distribution (woody) these problems have been fixed in\nversion 3.5.5-6woody1. \n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 3.6.1-2. \n\nWe recommend that you upgrade your libtiff package. \n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n        will fetch the file for you\ndpkg -i file.deb\n        will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n        will update the internal database\napt-get upgrade\n        will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n  Source archives:\n\n    http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-6woody1.dsc\n      Size/MD5 checksum:      635 11a374e916d818c05a373feb04cab6a0\n    http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-6woody1.diff.gz\n      Size/MD5 checksum:    36717 6f4d137f7c935d57757313a610dbd389\n    http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5.orig.tar.gz\n      Size/MD5 checksum:   693641 3b7199ba793dec6ca88f38bb0c8cc4d8\n\n  Alpha architecture:\n\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_alpha.deb\n      Size/MD5 checksum:   141424 18b6e6b621178c1419de8a13a0a62366\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_alpha.deb\n      Size/MD5 checksum:   105148 875257fb73ba05a575d06650c130a545\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_alpha.deb\n      Size/MD5 checksum:   423194 9796f3e82553cedb237f1b574570f143\n\n  ARM architecture:\n\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_arm.deb\n      Size/MD5 checksum:   116928 5ed91b9586d830e8da9a5086fc5a6e76\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_arm.deb\n      Size/MD5 checksum:    90466 f04c381a418fd33602d1ba30158597d3\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_arm.deb\n      Size/MD5 checksum:   404262 30f13bfdf54cfca30ee5ca0f6c6d0e4e\n\n  Intel IA-32 architecture:\n\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_i386.deb\n      Size/MD5 checksum:   112068 d15dfdf84f010be08799d456726e1d9d\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_i386.deb\n      Size/MD5 checksum:    81054 293f5c99f0a589917257ec7fee0b92fe\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_i386.deb\n      Size/MD5 checksum:   387052 9606adb1668decf5ac1ee02a94298e85\n\n  Intel IA-64 architecture:\n\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_ia64.deb\n      Size/MD5 checksum:   158774 80c1b7ad68ecc78091ea95414125e81c\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_ia64.deb\n      Size/MD5 checksum:   135386 b17f87aa0ad98fc50aa8c137a6f5089c\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_ia64.deb\n      Size/MD5 checksum:   446496 757f3b6cc9d3f1ec5a2dfb1c3485caf3\n\n  HP Precision architecture:\n\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_hppa.deb\n      Size/MD5 checksum:   128298 46dece015f0282bca0af7f6e740e9d31\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_hppa.deb\n      Size/MD5 checksum:   106788 b837005b41c54c341cbd61e8fdb581ff\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_hppa.deb\n      Size/MD5 checksum:   420346 3a2b91ee22af99eec3ab42d81cf9d59f\n\n  Motorola 680x0 architecture:\n\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_m68k.deb\n      Size/MD5 checksum:   107302 0c702a3e5c2ad7ad7bd96dae64fa2d61\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_m68k.deb\n      Size/MD5 checksum:    79770 d67f4347d35bf898a6ab1914cb53a42f\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_m68k.deb\n      Size/MD5 checksum:   380218 42e6f07cf2e70de01ca40ac4a97254bf\n\n  Big endian MIPS architecture:\n\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_mips.deb\n      Size/MD5 checksum:   124048 85d8c8cbb62cc62c876bf4ed721027cf\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_mips.deb\n      Size/MD5 checksum:    87840 5f3312f22b0f345c7eae434f5b871993\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_mips.deb\n      Size/MD5 checksum:   410770 be817ddffa91c423b55fda3388d7ce48\n\n  Little endian MIPS architecture:\n\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_mipsel.deb\n      Size/MD5 checksum:   123558 42594e9270de16ff802c11eccf7a0efb\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_mipsel.deb\n      Size/MD5 checksum:    88198 a8f0abe9205431caf94dce77d11ac477\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_mipsel.deb\n      Size/MD5 checksum:   410860 68a12ef6d37fc575105c4ceb9b766949\n\n  PowerPC architecture:\n\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_powerpc.deb\n      Size/MD5 checksum:   116042 2258da94549ae05ffae643bc40790487\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_powerpc.deb\n      Size/MD5 checksum:    89424 c8d782561a299ffb65ea84b59d88117a\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_powerpc.deb\n      Size/MD5 checksum:   402372 1eca24adda52b40c7a8d789fdeb3cb2e\n\n  IBM S/390 architecture:\n\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_s390.deb\n      Size/MD5 checksum:   116870 dcddc86a0d96296c07076391adc9d754\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_s390.deb\n      Size/MD5 checksum:    91742 40c1de704b191e4abb65af8a4b7fd75d\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_s390.deb\n      Size/MD5 checksum:   395332 86d351b75f1f146ddad6d562ca77005c\n\n  Sun Sparc architecture:\n\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_sparc.deb\n      Size/MD5 checksum:   132888 9ed9db78d727ba8bfbb25c1e68b03bf2\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_sparc.deb\n      Size/MD5 checksum:    88556 a4069600bd9295a27d4eb6e9e0995495\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_sparc.deb\n      Size/MD5 checksum:   397026 149e12055c5711129552fa938b5af431\n\n\n  These files will probably be moved into the stable distribution on\n  its next update. \n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show \u003cpkg\u003e\u0027 and http://packages.debian.org/\u003cpkg\u003e\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.5 (GNU/Linux)\n\niD8DBQFBcA4UW5ql+IAeqTIRAgMFAKC3Kbs2MxW5XlOa3aK9oo76W8wt9gCfXzyA\nfD+15yHAK6bw15bB4ejaGV8=\n=KPqY\n-----END PGP SIGNATURE-----\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-0803"
      },
      {
        "db": "CERT/CC",
        "id": "VU#948752"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000443"
      },
      {
        "db": "BID",
        "id": "11406"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9233"
      },
      {
        "db": "PACKETSTORM",
        "id": "34737"
      }
    ],
    "trust": 2.79
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2004-0803",
        "trust": 3.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#948752",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "11406",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "12818",
        "trust": 2.5
      },
      {
        "db": "XF",
        "id": "17703",
        "trust": 1.4
      },
      {
        "db": "SECTRACK",
        "id": "1011667",
        "trust": 0.8
      },
      {
        "db": "OSVDB",
        "id": "10750",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000443",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-097",
        "trust": 0.7
      },
      {
        "db": "OVAL",
        "id": "OVAL:ORG.MITRE.OVAL:DEF:100114",
        "trust": 0.6
      },
      {
        "db": "OVAL",
        "id": "OVAL:ORG.MITRE.OVAL:DEF:8896",
        "trust": 0.6
      },
      {
        "db": "SUSE",
        "id": "SUSE-SA:2004:038",
        "trust": 0.6
      },
      {
        "db": "MANDRAKE",
        "id": "MDKSA-2004:109",
        "trust": 0.6
      },
      {
        "db": "MANDRAKE",
        "id": "MDKSA-2005:052",
        "trust": 0.6
      },
      {
        "db": "SUNALERT",
        "id": "101677",
        "trust": 0.6
      },
      {
        "db": "SUNALERT",
        "id": "201072",
        "trust": 0.6
      },
      {
        "db": "GENTOO",
        "id": "GLSA-200410-11",
        "trust": 0.6
      },
      {
        "db": "REDHAT",
        "id": "RHSA-2005:021",
        "trust": 0.6
      },
      {
        "db": "REDHAT",
        "id": "RHSA-2004:577",
        "trust": 0.6
      },
      {
        "db": "REDHAT",
        "id": "RHSA-2005:354",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20041013 CESA-2004-006: LIBTIFF",
        "trust": 0.6
      },
      {
        "db": "CONECTIVA",
        "id": "CLA-2004:888",
        "trust": 0.6
      },
      {
        "db": "DEBIAN",
        "id": "DSA-567",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "34684",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "34737",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-9233",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#948752"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9233"
      },
      {
        "db": "BID",
        "id": "11406"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000443"
      },
      {
        "db": "PACKETSTORM",
        "id": "34684"
      },
      {
        "db": "PACKETSTORM",
        "id": "34737"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0803"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-097"
      }
    ]
  },
  "id": "VAR-200412-0007",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-9233"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:12:15.137000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "libtiff",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/data/libtiff.html"
      },
      {
        "title": "AXSA-2005-62:1",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=184"
      },
      {
        "title": "RHSA-2005:021",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2005-021.html"
      },
      {
        "title": "RHSA-2005:354",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2005-354.html"
      },
      {
        "title": "RHSA-2004:577",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2004-577.html"
      },
      {
        "title": "101677",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1"
      },
      {
        "title": "TLSA-2005-4",
        "trust": 0.8,
        "url": "http://www.turbolinux.com/security/2005/tlsa-2005-4.txt"
      },
      {
        "title": "RHSA-2005:021",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2005-021j.html"
      },
      {
        "title": "RHSA-2005:354",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2005-354j.html"
      },
      {
        "title": "RHSA-2004:577",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2004-577j.html"
      },
      {
        "title": "TLSA-2005-4",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2005/tlsa-2005-4j.txt"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000443"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-0803"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://scary.beasts.org/security/cesa-2004-006.txt"
      },
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/11406"
      },
      {
        "trust": 2.5,
        "url": "http://www.kb.cert.org/vuls/id/948752"
      },
      {
        "trust": 2.0,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1"
      },
      {
        "trust": 1.7,
        "url": "http://www.kde.org/info/security/advisory-20041209-2.txt"
      },
      {
        "trust": 1.7,
        "url": "http://www.debian.org/security/2004/dsa-567"
      },
      {
        "trust": 1.7,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-11.xml"
      },
      {
        "trust": 1.7,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2004:109"
      },
      {
        "trust": 1.7,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2005:052"
      },
      {
        "trust": 1.7,
        "url": "http://www.redhat.com/support/errata/rhsa-2004-577.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.redhat.com/support/errata/rhsa-2005-021.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.redhat.com/support/errata/rhsa-2005-354.html"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/12818"
      },
      {
        "trust": 1.7,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1"
      },
      {
        "trust": 1.7,
        "url": "http://www.novell.com/linux/security/advisories/2004_38_libtiff.html"
      },
      {
        "trust": 1.6,
        "url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000888"
      },
      {
        "trust": 1.4,
        "url": "http://xforce.iss.net/xforce/xfdb/17703"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a100114"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8896"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17703"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=109778785107450\u0026w=2"
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/alerts/2004/oct/1011667.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.osvdb.org/displayvuln.php?osvdb_id=10750"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2004-0803"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-0803"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23948752"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-0803"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/12818/"
      },
      {
        "trust": 0.6,
        "url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:8896"
      },
      {
        "trust": 0.6,
        "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=109778785107450\u0026w=2"
      },
      {
        "trust": 0.6,
        "url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:100114"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57769-1"
      },
      {
        "trust": 0.3,
        "url": "http://www.libtiff.org/"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2004-577.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2005-021.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2005-354.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2005-002_rhsa-2004-577.pdf"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/378421"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0803"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=109778785107450\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026amp;anuncio=000888"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_s390.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_alpha.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_hppa.deb"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_hppa.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_alpha.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_mipsel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_hppa.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-6woody1.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_arm.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_mips.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_mipsel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_s390.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_mips.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_mipsel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_mips.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_m68k.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-6woody1.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_arm.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0804"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5.orig.tar.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://packages.debian.org/\u003cpkg\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_s390.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0886"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_m68k.deb"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_alpha.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_arm.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_m68k.deb"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#948752"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9233"
      },
      {
        "db": "BID",
        "id": "11406"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000443"
      },
      {
        "db": "PACKETSTORM",
        "id": "34684"
      },
      {
        "db": "PACKETSTORM",
        "id": "34737"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0803"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-097"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#948752"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9233"
      },
      {
        "db": "BID",
        "id": "11406"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000443"
      },
      {
        "db": "PACKETSTORM",
        "id": "34684"
      },
      {
        "db": "PACKETSTORM",
        "id": "34737"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0803"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-097"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2004-12-01T00:00:00",
        "db": "CERT/CC",
        "id": "VU#948752"
      },
      {
        "date": "2004-12-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-9233"
      },
      {
        "date": "2004-10-13T00:00:00",
        "db": "BID",
        "id": "11406"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2004-000443"
      },
      {
        "date": "2004-10-20T02:32:00",
        "db": "PACKETSTORM",
        "id": "34684"
      },
      {
        "date": "2004-10-26T02:30:56",
        "db": "PACKETSTORM",
        "id": "34737"
      },
      {
        "date": "2004-12-23T05:00:00",
        "db": "NVD",
        "id": "CVE-2004-0803"
      },
      {
        "date": "2004-10-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200412-097"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2005-03-17T00:00:00",
        "db": "CERT/CC",
        "id": "VU#948752"
      },
      {
        "date": "2017-10-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-9233"
      },
      {
        "date": "2009-05-05T15:46:00",
        "db": "BID",
        "id": "11406"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2004-000443"
      },
      {
        "date": "2017-10-11T01:29:34.373000",
        "db": "NVD",
        "id": "CVE-2004-0803"
      },
      {
        "date": "2009-02-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200412-097"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-097"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "LibTIFF contains multiple heap-based buffer overflows",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#948752"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Boundary Condition Error",
    "sources": [
      {
        "db": "BID",
        "id": "11406"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-097"
      }
    ],
    "trust": 0.9
  }
}

var-201604-0195
Vulnerability from variot

The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif. LibTIFF is prone to a memory-corruption vulnerability. An attacker could exploit this issue to execute arbitrary code in the affected system. Failed exploit attempts may result in denial-of-service conditions. ============================================================================ Ubuntu Security Notice USN-2939-1 March 23, 2016

tiff vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 15.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.10: libtiff5 4.0.3-12.3ubuntu2.1

Ubuntu 14.04 LTS: libtiff5 4.0.3-7ubuntu0.4

Ubuntu 12.04 LTS: libtiff4 3.9.5-2ubuntu1.9

In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: libtiff security update Advisory ID: RHSA-2016:1546-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1546.html Issue date: 2016-08-02 CVE Names: CVE-2014-8127 CVE-2014-8129 CVE-2014-8130 CVE-2014-9330 CVE-2014-9655 CVE-2015-1547 CVE-2015-7554 CVE-2015-8665 CVE-2015-8668 CVE-2015-8683 CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2015-8784 CVE-2016-3632 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5320 =====================================================================

  1. Summary:

An update for libtiff is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

Security Fix(es):

  • Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320)

  • Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991)

  • Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running applications linked against libtiff must be restarted for this update to take effect.

  1. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source: libtiff-4.0.3-25.el7_2.src.rpm

x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: libtiff-4.0.3-25.el7_2.src.rpm

x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: libtiff-4.0.3-25.el7_2.src.rpm

ppc64: libtiff-4.0.3-25.el7_2.ppc.rpm libtiff-4.0.3-25.el7_2.ppc64.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc64.rpm libtiff-devel-4.0.3-25.el7_2.ppc.rpm libtiff-devel-4.0.3-25.el7_2.ppc64.rpm

ppc64le: libtiff-4.0.3-25.el7_2.ppc64le.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc64le.rpm libtiff-devel-4.0.3-25.el7_2.ppc64le.rpm

s390x: libtiff-4.0.3-25.el7_2.s390.rpm libtiff-4.0.3-25.el7_2.s390x.rpm libtiff-debuginfo-4.0.3-25.el7_2.s390.rpm libtiff-debuginfo-4.0.3-25.el7_2.s390x.rpm libtiff-devel-4.0.3-25.el7_2.s390.rpm libtiff-devel-4.0.3-25.el7_2.s390x.rpm

x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: libtiff-debuginfo-4.0.3-25.el7_2.ppc.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc64.rpm libtiff-static-4.0.3-25.el7_2.ppc.rpm libtiff-static-4.0.3-25.el7_2.ppc64.rpm libtiff-tools-4.0.3-25.el7_2.ppc64.rpm

ppc64le: libtiff-debuginfo-4.0.3-25.el7_2.ppc64le.rpm libtiff-static-4.0.3-25.el7_2.ppc64le.rpm libtiff-tools-4.0.3-25.el7_2.ppc64le.rpm

s390x: libtiff-debuginfo-4.0.3-25.el7_2.s390.rpm libtiff-debuginfo-4.0.3-25.el7_2.s390x.rpm libtiff-static-4.0.3-25.el7_2.s390.rpm libtiff-static-4.0.3-25.el7_2.s390x.rpm libtiff-tools-4.0.3-25.el7_2.s390x.rpm

x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: libtiff-4.0.3-25.el7_2.src.rpm

x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2014-8127 https://access.redhat.com/security/cve/CVE-2014-8129 https://access.redhat.com/security/cve/CVE-2014-8130 https://access.redhat.com/security/cve/CVE-2014-9330 https://access.redhat.com/security/cve/CVE-2014-9655 https://access.redhat.com/security/cve/CVE-2015-1547 https://access.redhat.com/security/cve/CVE-2015-7554 https://access.redhat.com/security/cve/CVE-2015-8665 https://access.redhat.com/security/cve/CVE-2015-8668 https://access.redhat.com/security/cve/CVE-2015-8683 https://access.redhat.com/security/cve/CVE-2015-8781 https://access.redhat.com/security/cve/CVE-2015-8782 https://access.redhat.com/security/cve/CVE-2015-8783 https://access.redhat.com/security/cve/CVE-2015-8784 https://access.redhat.com/security/cve/CVE-2016-3632 https://access.redhat.com/security/cve/CVE-2016-3945 https://access.redhat.com/security/cve/CVE-2016-3990 https://access.redhat.com/security/cve/CVE-2016-3991 https://access.redhat.com/security/cve/CVE-2016-5320 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFXoNKIXlSAg2UNWIIRAn0mAJ49V9uRtJCn4vAWPIfVZ3ptCa4NDQCbBuTb H5YX3gD3gJu8C4EadiP+wtg= =Z4gh -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .


Gentoo Linux Security Advisory GLSA 201701-16


                                       https://security.gentoo.org/

Severity: Normal Title: libTIFF: Multiple vulnerabilities Date: January 09, 2017 Bugs: #484542, #534108, #538318, #561880, #572876, #585274, #585508, #599746 ID: 201701-16


Synopsis

Multiple vulnerabilities have been found in libTIFF, the worst of which may allow execution of arbitrary code. It is called by numerous programs, including GNOME and KDE applications, to interpret TIFF images. Please review the CVE identifier and bug reports referenced for details.

Workaround

There is no known workaround at this time.

Resolution

All libTIFF users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/tiff-4.0.7"

References

[ 1 ] CVE-2013-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4243 [ 2 ] CVE-2014-8127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8127 [ 3 ] CVE-2014-8128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8128 [ 4 ] CVE-2014-8129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8129 [ 5 ] CVE-2014-8130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8130 [ 6 ] CVE-2014-9330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9330 [ 7 ] CVE-2014-9655 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9655 [ 8 ] CVE-2015-1547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1547 [ 9 ] CVE-2015-7313 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7313 [ 10 ] CVE-2015-7554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7554 [ 11 ] CVE-2015-8665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8665 [ 12 ] CVE-2015-8668 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8668 [ 13 ] CVE-2015-8683 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8683 [ 14 ] CVE-2015-8781 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8781 [ 15 ] CVE-2015-8782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8782 [ 16 ] CVE-2015-8783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8783 [ 17 ] CVE-2015-8784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8784 [ 18 ] CVE-2016-3186 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3186 [ 19 ] CVE-2016-3619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3619 [ 20 ] CVE-2016-3620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3620 [ 21 ] CVE-2016-3621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3621 [ 22 ] CVE-2016-3622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3622 [ 23 ] CVE-2016-3623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3623 [ 24 ] CVE-2016-3624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3624 [ 25 ] CVE-2016-3625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3625 [ 26 ] CVE-2016-3631 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3631 [ 27 ] CVE-2016-3632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3632 [ 28 ] CVE-2016-3633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3633 [ 29 ] CVE-2016-3634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3634 [ 30 ] CVE-2016-3658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3658 [ 31 ] CVE-2016-3945 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3945 [ 32 ] CVE-2016-3990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3990 [ 33 ] CVE-2016-3991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3991 [ 34 ] CVE-2016-5102 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5102 [ 35 ] CVE-2016-5314 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5314 [ 36 ] CVE-2016-5315 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5315 [ 37 ] CVE-2016-5316 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5316 [ 38 ] CVE-2016-5317 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5317 [ 39 ] CVE-2016-5318 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5318 [ 40 ] CVE-2016-5319 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5319 [ 41 ] CVE-2016-5320 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5320 [ 42 ] CVE-2016-5321 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5321 [ 43 ] CVE-2016-5322 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5322 [ 44 ] CVE-2016-5323 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5323 [ 45 ] CVE-2016-5652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5652 [ 46 ] CVE-2016-5875 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5875 [ 47 ] CVE-2016-6223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6223 [ 48 ] CVE-2016-8331 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8331 [ 49 ] CVE-2016-9273 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9273 [ 50 ] CVE-2016-9297 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9297 [ 51 ] CVE-2016-9318 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9318 [ 52 ] CVE-2016-9448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9448 [ 53 ] CVE-2016-9453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9453 [ 54 ] CVE-2016-9532 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9532

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201701-16

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

--WUa5dgL7FmU1aSF31hCrUKc2JiSevbqka--

. Multiple out-of-bounds read and write flaws could cause an application using the tiff library to crash.

For the oldstable distribution (wheezy), these problems have been fixed in version 4.0.2-6+deb7u5.

For the stable distribution (jessie), these problems have been fixed in version 4.0.3-12.3+deb8u1.

For the testing distribution (stretch), these problems have been fixed in version 4.0.6-1.

For the unstable distribution (sid), these problems have been fixed in version 4.0.6-1.

We recommend that you upgrade your tiff packages. 6) - i386, x86_64

3

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201604-0195",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "libtiff",
        "scope": null,
        "trust": 1.4,
        "vendor": "libtiff",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "libtiff",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "libtiff",
        "version": "4.0.7"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "7.0"
      },
      {
        "model": "gnu/linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "debian",
        "version": "7.0"
      },
      {
        "model": "gnu/linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "big-ip aam build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.66.204.442"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip aam hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip aam hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip aam build 685-hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "big-ip aam build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.40.1.256"
      },
      {
        "model": "vm server for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x863.4"
      },
      {
        "model": "big-ip aam hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1"
      },
      {
        "model": "big-ip aam build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.110.104.180"
      },
      {
        "model": "big-ip aam hf6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip aam hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.4"
      },
      {
        "model": "big-ip aam hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.24"
      },
      {
        "model": "big-ip aam hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "-0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.2"
      },
      {
        "model": "big-ip aam hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.0"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.4"
      },
      {
        "model": "big-ip aam hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-ip aam hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-ip aam hf11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.22"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip aam hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip aam hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip aam hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip aam hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.36"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "model": "big-ip aam hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip aam hf9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip aam hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip aam hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0"
      },
      {
        "model": "big-ip aam hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.34"
      },
      {
        "model": "big-ip aam build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.01.14.628"
      },
      {
        "model": "big-ip aam hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip aam hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.26"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.4"
      },
      {
        "model": "big-ip aam hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "big-ip aam hf9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.21"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip aam hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "vm server for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x863.3"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.31"
      },
      {
        "model": "big-ip aam hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0.4"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip aam hf6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip aam hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.3"
      },
      {
        "model": "big-ip aam hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "81696"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007063"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8784"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-074"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.0.7",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-8784"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Salvatore Bonaccorso",
    "sources": [
      {
        "db": "BID",
        "id": "81696"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-074"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2015-8784",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-8784",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-8784",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-8784",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201602-074",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-8784",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-8784"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007063"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8784"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-074"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif. LibTIFF is prone to a memory-corruption vulnerability. \nAn attacker could exploit this issue to execute arbitrary code in the  affected system. Failed exploit  attempts may result in  denial-of-service conditions. ============================================================================\nUbuntu Security Notice USN-2939-1\nMarch 23, 2016\n\ntiff vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nLibTIFF could be made to crash or run programs as your login if it opened a\nspecially crafted file. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n  libtiff5                        4.0.3-12.3ubuntu2.1\n\nUbuntu 14.04 LTS:\n  libtiff5                        4.0.3-7ubuntu0.4\n\nUbuntu 12.04 LTS:\n  libtiff4                        3.9.5-2ubuntu1.9\n\nIn general, a standard system update will make all the necessary changes. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: libtiff security update\nAdvisory ID:       RHSA-2016:1546-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-1546.html\nIssue date:        2016-08-02\nCVE Names:         CVE-2014-8127 CVE-2014-8129 CVE-2014-8130 \n                   CVE-2014-9330 CVE-2014-9655 CVE-2015-1547 \n                   CVE-2015-7554 CVE-2015-8665 CVE-2015-8668 \n                   CVE-2015-8683 CVE-2015-8781 CVE-2015-8782 \n                   CVE-2015-8783 CVE-2015-8784 CVE-2016-3632 \n                   CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 \n                   CVE-2016-5320 \n=====================================================================\n\n1. Summary:\n\nAn update for libtiff is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe libtiff packages contain a library of functions for manipulating Tagged\nImage File Format (TIFF) files. \n\nSecurity Fix(es):\n\n* Multiple flaws have been discovered in libtiff. A remote attacker could\nexploit these flaws to cause a crash or memory corruption and, possibly,\nexecute arbitrary code by tricking an application linked against libtiff\ninto processing specially crafted files. (CVE-2014-9655, CVE-2015-1547,\nCVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782,\nCVE-2015-8783, CVE-2016-3990, CVE-2016-5320)\n\n* Multiple flaws have been discovered in various libtiff tools (bmp2tiff,\npal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit,\ntiff2rgba). By tricking a user into processing a specially crafted file, a\nremote attacker could exploit these flaws to cause a crash or memory\ncorruption and, possibly, execute arbitrary code with the privileges of the\nuser running the libtiff tool. (CVE-2014-8127, CVE-2014-8129,\nCVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632,\nCVE-2016-3945, CVE-2016-3991)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running applications linked against libtiff must be restarted for this\nupdate to take effect. \n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nlibtiff-4.0.3-25.el7_2.src.rpm\n\nx86_64:\nlibtiff-4.0.3-25.el7_2.i686.rpm\nlibtiff-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-devel-4.0.3-25.el7_2.i686.rpm\nlibtiff-devel-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-static-4.0.3-25.el7_2.i686.rpm\nlibtiff-static-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-tools-4.0.3-25.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nlibtiff-4.0.3-25.el7_2.src.rpm\n\nx86_64:\nlibtiff-4.0.3-25.el7_2.i686.rpm\nlibtiff-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-devel-4.0.3-25.el7_2.i686.rpm\nlibtiff-devel-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-static-4.0.3-25.el7_2.i686.rpm\nlibtiff-static-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-tools-4.0.3-25.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nlibtiff-4.0.3-25.el7_2.src.rpm\n\nppc64:\nlibtiff-4.0.3-25.el7_2.ppc.rpm\nlibtiff-4.0.3-25.el7_2.ppc64.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.ppc.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.ppc64.rpm\nlibtiff-devel-4.0.3-25.el7_2.ppc.rpm\nlibtiff-devel-4.0.3-25.el7_2.ppc64.rpm\n\nppc64le:\nlibtiff-4.0.3-25.el7_2.ppc64le.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.ppc64le.rpm\nlibtiff-devel-4.0.3-25.el7_2.ppc64le.rpm\n\ns390x:\nlibtiff-4.0.3-25.el7_2.s390.rpm\nlibtiff-4.0.3-25.el7_2.s390x.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.s390.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.s390x.rpm\nlibtiff-devel-4.0.3-25.el7_2.s390.rpm\nlibtiff-devel-4.0.3-25.el7_2.s390x.rpm\n\nx86_64:\nlibtiff-4.0.3-25.el7_2.i686.rpm\nlibtiff-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-devel-4.0.3-25.el7_2.i686.rpm\nlibtiff-devel-4.0.3-25.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nlibtiff-debuginfo-4.0.3-25.el7_2.ppc.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.ppc64.rpm\nlibtiff-static-4.0.3-25.el7_2.ppc.rpm\nlibtiff-static-4.0.3-25.el7_2.ppc64.rpm\nlibtiff-tools-4.0.3-25.el7_2.ppc64.rpm\n\nppc64le:\nlibtiff-debuginfo-4.0.3-25.el7_2.ppc64le.rpm\nlibtiff-static-4.0.3-25.el7_2.ppc64le.rpm\nlibtiff-tools-4.0.3-25.el7_2.ppc64le.rpm\n\ns390x:\nlibtiff-debuginfo-4.0.3-25.el7_2.s390.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.s390x.rpm\nlibtiff-static-4.0.3-25.el7_2.s390.rpm\nlibtiff-static-4.0.3-25.el7_2.s390x.rpm\nlibtiff-tools-4.0.3-25.el7_2.s390x.rpm\n\nx86_64:\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-static-4.0.3-25.el7_2.i686.rpm\nlibtiff-static-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-tools-4.0.3-25.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nlibtiff-4.0.3-25.el7_2.src.rpm\n\nx86_64:\nlibtiff-4.0.3-25.el7_2.i686.rpm\nlibtiff-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-devel-4.0.3-25.el7_2.i686.rpm\nlibtiff-devel-4.0.3-25.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-static-4.0.3-25.el7_2.i686.rpm\nlibtiff-static-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-tools-4.0.3-25.el7_2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-8127\nhttps://access.redhat.com/security/cve/CVE-2014-8129\nhttps://access.redhat.com/security/cve/CVE-2014-8130\nhttps://access.redhat.com/security/cve/CVE-2014-9330\nhttps://access.redhat.com/security/cve/CVE-2014-9655\nhttps://access.redhat.com/security/cve/CVE-2015-1547\nhttps://access.redhat.com/security/cve/CVE-2015-7554\nhttps://access.redhat.com/security/cve/CVE-2015-8665\nhttps://access.redhat.com/security/cve/CVE-2015-8668\nhttps://access.redhat.com/security/cve/CVE-2015-8683\nhttps://access.redhat.com/security/cve/CVE-2015-8781\nhttps://access.redhat.com/security/cve/CVE-2015-8782\nhttps://access.redhat.com/security/cve/CVE-2015-8783\nhttps://access.redhat.com/security/cve/CVE-2015-8784\nhttps://access.redhat.com/security/cve/CVE-2016-3632\nhttps://access.redhat.com/security/cve/CVE-2016-3945\nhttps://access.redhat.com/security/cve/CVE-2016-3990\nhttps://access.redhat.com/security/cve/CVE-2016-3991\nhttps://access.redhat.com/security/cve/CVE-2016-5320\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXoNKIXlSAg2UNWIIRAn0mAJ49V9uRtJCn4vAWPIfVZ3ptCa4NDQCbBuTb\nH5YX3gD3gJu8C4EadiP+wtg=\n=Z4gh\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201701-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: libTIFF: Multiple vulnerabilities\n     Date: January 09, 2017\n     Bugs: #484542, #534108, #538318, #561880, #572876, #585274,\n           #585508, #599746\n       ID: 201701-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in libTIFF, the worst of which\nmay allow execution of arbitrary code. It is called by numerous programs, including GNOME\nand KDE applications, to interpret TIFF images. Please review\nthe CVE identifier and bug reports referenced for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll libTIFF users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=media-libs/tiff-4.0.7\"\n\nReferences\n==========\n\n[  1 ] CVE-2013-4243\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4243\n[  2 ] CVE-2014-8127\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8127\n[  3 ] CVE-2014-8128\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8128\n[  4 ] CVE-2014-8129\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8129\n[  5 ] CVE-2014-8130\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8130\n[  6 ] CVE-2014-9330\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9330\n[  7 ] CVE-2014-9655\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9655\n[  8 ] CVE-2015-1547\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1547\n[  9 ] CVE-2015-7313\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7313\n[ 10 ] CVE-2015-7554\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7554\n[ 11 ] CVE-2015-8665\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8665\n[ 12 ] CVE-2015-8668\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8668\n[ 13 ] CVE-2015-8683\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8683\n[ 14 ] CVE-2015-8781\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8781\n[ 15 ] CVE-2015-8782\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8782\n[ 16 ] CVE-2015-8783\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8783\n[ 17 ] CVE-2015-8784\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8784\n[ 18 ] CVE-2016-3186\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3186\n[ 19 ] CVE-2016-3619\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3619\n[ 20 ] CVE-2016-3620\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3620\n[ 21 ] CVE-2016-3621\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3621\n[ 22 ] CVE-2016-3622\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3622\n[ 23 ] CVE-2016-3623\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3623\n[ 24 ] CVE-2016-3624\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3624\n[ 25 ] CVE-2016-3625\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3625\n[ 26 ] CVE-2016-3631\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3631\n[ 27 ] CVE-2016-3632\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3632\n[ 28 ] CVE-2016-3633\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3633\n[ 29 ] CVE-2016-3634\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3634\n[ 30 ] CVE-2016-3658\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3658\n[ 31 ] CVE-2016-3945\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3945\n[ 32 ] CVE-2016-3990\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3990\n[ 33 ] CVE-2016-3991\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3991\n[ 34 ] CVE-2016-5102\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5102\n[ 35 ] CVE-2016-5314\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5314\n[ 36 ] CVE-2016-5315\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5315\n[ 37 ] CVE-2016-5316\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5316\n[ 38 ] CVE-2016-5317\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5317\n[ 39 ] CVE-2016-5318\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5318\n[ 40 ] CVE-2016-5319\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5319\n[ 41 ] CVE-2016-5320\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5320\n[ 42 ] CVE-2016-5321\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5321\n[ 43 ] CVE-2016-5322\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5322\n[ 44 ] CVE-2016-5323\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5323\n[ 45 ] CVE-2016-5652\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5652\n[ 46 ] CVE-2016-5875\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5875\n[ 47 ] CVE-2016-6223\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6223\n[ 48 ] CVE-2016-8331\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8331\n[ 49 ] CVE-2016-9273\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9273\n[ 50 ] CVE-2016-9297\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9297\n[ 51 ] CVE-2016-9318\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9318\n[ 52 ] CVE-2016-9448\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9448\n[ 53 ] CVE-2016-9453\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9453\n[ 54 ] CVE-2016-9532\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9532\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201701-16\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n--WUa5dgL7FmU1aSF31hCrUKc2JiSevbqka--\n\n. Multiple out-of-bounds read and write flaws could cause an\napplication using the tiff library to crash. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 4.0.2-6+deb7u5. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 4.0.3-12.3+deb8u1. \n\nFor the testing distribution (stretch), these problems have been fixed\nin version 4.0.6-1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.0.6-1. \n\nWe recommend that you upgrade your tiff packages. 6) - i386, x86_64\n\n3",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-8784"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007063"
      },
      {
        "db": "BID",
        "id": "81696"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-8784"
      },
      {
        "db": "PACKETSTORM",
        "id": "136385"
      },
      {
        "db": "PACKETSTORM",
        "id": "138137"
      },
      {
        "db": "PACKETSTORM",
        "id": "140402"
      },
      {
        "db": "PACKETSTORM",
        "id": "135662"
      },
      {
        "db": "PACKETSTORM",
        "id": "138138"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-8784",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "81696",
        "trust": 2.0
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2016/01/24/4",
        "trust": 1.7
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2016/01/24/8",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007063",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-074",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-8784",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136385",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138137",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140402",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "135662",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138138",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-8784"
      },
      {
        "db": "BID",
        "id": "81696"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007063"
      },
      {
        "db": "PACKETSTORM",
        "id": "136385"
      },
      {
        "db": "PACKETSTORM",
        "id": "138137"
      },
      {
        "db": "PACKETSTORM",
        "id": "140402"
      },
      {
        "db": "PACKETSTORM",
        "id": "135662"
      },
      {
        "db": "PACKETSTORM",
        "id": "138138"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8784"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-074"
      }
    ]
  },
  "id": "VAR-201604-0195",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.44532526
  },
  "last_update_date": "2023-12-18T10:53:49.464000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Bug 2508",
        "trust": 0.8,
        "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2508"
      },
      {
        "title": "DSA-3467",
        "trust": 0.8,
        "url": "https://www.debian.org/security/2016/dsa-3467"
      },
      {
        "title": "* libtiff/tif_next.c: fix potential out-of-bound write in NeXTDecode()",
        "trust": 0.8,
        "url": "https://github.com/vadz/libtiff/commit/b18012dae552f85dcc5c57d3bf4e997a15b1cc1c"
      },
      {
        "title": "Silicon Graphics LibTiff\u0027NeXTDecode()\u0027 Fixes for function denial of service vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=60064"
      },
      {
        "title": "Red Hat: CVE-2015-8784",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-8784"
      },
      {
        "title": "Ubuntu Security Notice: tiff vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2939-1"
      },
      {
        "title": "Debian CVElist Bug Report Logs: tiff: CVE-2015-8683: out-of-bounds read in CIE Lab image format",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=390434416e4acde3bf8b99e4da032c83"
      },
      {
        "title": "Debian CVElist Bug Report Logs: tiff: CVE-2015-8665: out-of-bound read in tif_getimage.c",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=6ec319e5239f23b8cfa3b133cf8edbf4"
      },
      {
        "title": "Debian Security Advisories: DSA-3467-1 tiff -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a8a45052489cbaa9fb33682f27d831b9"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2016-734",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-734"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2016-733",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-733"
      },
      {
        "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=6c15273f6bf4a785175f27073b98a1ce"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=0bd8c924b56aac98dda0f5b45f425f38"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=976a4da35d55283870dbb31b88a6c655"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-8784"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007063"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-074"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-119",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007063"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8784"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2508"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/81696"
      },
      {
        "trust": 1.8,
        "url": "http://www.ubuntu.com/usn/usn-2939-1"
      },
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/201701-16"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1547.html"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1546.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.openwall.com/lists/oss-security/2016/01/24/4"
      },
      {
        "trust": 1.7,
        "url": "http://www.openwall.com/lists/oss-security/2016/01/24/8"
      },
      {
        "trust": 1.7,
        "url": "https://github.com/vadz/libtiff/commit/b18012dae552f85dcc5c57d3bf4e997a15b1cc1c"
      },
      {
        "trust": 1.7,
        "url": "http://www.debian.org/security/2016/dsa-3467"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8784"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8784"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8782"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8781"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8683"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8784"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8665"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8783"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-8784"
      },
      {
        "trust": 0.3,
        "url": "http://www.libtiff.org/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024132"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024193"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/oss-sec/2016/q1/191"
      },
      {
        "trust": 0.3,
        "url": "https://support.f5.com/kb/en-us/solutions/public/k/89/sol89096577.html?sr=59127075"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3632"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8668"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8127"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7554"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8130"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9655"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8129"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9330"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1547"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-8129"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-9330"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-3991"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-8665"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-8683"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-3632"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-3945"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-8782"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3945"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-8127"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-8781"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5320"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-9655"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-5320"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3990"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3991"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-8783"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-8130"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-1547"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-3990"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-7554"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-8668"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/787.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2939-1/"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/tiff/3.9.5-2ubuntu1.9"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/tiff/4.0.3-7ubuntu0.4"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/tiff/4.0.3-12.3ubuntu2.1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3625"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6223"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7313"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3990"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5319"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8127"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3619"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8128"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3634"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5321"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8783"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9655"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3633"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8782"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3632"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7554"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5875"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9318"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3622"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3631"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8784"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3624"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3623"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5314"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-8331"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3624"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4243"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1547"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5317"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3621"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3631"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9330"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9297"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3620"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9453"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3620"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9273"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8129"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8128"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5316"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5652"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3991"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3621"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8781"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3186"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3623"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9448"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5315"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3186"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3622"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5102"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3658"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5323"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8130"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5322"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3625"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8665"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5318"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3945"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3619"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3633"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8668"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5320"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8683"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7313"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9532"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4243"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-8784"
      },
      {
        "db": "BID",
        "id": "81696"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007063"
      },
      {
        "db": "PACKETSTORM",
        "id": "136385"
      },
      {
        "db": "PACKETSTORM",
        "id": "138137"
      },
      {
        "db": "PACKETSTORM",
        "id": "140402"
      },
      {
        "db": "PACKETSTORM",
        "id": "135662"
      },
      {
        "db": "PACKETSTORM",
        "id": "138138"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8784"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-074"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2015-8784"
      },
      {
        "db": "BID",
        "id": "81696"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007063"
      },
      {
        "db": "PACKETSTORM",
        "id": "136385"
      },
      {
        "db": "PACKETSTORM",
        "id": "138137"
      },
      {
        "db": "PACKETSTORM",
        "id": "140402"
      },
      {
        "db": "PACKETSTORM",
        "id": "135662"
      },
      {
        "db": "PACKETSTORM",
        "id": "138138"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8784"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-074"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-04-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-8784"
      },
      {
        "date": "2016-01-24T00:00:00",
        "db": "BID",
        "id": "81696"
      },
      {
        "date": "2016-04-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-007063"
      },
      {
        "date": "2016-03-23T23:14:58",
        "db": "PACKETSTORM",
        "id": "136385"
      },
      {
        "date": "2016-08-02T23:00:03",
        "db": "PACKETSTORM",
        "id": "138137"
      },
      {
        "date": "2017-01-09T19:12:35",
        "db": "PACKETSTORM",
        "id": "140402"
      },
      {
        "date": "2016-02-08T18:25:00",
        "db": "PACKETSTORM",
        "id": "135662"
      },
      {
        "date": "2016-08-02T23:00:12",
        "db": "PACKETSTORM",
        "id": "138138"
      },
      {
        "date": "2016-04-13T17:59:06.490000",
        "db": "NVD",
        "id": "CVE-2015-8784"
      },
      {
        "date": "2016-01-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201602-074"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-12-31T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-8784"
      },
      {
        "date": "2016-12-20T01:01:00",
        "db": "BID",
        "id": "81696"
      },
      {
        "date": "2016-04-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-007063"
      },
      {
        "date": "2019-12-31T18:56:22.940000",
        "db": "NVD",
        "id": "CVE-2015-8784"
      },
      {
        "date": "2020-01-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201602-074"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "136385"
      },
      {
        "db": "PACKETSTORM",
        "id": "138137"
      },
      {
        "db": "PACKETSTORM",
        "id": "138138"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-074"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "LibTIFF of  tif_next.c of  NeXTDecode Service disruption in functions  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007063"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-074"
      }
    ],
    "trust": 0.6
  }
}

var-201803-0086
Vulnerability from variot

LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c. LibTIFF Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. LibTIFF is prone to multiple denial-of-service vulnerabilities. An attacker can exploit these issues to cause the application to crash, denying service to legitimate users. A denial of service vulnerability exists in Silicon Graphics LibTiff version 4.0.3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1


Mandriva Linux Security Advisory MDVSA-2015:147-1 http://www.mandriva.com/en/support/security/


Package : libtiff Date : March 30, 2015 Affected: Business Server 1.0


Problem Description:

Updated libtiff packages fix security vulnerabilities:

The libtiff image decoder library contains several issues that could cause the decoder to crash when reading crafted TIFF images (CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130, CVE-2014-9655, CVE-2015-1547).

Update:

Packages for Mandriva Business Server 1 are now being provided.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8127 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8128 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8129 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8130 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9655 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1547 http://advisories.mageia.org/MGASA-2015-0112.html


Updated Packages:

Mandriva Business Server 1/X86_64: f8727a71ac4ec2d7d4f1b633d6953822 mbs1/x86_64/lib64tiff5-4.0.4-0.1.mbs1.x86_64.rpm 32cdb5ebbe9aa26837e492bbc226f6eb mbs1/x86_64/lib64tiff-devel-4.0.4-0.1.mbs1.x86_64.rpm 917c2cf43c35469c768e62f9b670efd0 mbs1/x86_64/lib64tiff-static-devel-4.0.4-0.1.mbs1.x86_64.rpm 36ff180f975358b530230a3c0bf6ee64 mbs1/x86_64/libtiff-progs-4.0.4-0.1.mbs1.x86_64.rpm abad0883b65d252bd62ca2ea163a0754 mbs1/SRPMS/libtiff-4.0.4-0.1.mbs1.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security.

Background

The TIFF library contains encoding and decoding routines for the Tag Image File Format. It is called by numerous programs, including GNOME and KDE applications, to interpret TIFF images.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 media-libs/tiff < 4.0.7 >= 4.0.7

Description

Multiple vulnerabilities have been discovered in libTIFF. Please review the CVE identifier and bug reports referenced for details.

Workaround

There is no known workaround at this time.

Resolution

All libTIFF users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/tiff-4.0.7"

References

[ 1 ] CVE-2013-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4243 [ 2 ] CVE-2014-8127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8127 [ 3 ] CVE-2014-8128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8128 [ 4 ] CVE-2014-8129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8129 [ 5 ] CVE-2014-8130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8130 [ 6 ] CVE-2014-9330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9330 [ 7 ] CVE-2014-9655 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9655 [ 8 ] CVE-2015-1547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1547 [ 9 ] CVE-2015-7313 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7313 [ 10 ] CVE-2015-7554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7554 [ 11 ] CVE-2015-8665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8665 [ 12 ] CVE-2015-8668 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8668 [ 13 ] CVE-2015-8683 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8683 [ 14 ] CVE-2015-8781 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8781 [ 15 ] CVE-2015-8782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8782 [ 16 ] CVE-2015-8783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8783 [ 17 ] CVE-2015-8784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8784 [ 18 ] CVE-2016-3186 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3186 [ 19 ] CVE-2016-3619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3619 [ 20 ] CVE-2016-3620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3620 [ 21 ] CVE-2016-3621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3621 [ 22 ] CVE-2016-3622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3622 [ 23 ] CVE-2016-3623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3623 [ 24 ] CVE-2016-3624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3624 [ 25 ] CVE-2016-3625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3625 [ 26 ] CVE-2016-3631 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3631 [ 27 ] CVE-2016-3632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3632 [ 28 ] CVE-2016-3633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3633 [ 29 ] CVE-2016-3634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3634 [ 30 ] CVE-2016-3658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3658 [ 31 ] CVE-2016-3945 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3945 [ 32 ] CVE-2016-3990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3990 [ 33 ] CVE-2016-3991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3991 [ 34 ] CVE-2016-5102 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5102 [ 35 ] CVE-2016-5314 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5314 [ 36 ] CVE-2016-5315 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5315 [ 37 ] CVE-2016-5316 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5316 [ 38 ] CVE-2016-5317 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5317 [ 39 ] CVE-2016-5318 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5318 [ 40 ] CVE-2016-5319 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5319 [ 41 ] CVE-2016-5320 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5320 [ 42 ] CVE-2016-5321 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5321 [ 43 ] CVE-2016-5322 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5322 [ 44 ] CVE-2016-5323 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5323 [ 45 ] CVE-2016-5652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5652 [ 46 ] CVE-2016-5875 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5875 [ 47 ] CVE-2016-6223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6223 [ 48 ] CVE-2016-8331 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8331 [ 49 ] CVE-2016-9273 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9273 [ 50 ] CVE-2016-9297 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9297 [ 51 ] CVE-2016-9318 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9318 [ 52 ] CVE-2016-9448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9448 [ 53 ] CVE-2016-9453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9453 [ 54 ] CVE-2016-9532 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9532

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201701-16

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us.

License

Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

--WUa5dgL7FmU1aSF31hCrUKc2JiSevbqka--

.

For the oldstable distribution (wheezy), these problems have been fixed in version 4.0.2-6+deb7u4.

For the stable distribution (jessie), these problems have been fixed before the initial release.

We recommend that you upgrade your tiff packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2015-06-30-1 iOS 8.4

iOS 8.4 is now available and addresses the following:

Application Store Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious universal provisioning profile app may prevent apps from launching Description: An issue existed in the install logic for universal provisioning profile apps, which allowed a collision to occur with existing bundle IDs. CVE-ID CVE-2015-3722 : Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei from FireEye, Inc. CVE-ID CVE-2015-3710 : Aaron Sigel of vtty.com, Jan Soucek

MobileInstallation Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious universal provisioning profile app can prevent a Watch app from launching Description: An issue existed in the install logic for universal provisioning profile apps on the Watch which allowed a collision to occur with existing bundle IDs. CVE-ID CVE-2015-3725 : Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei from FireEye, Inc.

Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may compromise user information on the filesystem Description: A state management issue existed in Safari that allowed unprivileged origins to access contents on the filesystem. CVE-ID CVE-2015-1155 : Joe Vennix of Rapid7 Inc. CVE-ID CVE-2015-3726 : Matt Spisak of Endgame

WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website by clicking a link may lead to user interface spoofing Description: An issue existed in the handling of the rel attribute in anchor elements. Target objects could get unauthorized access to link objects. CVE-ID CVE-2015-3659 : Peter Rutenbar working with HP's Zero Day Initiative

WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted website can access the WebSQL databases of other websites Description: An issue existed in the authorization checks for renaming WebSQL tables which could have allowed a maliciously crafted website to access databases belonging to other websites. CVE-ID CVE-2015-3728 : Brian W. Gray of Carnegie Mellon University, Craig Young from TripWire

Installation note:

This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/

iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

  • Navigate to Settings
  • Select General
  • Select About. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005

OS X Yosemite v10.10.4 and Security Update 2015-005 are now available and address the following:

Admin Framework Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A process may gain admin privileges without proper authentication Description: An issue existed when checking XPC entitlements. This issue was addressed through improved entitlement checking. CVE-ID CVE-2015-3671 : Emil Kvarnhammar at TrueSec

Admin Framework Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A non-admin user may obtain admin rights Description: An issue existed in the handling of user authentication. This issue was addressed through improved error checking. CVE-ID CVE-2015-3672 : Emil Kvarnhammar at TrueSec

Admin Framework Available for: OS X Yosemite v10.10 to v10.10.3 Impact: An attacker may abuse Directory Utility to gain root privileges Description: Directory Utility was able to be moved and modified to achieve code execution within an entitled process. This issue was addressed by limiting the disk location that writeconfig clients may be executed from. CVE-ID CVE-2015-3673 : Patrick Wardle of Synack, Emil Kvarnhammar at TrueSec

afpserver Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the AFP server. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3674 : Dean Jerkovich of NCC Group

apache Available for: OS X Yosemite v10.10 to v10.10.3 Impact: An attacker may be able to access directories that are protected with HTTP authentication without knowing the correct credentials Description: The default Apache configuration did not include mod_hfs_apple. If Apache was manually enabled and the configuration was not changed, some files that should not be accessible might have been accessible using a specially crafted URL. This issue was addressed by enabling mod_hfs_apple. CVE-ID CVE-2015-3675 : Apple

apache Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Multiple vulnerabilities exist in PHP, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.24 and 5.4.40. These were addressed by updating PHP to versions 5.5.24 and 5.4.40. CVE-ID CVE-2015-0235 CVE-2015-0273

AppleGraphicsControl Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in AppleGraphicsControl which could have led to the disclosure of kernel memory layout. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-3676 : Chen Liang of KEEN Team

AppleFSCompression Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in LZVN compression that could have led to the disclosure of kernel memory content. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3677 : an anonymous researcher working with HP's Zero Day Initiative

AppleThunderboltEDMService Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the handling of certain Thunderbolt commands from local processes. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3678 : Apple

ATS Available for: OS X Yosemite v10.10 to v10.10.3 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in handling of certain fonts. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3679 : Pawel Wylecial working with HP's Zero Day Initiative CVE-2015-3680 : Pawel Wylecial working with HP's Zero Day Initiative CVE-2015-3681 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3682 : Nuode Wei

Bluetooth Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the Bluetooth HCI interface. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3683 : Roberto Paleari and Aristide Fattori of Emaze Networks

Certificate Trust Policy Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: An attacker with a privileged network position may be able to intercept network traffic Description: An intermediate certificate was incorrectly issued by the certificate authority CNNIC. This issue was addressed through the addition of a mechanism to trust only a subset of certificates issued prior to the mis-issuance of the intermediate. Further details are available at https://support.apple.com/en-us/HT204938

Certificate Trust Policy Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/en- us/HT202858.

CFNetwork HTTPAuthentication Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Following a maliciously crafted URL may lead to arbitrary code execution Description: A memory corruption issue existed in handling of certain URL credentials. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3684 : Apple

CoreText Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Processing a maliciously crafted text file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the processing of text files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-1157 CVE-2015-3685 : Apple CVE-2015-3686 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3687 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3688 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3689 : Apple

coreTLS Available for: OS X Yosemite v10.10 to v10.10.3 Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: coreTLS accepted short ephemeral Diffie-Hellman (DH) keys, as used in export-strength ephemeral DH cipher suites. This issue, also known as Logjam, allowed an attacker with a privileged network position to downgrade security to 512-bit DH if the server supported an export-strength ephemeral DH cipher suite. The issue was addressed by increasing the default minimum size allowed for DH ephemeral keys to 768 bits. CVE-ID CVE-2015-4000 : The weakdh team at weakdh.org, Hanno Boeck

DiskImages Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to determine kernel memory layout Description: An information disclosure issue existed in the processing of disk images. This issue was addressed through improved memory management. CVE-ID CVE-2015-3690 : Peter Rutenbar working with HP's Zero Day Initiative

Display Drivers Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An issue existed in the Monitor Control Command Set kernel extension by which a userland process could control the value of a function pointer within the kernel. The issue was addressed by removing the affected interface. CVE-ID CVE-2015-3691 : Roberto Paleari and Aristide Fattori of Emaze Networks

EFI Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application with root privileges may be able to modify EFI flash memory Description: An insufficient locking issue existed with EFI flash when resuming from sleep states. This issue was addressed through improved locking. CVE-ID CVE-2015-3692 : Trammell Hudson of Two Sigma Investments, Xeno Kovah and Corey Kallenberg of LegbaCore LLC, Pedro Vilaca

EFI Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may induce memory corruption to escalate privileges Description: A disturbance error, also known as Rowhammer, exists with some DDR3 RAM that could have led to memory corruption. This issue was mitigated by increasing memory refresh rates. CVE-ID CVE-2015-3693 : Mark Seaborn and Thomas Dullien of Google, working from original research by Yoongu Kim et al (2014)

FontParser Available for: OS X Yosemite v10.10 to v10.10.3 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-3694 : John Villamil (@day6reak), Yahoo Pentest Team

Graphics Driver Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out of bounds write issue existed in NVIDIA graphics driver. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-3712 : Ian Beer of Google Project Zero

Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Multiple buffer overflow issues exist in the Intel graphics driver, the most serious of which may lead to arbitrary code execution with system privileges Description: Multiple buffer overflow issues existed in the Intel graphics driver. These were addressed through additional bounds checks. CVE-ID CVE-2015-3695 : Ian Beer of Google Project Zero CVE-2015-3696 : Ian Beer of Google Project Zero CVE-2015-3697 : Ian Beer of Google Project Zero CVE-2015-3698 : Ian Beer of Google Project Zero CVE-2015-3699 : Ian Beer of Google Project Zero CVE-2015-3700 : Ian Beer of Google Project Zero CVE-2015-3701 : Ian Beer of Google Project Zero CVE-2015-3702 : KEEN Team

ImageIO Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Multiple vulnerabilities existed in libtiff, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libtiff versions prior to 4.0.4. They were addressed by updating libtiff to version 4.0.4. CVE-ID CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130

ImageIO Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Processing a maliciously crafted .tiff file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of .tiff files. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-3703 : Apple

Install Framework Legacy Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Several issues existed in how Install.framework's 'runner' setuid binary dropped privileges. This was addressed by properly dropping privileges. CVE-ID CVE-2015-3704 : Ian Beer of Google Project Zero

IOAcceleratorFamily Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues existed in IOAcceleratorFamily. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3705 : KEEN Team CVE-2015-3706 : KEEN Team

IOFireWireFamily Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple null pointer dereference issues existed in the FireWire driver. These issues were addressed through improved error checking. CVE-ID CVE-2015-3707 : Roberto Paleari and Aristide Fattori of Emaze Networks

Kernel Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to determine kernel memory layout Description: A memory management issue existed in the handling of APIs related to kernel extensions which could have led to the disclosure of kernel memory layout. This issue was addressed through improved memory management. CVE-ID CVE-2015-3720 : Stefan Esser

Kernel Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to determine kernel memory layout Description: A memory management issue existed in the handling of HFS parameters which could have led to the disclosure of kernel memory layout. This issue was addressed through improved memory management. CVE-ID CVE-2015-3721 : Ian Beer of Google Project Zero

kext tools Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to overwrite arbitrary files Description: kextd followed symbolic links while creating a new file. This issue was addressed through improved handling of symbolic links. CVE-ID CVE-2015-3708 : Ian Beer of Google Project Zero

kext tools Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A local user may be able to load unsigned kernel extensions Description: A time-of-check time-of-use (TOCTOU) race condition condition existed while validating the paths of kernel extensions. This issue was addressed through improved checks to validate the path of the kernel extensions. CVE-ID CVE-2015-3709 : Ian Beer of Google Project Zero

Mail Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A maliciously crafted email can replace the message content with an arbitrary webpage when the message is viewed Description: An issue existed in the support for HTML email which allowed message content to be refreshed with an arbitrary webpage. The issue was addressed through restricted support for HTML content. CVE-ID CVE-2015-3710 : Aaron Sigel of vtty.com, Jan Soucek

ntfs Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in NTFS that could have led to the disclosure of kernel memory content. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3711 : Peter Rutenbar working with HP's Zero Day Initiative

ntp Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: An attacker in a privileged position may be able to perform a denial of service attack against two ntp clients Description: Multiple issues existed in the authentication of ntp packets being received by configured end-points. These issues were addressed through improved connection state management. CVE-ID CVE-2015-1798 CVE-2015-1799

OpenSSL Available for: OS X Yosemite v10.10 to v10.10.3 Impact: Multiple issues exist in OpenSSL, including one that may allow an attacker to intercept connections to a server that supports export-grade ciphers Description: Multiple issues existed in OpenSSL 0.9.8zd which were addressed by updating OpenSSL to version 0.9.8zf. CVE-ID CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0293

QuickTime Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Processing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3661 : G. Geshev working with HP's Zero Day Initiative CVE-2015-3662 : kdot working with HP's Zero Day Initiative CVE-2015-3663 : kdot working with HP's Zero Day Initiative CVE-2015-3666 : Steven Seeley of Source Incite working with HP's Zero Day Initiative CVE-2015-3667 : Ryan Pentney, Richard Johnson of Cisco Talos and Kai Lu of Fortinet's FortiGuard Labs, Ryan Pentney, and Richard Johnson of Cisco Talos and Kai Lu of Fortinet's FortiGuard Labs CVE-2015-3668 : Kai Lu of Fortinet's FortiGuard Labs CVE-2015-3713 : Apple

Security Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the Security framework code for parsing S/MIME e-mail and some other signed or encrypted objects. This issue was addressed through improved validity checking. CVE-ID CVE-2013-1741

Security Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Tampered applications may not be prevented from launching Description: Apps using custom resource rules may have been susceptible to tampering that would not have invalidated the signature. This issue was addressed with improved resource validation. CVE-ID CVE-2015-3714 : Joshua Pitts of Leviathan Security Group

Security Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to bypass code signing checks Description: An issue existed where code signing did not verify libraries loaded outside the application bundle. This issue was addressed with improved bundle verification. CVE-ID CVE-2015-3715 : Patrick Wardle of Synack

Spotlight Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Searching for a malicious file with Spotlight may lead to command injection Description: A command injection vulnerability existed in the handling of filenames of photos added to the local photo library. This issue was addressed through improved input validation. CVE-ID CVE-2015-3716 : Apple

SQLite Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: Multiple buffer overflows existed in SQLite's printf implementation. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-3717 : Peter Rutenbar working with HP's Zero Day Initiative

System Stats Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious app may be able to compromise systemstatsd Description: A type confusion issue existed in systemstatsd's handling of interprocess communication. By sending a maliciously formatted message to systemstatsd, it may have been possible to execute arbitrary code as the systemstatsd process. The issue was addressed through additional type checking. CVE-ID CVE-2015-3718 : Roberto Paleari and Aristide Fattori of Emaze Networks

TrueTypeScaler Available for: OS X Yosemite v10.10 to v10.10.3 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-3719 : John Villamil (@day6reak), Yahoo Pentest Team

zip Available for: OS X Yosemite v10.10 to v10.10.3 Impact: Extracting a maliciously crafted zip file using the unzip tool may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the handling of zip files. These issues were addressed through improved memory handling. CVE-ID

CVE-2014-8139 CVE-2014-8140 CVE-2014-8141

OS X Yosemite 10.10.4 includes the security content of Safari 8.0.7. https://support.apple.com/en-us/HT204950

OS X Yosemite 10.10.4 and Security Update 2015-005 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2 Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJVksFmAAoJEBcWfLTuOo7tV1AQAIYpkOMpHp181b+70sgyZ/Ue mFM527FFGDfLLuIW6LTcBsEFe9cfZxumB8eOFPirTNRK7krsVMo1W+faHXyWOnx7 kbWylHdhaoxnX+A6Gj0vP71V6TNNsTi9+2dmdmHUnwxZ7Ws5QCNKebumUG3MMXXo EKxE5SNSNKyMSSYmliS26cdl8fWrmg9qTxiZQnxjOCrg/CNAolgVIRRfdMUL7i4w aGAyrlJXOxFOuNkqdHX2luccuHFV7aW/dIXQ4MyjiRNl/bWrBQmQlneLLpPdFZlH cMfGa2/baaNaCbU/GqhNKbO4fKYVaqQWzfUrtqX0+bRv2wmOq33ARy9KE23bYTvL U4E9x9z87LsLXGAdjUi6MDe5g87DcmwIEigfF6/EHbDYa/2VvSdIa74XRv/JCN1+ aftHLotin76h4qV/dCAPf5J/Fr/1KFCM0IphhG7p+7fVTfyy7YDXNBiKCEZzLf8U TUWLUCgQhobtakqwzQJ5qyF8u63xzVXj8oeTOw6iiY/BLlj9def5LMm/z6ZKGTyC 3c4+Sy5XvBHZoeiwdcndTVpnFbmmjZRdeqtdW/zX5mHnxXPa3lZiGoBDhHQgIg6J 1tTVtnO1JSLXVYDR6Evx1EH10Vgkt2wAGTLjljSLwtckoEqc78qMAT1G5U4nFffI +gGm5FbAxjxElgA/gbaq =KLda -----END PGP SIGNATURE-----

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201803-0086",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "libtiff",
        "version": "4.0.3"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.8.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.10.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.10.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.10.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.10.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.9.5"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "7.0"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.4"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.4"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "gnu/linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "model": "mac os x",
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "ios",
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "enterprise linux server",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "enterprise linux server aus",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "enterprise linux server eus",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "enterprise linux server tus",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0"
      },
      {
        "model": "vm server for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x863.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.3"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1x8664"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.2"
      },
      {
        "model": "ios beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.1"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.24"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.1"
      },
      {
        "model": "ios beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "64"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.10"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.4"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.22"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.36"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.9"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.2"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.4"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "ios beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.34"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.26"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.10"
      },
      {
        "model": "ios for developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.7"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.4"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.21"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "vm server for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x863.3"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.31"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.4"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.3"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "72352"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008539"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-700"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8129"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:libtiff:libtiff:4.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:iphone:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:ipad2:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:ipodtouch:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-8129"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "William Robinet and american fuzzy lop",
    "sources": [
      {
        "db": "BID",
        "id": "72352"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-700"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2014-8129",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2014-8129",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-76074",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2014-8129",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-8129",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201501-700",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-76074",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-8129",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-76074"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-8129"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008539"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-700"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8129"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c. LibTIFF Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. LibTIFF is prone to multiple denial-of-service vulnerabilities. \nAn attacker can exploit these issues to cause the application to crash, denying service to legitimate users. A denial of service vulnerability exists in Silicon Graphics LibTiff version 4.0.3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory                       MDVSA-2015:147-1\n http://www.mandriva.com/en/support/security/\n _______________________________________________________________________\n\n Package : libtiff\n Date    : March 30, 2015\n Affected: Business Server 1.0\n _______________________________________________________________________\n\n Problem Description:\n\n Updated libtiff packages fix security vulnerabilities:\n \n The libtiff image decoder library contains several issues that\n could cause the decoder to crash when reading crafted TIFF images\n (CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130,\n CVE-2014-9655, CVE-2015-1547). \n\n Update:\n\n Packages for Mandriva Business Server 1 are now being provided. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8127\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8128\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8129\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8130\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9655\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1547\n http://advisories.mageia.org/MGASA-2015-0112.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n f8727a71ac4ec2d7d4f1b633d6953822  mbs1/x86_64/lib64tiff5-4.0.4-0.1.mbs1.x86_64.rpm\n 32cdb5ebbe9aa26837e492bbc226f6eb  mbs1/x86_64/lib64tiff-devel-4.0.4-0.1.mbs1.x86_64.rpm\n 917c2cf43c35469c768e62f9b670efd0  mbs1/x86_64/lib64tiff-static-devel-4.0.4-0.1.mbs1.x86_64.rpm\n 36ff180f975358b530230a3c0bf6ee64  mbs1/x86_64/libtiff-progs-4.0.4-0.1.mbs1.x86_64.rpm \n abad0883b65d252bd62ca2ea163a0754  mbs1/SRPMS/libtiff-4.0.4-0.1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. \n\nBackground\n==========\n\nThe TIFF library contains encoding and decoding routines for the Tag\nImage File Format. It is called by numerous programs, including GNOME\nand KDE applications, to interpret TIFF images. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  media-libs/tiff              \u003c 4.0.7                    \u003e= 4.0.7\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in libTIFF. Please review\nthe CVE identifier and bug reports referenced for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll libTIFF users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=media-libs/tiff-4.0.7\"\n\nReferences\n==========\n\n[  1 ] CVE-2013-4243\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4243\n[  2 ] CVE-2014-8127\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8127\n[  3 ] CVE-2014-8128\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8128\n[  4 ] CVE-2014-8129\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8129\n[  5 ] CVE-2014-8130\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8130\n[  6 ] CVE-2014-9330\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9330\n[  7 ] CVE-2014-9655\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9655\n[  8 ] CVE-2015-1547\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1547\n[  9 ] CVE-2015-7313\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7313\n[ 10 ] CVE-2015-7554\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7554\n[ 11 ] CVE-2015-8665\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8665\n[ 12 ] CVE-2015-8668\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8668\n[ 13 ] CVE-2015-8683\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8683\n[ 14 ] CVE-2015-8781\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8781\n[ 15 ] CVE-2015-8782\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8782\n[ 16 ] CVE-2015-8783\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8783\n[ 17 ] CVE-2015-8784\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8784\n[ 18 ] CVE-2016-3186\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3186\n[ 19 ] CVE-2016-3619\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3619\n[ 20 ] CVE-2016-3620\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3620\n[ 21 ] CVE-2016-3621\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3621\n[ 22 ] CVE-2016-3622\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3622\n[ 23 ] CVE-2016-3623\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3623\n[ 24 ] CVE-2016-3624\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3624\n[ 25 ] CVE-2016-3625\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3625\n[ 26 ] CVE-2016-3631\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3631\n[ 27 ] CVE-2016-3632\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3632\n[ 28 ] CVE-2016-3633\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3633\n[ 29 ] CVE-2016-3634\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3634\n[ 30 ] CVE-2016-3658\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3658\n[ 31 ] CVE-2016-3945\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3945\n[ 32 ] CVE-2016-3990\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3990\n[ 33 ] CVE-2016-3991\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3991\n[ 34 ] CVE-2016-5102\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5102\n[ 35 ] CVE-2016-5314\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5314\n[ 36 ] CVE-2016-5315\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5315\n[ 37 ] CVE-2016-5316\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5316\n[ 38 ] CVE-2016-5317\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5317\n[ 39 ] CVE-2016-5318\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5318\n[ 40 ] CVE-2016-5319\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5319\n[ 41 ] CVE-2016-5320\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5320\n[ 42 ] CVE-2016-5321\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5321\n[ 43 ] CVE-2016-5322\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5322\n[ 44 ] CVE-2016-5323\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5323\n[ 45 ] CVE-2016-5652\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5652\n[ 46 ] CVE-2016-5875\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5875\n[ 47 ] CVE-2016-6223\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6223\n[ 48 ] CVE-2016-8331\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8331\n[ 49 ] CVE-2016-9273\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9273\n[ 50 ] CVE-2016-9297\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9297\n[ 51 ] CVE-2016-9318\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9318\n[ 52 ] CVE-2016-9448\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9448\n[ 53 ] CVE-2016-9453\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9453\n[ 54 ] CVE-2016-9532\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9532\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201701-16\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n--WUa5dgL7FmU1aSF31hCrUKc2JiSevbqka--\n\n. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 4.0.2-6+deb7u4. \n\nFor the stable distribution (jessie), these problems have been fixed\nbefore the initial release. \n\nWe recommend that you upgrade your tiff packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-06-30-1 iOS 8.4\n\niOS 8.4 is now available and addresses the following:\n\nApplication Store\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious universal provisioning profile app may prevent\napps from launching\nDescription:  An issue existed in the install logic for universal\nprovisioning profile apps, which allowed a collision to occur with\nexisting bundle IDs. \nCVE-ID\nCVE-2015-3722 : Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei from\nFireEye, Inc. \nCVE-ID\nCVE-2015-3710 : Aaron Sigel of vtty.com, Jan Soucek\n\nMobileInstallation\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious universal provisioning profile app can prevent a\nWatch app from launching\nDescription:  An issue existed in the install logic for universal\nprovisioning profile apps on the Watch which allowed a collision to\noccur with existing bundle IDs. \nCVE-ID\nCVE-2015-3725 : Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei from\nFireEye, Inc. \n\nSafari\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a maliciously crafted website may compromise user\ninformation on the filesystem\nDescription:  A state management issue existed in Safari that allowed\nunprivileged origins to access contents on the filesystem. \nCVE-ID\nCVE-2015-1155 : Joe Vennix of Rapid7 Inc. \nCVE-ID\nCVE-2015-3726 : Matt Spisak of Endgame\n\nWebKit\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a malicious website by clicking a link may lead to\nuser interface spoofing\nDescription:  An issue existed in the handling of the rel attribute\nin anchor elements. Target objects could get unauthorized access to\nlink objects. \nCVE-ID\nCVE-2015-3659 : Peter Rutenbar working with HP\u0027s Zero Day Initiative\n\nWebKit\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A maliciously crafted website can access the WebSQL\ndatabases of other websites\nDescription:  An issue existed in the authorization checks for\nrenaming WebSQL tables which could have allowed a maliciously crafted\nwebsite to access databases belonging to other websites. \nCVE-ID\nCVE-2015-3728 : Brian W. Gray of Carnegie Mellon University, Craig\nYoung from TripWire\n\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update\n2015-005\n\nOS X Yosemite v10.10.4 and Security Update 2015-005 are now available\nand address the following:\n\nAdmin Framework\nAvailable for:  OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  A process may gain admin privileges without proper\nauthentication\nDescription:  An issue existed when checking XPC entitlements. This\nissue was addressed through improved entitlement checking. \nCVE-ID\nCVE-2015-3671 : Emil Kvarnhammar at TrueSec\n\nAdmin Framework\nAvailable for:  OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  A non-admin user may obtain admin rights\nDescription:  An issue existed in the handling of user\nauthentication. This issue was addressed through improved error\nchecking. \nCVE-ID\nCVE-2015-3672 : Emil Kvarnhammar at TrueSec\n\nAdmin Framework\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  An attacker may abuse Directory Utility to gain root\nprivileges\nDescription:  Directory Utility was able to be moved and modified to\nachieve code execution within an entitled process. This issue was\naddressed by limiting the disk location that writeconfig clients may\nbe executed from. \nCVE-ID\nCVE-2015-3673 : Patrick Wardle of Synack, Emil Kvarnhammar at TrueSec\n\nafpserver\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  A remote attacker may be able to cause unexpected\napplication termination or arbitrary code execution\nDescription:  A memory corruption issue existed in the AFP server. \nThis issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-3674 : Dean Jerkovich of NCC Group\n\napache\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  An attacker may be able to access directories that are\nprotected with HTTP authentication without knowing the correct\ncredentials\nDescription:  The default Apache configuration did not include\nmod_hfs_apple. If Apache was manually enabled and the configuration\nwas not changed, some files that should not be accessible might have\nbeen accessible using a specially crafted URL. This issue was\naddressed by enabling mod_hfs_apple. \nCVE-ID\nCVE-2015-3675 : Apple\n\napache\nAvailable for:  OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  Multiple vulnerabilities exist in PHP, the most serious of\nwhich may lead to arbitrary code execution\nDescription:  Multiple vulnerabilities existed in PHP versions prior\nto 5.5.24 and 5.4.40. These were addressed by updating PHP to\nversions 5.5.24 and 5.4.40. \nCVE-ID\nCVE-2015-0235\nCVE-2015-0273\n\nAppleGraphicsControl\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  A malicious application may be able to determine kernel\nmemory layout\nDescription:  An issue existed in AppleGraphicsControl which could\nhave led to the disclosure of kernel memory layout. This issue was\naddressed through improved bounds checking. \nCVE-ID\nCVE-2015-3676 : Chen Liang of KEEN Team\n\nAppleFSCompression\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  A malicious application may be able to determine kernel\nmemory layout\nDescription:  An issue existed in LZVN compression that could have\nled to the disclosure of kernel memory content. This issue was\naddressed through improved memory handling. \nCVE-ID\nCVE-2015-3677 : an anonymous researcher working with HP\u0027s Zero Day\nInitiative\n\nAppleThunderboltEDMService\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A memory corruption issue existed in the handling of\ncertain Thunderbolt commands from local processes. This issue was\naddressed through improved memory handling. \nCVE-ID\nCVE-2015-3678 : Apple\n\nATS\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  Processing a maliciously crafted font file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  Multiple memory corruption issues existed in handling\nof certain fonts. These issues were addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-3679 : Pawel Wylecial working with HP\u0027s Zero Day Initiative\nCVE-2015-3680 : Pawel Wylecial working with HP\u0027s Zero Day Initiative\nCVE-2015-3681 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-3682 : Nuode Wei\n\nBluetooth\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A memory corruption issue existed in the Bluetooth HCI\ninterface. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-3683 : Roberto Paleari and Aristide Fattori of Emaze\nNetworks\n\nCertificate Trust Policy\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  An attacker with a privileged network position may be able\nto intercept network traffic\nDescription:  An intermediate certificate was incorrectly issued by\nthe certificate authority CNNIC. This issue was addressed through the\naddition of a mechanism to trust only a subset of certificates issued\nprior to the mis-issuance of the intermediate. Further details are\navailable at https://support.apple.com/en-us/HT204938\n\nCertificate Trust Policy\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nDescription:  The certificate trust policy was updated. The complete\nlist of certificates may be viewed at https://support.apple.com/en-\nus/HT202858. \n\nCFNetwork HTTPAuthentication\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  Following a maliciously crafted URL may lead to arbitrary\ncode execution\nDescription:  A memory corruption issue existed in handling of\ncertain URL credentials. This issue was addressed through improved\nmemory handling. \nCVE-ID\nCVE-2015-3684 : Apple\n\nCoreText\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  Processing a maliciously crafted text file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  Multiple memory corruption issues existed in the\nprocessing of text files. These issues were addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-1157\nCVE-2015-3685 : Apple\nCVE-2015-3686 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-3687 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-3688 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-3689 : Apple\n\ncoreTLS\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  An attacker with a privileged network position may intercept\nSSL/TLS connections\nDescription:  coreTLS accepted short ephemeral Diffie-Hellman (DH)\nkeys, as used in export-strength ephemeral DH cipher suites. This\nissue, also known as Logjam, allowed an attacker with a privileged\nnetwork position to downgrade security to 512-bit DH if the server\nsupported an export-strength ephemeral DH cipher suite. The issue was\naddressed by increasing the default minimum size allowed for DH\nephemeral keys to 768 bits. \nCVE-ID\nCVE-2015-4000 : The weakdh team at weakdh.org, Hanno Boeck\n\nDiskImages\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  A malicious application may be able to determine kernel\nmemory layout\nDescription:  An information disclosure issue existed in the\nprocessing of disk images. This issue was addressed through improved\nmemory management. \nCVE-ID\nCVE-2015-3690 : Peter Rutenbar working with HP\u0027s Zero Day Initiative\n\nDisplay Drivers\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  An issue existed in the Monitor Control Command Set\nkernel extension by which a userland process could control the value\nof a function pointer within the kernel. The issue was addressed by\nremoving the affected interface. \nCVE-ID\nCVE-2015-3691 : Roberto Paleari and Aristide Fattori of Emaze\nNetworks\n\nEFI\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  A malicious application with root privileges may be able to\nmodify EFI flash memory\nDescription:  An insufficient locking issue existed with EFI flash\nwhen resuming from sleep states. This issue was addressed through\nimproved locking. \nCVE-ID\nCVE-2015-3692 : Trammell Hudson of Two Sigma Investments, Xeno Kovah\nand Corey Kallenberg of LegbaCore LLC, Pedro Vilaca\n\nEFI\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  A malicious application may induce memory corruption to\nescalate privileges\nDescription:  A disturbance error, also known as Rowhammer, exists\nwith some DDR3 RAM that could have led to memory corruption. This\nissue was mitigated by increasing memory refresh rates. \nCVE-ID\nCVE-2015-3693 : Mark Seaborn and Thomas Dullien of Google, working\nfrom original research by Yoongu Kim et al (2014)\n\nFontParser\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  Processing a maliciously crafted font file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-3694 : John Villamil (@day6reak), Yahoo Pentest Team\n\nGraphics Driver\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  An out of bounds write issue existed in NVIDIA graphics\ndriver. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2015-3712 : Ian Beer of Google Project Zero\n\nIntel Graphics Driver\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  Multiple buffer overflow issues exist in the Intel graphics\ndriver, the most serious of which may lead to arbitrary code\nexecution with system privileges\nDescription:  Multiple buffer overflow issues existed in the Intel\ngraphics driver. These were addressed through additional bounds\nchecks. \nCVE-ID\nCVE-2015-3695 : Ian Beer of Google Project Zero\nCVE-2015-3696 : Ian Beer of Google Project Zero\nCVE-2015-3697 : Ian Beer of Google Project Zero\nCVE-2015-3698 : Ian Beer of Google Project Zero\nCVE-2015-3699 : Ian Beer of Google Project Zero\nCVE-2015-3700 : Ian Beer of Google Project Zero\nCVE-2015-3701 : Ian Beer of Google Project Zero\nCVE-2015-3702 : KEEN Team\n\nImageIO\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  Multiple vulnerabilities existed in libtiff, the most\nserious of which may lead to arbitrary code execution\nDescription:  Multiple vulnerabilities existed in libtiff versions\nprior to 4.0.4. They were addressed by updating libtiff to version\n4.0.4. \nCVE-ID\nCVE-2014-8127\nCVE-2014-8128\nCVE-2014-8129\nCVE-2014-8130\n\nImageIO\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  Processing a maliciously crafted .tiff file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue existed in the processing of\n.tiff files. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-3703 : Apple\n\nInstall Framework Legacy\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  Several issues existed in how Install.framework\u0027s\n\u0027runner\u0027 setuid binary dropped privileges. This was addressed by\nproperly dropping privileges. \nCVE-ID\nCVE-2015-3704 : Ian Beer of Google Project Zero\n\nIOAcceleratorFamily\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  Multiple memory corruption issues existed in\nIOAcceleratorFamily. These issues were addressed through improved\nmemory handling. \nCVE-ID\nCVE-2015-3705 : KEEN Team\nCVE-2015-3706 : KEEN Team\n\nIOFireWireFamily\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  Multiple null pointer dereference issues existed in the\nFireWire driver. These issues were addressed through improved error\nchecking. \nCVE-ID\nCVE-2015-3707 : Roberto Paleari and Aristide Fattori of Emaze\nNetworks\n\nKernel\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  A malicious application may be able to determine kernel\nmemory layout\nDescription:  A memory management issue existed in the handling of\nAPIs related to kernel extensions which could have led to the\ndisclosure of kernel memory layout. This issue was addressed through\nimproved memory management. \nCVE-ID\nCVE-2015-3720 : Stefan Esser\n\nKernel\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  A malicious application may be able to determine kernel\nmemory layout\nDescription:  A memory management issue existed in the handling of\nHFS parameters which could have led to the disclosure of kernel\nmemory layout. This issue was addressed through improved memory\nmanagement. \nCVE-ID\nCVE-2015-3721 : Ian Beer of Google Project Zero\n\nkext tools\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  A malicious application may be able to overwrite arbitrary\nfiles\nDescription:  kextd followed symbolic links while creating a new\nfile. This issue was addressed through improved handling of symbolic\nlinks. \nCVE-ID\nCVE-2015-3708 : Ian Beer of Google Project Zero\n\nkext tools\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  A local user may be able to load unsigned kernel extensions\nDescription:  A time-of-check time-of-use (TOCTOU) race condition\ncondition existed while validating the paths of kernel extensions. \nThis issue was addressed through improved checks to validate the path\nof the kernel extensions. \nCVE-ID\nCVE-2015-3709 : Ian Beer of Google Project Zero\n\nMail\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  A maliciously crafted email can replace the message content\nwith an arbitrary webpage when the message is viewed\nDescription:  An issue existed in the support for HTML email which\nallowed message content to be refreshed with an arbitrary webpage. \nThe issue was addressed through restricted support for HTML content. \nCVE-ID\nCVE-2015-3710 : Aaron Sigel of vtty.com, Jan Soucek\n\nntfs\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  A malicious application may be able to determine kernel\nmemory layout\nDescription:  An issue existed in NTFS that could have led to the\ndisclosure of kernel memory content. This issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2015-3711 : Peter Rutenbar working with HP\u0027s Zero Day Initiative\n\nntp\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  An attacker in a privileged position may be able to perform\na denial of service attack against two ntp clients\nDescription:  Multiple issues existed in the authentication of ntp\npackets being received by configured end-points. These issues were\naddressed through improved connection state management. \nCVE-ID\nCVE-2015-1798\nCVE-2015-1799\n\nOpenSSL\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  Multiple issues exist in OpenSSL, including one that may\nallow an attacker to intercept connections to a server that supports\nexport-grade ciphers\nDescription:  Multiple issues existed in OpenSSL 0.9.8zd which were\naddressed by updating OpenSSL to version 0.9.8zf. \nCVE-ID\nCVE-2015-0209\nCVE-2015-0286\nCVE-2015-0287\nCVE-2015-0288\nCVE-2015-0289\nCVE-2015-0293\n\nQuickTime\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  Processing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  Multiple memory corruption issues existed in QuickTime. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-3661 : G. Geshev working with HP\u0027s Zero Day Initiative\nCVE-2015-3662 : kdot working with HP\u0027s Zero Day Initiative\nCVE-2015-3663 : kdot working with HP\u0027s Zero Day Initiative\nCVE-2015-3666 : Steven Seeley of Source Incite working with HP\u0027s Zero\nDay Initiative\nCVE-2015-3667 : Ryan Pentney, Richard Johnson of Cisco Talos and Kai\nLu of Fortinet\u0027s FortiGuard Labs, Ryan Pentney, and Richard Johnson\nof Cisco Talos and Kai Lu of Fortinet\u0027s FortiGuard Labs\nCVE-2015-3668 : Kai Lu of Fortinet\u0027s FortiGuard Labs\nCVE-2015-3713 : Apple\n\nSecurity\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  A remote attacker may cause an unexpected application\ntermination or arbitrary code execution\nDescription:  An integer overflow existed in the Security framework\ncode for parsing S/MIME e-mail and some other signed or encrypted\nobjects. This issue was addressed through improved validity checking. \nCVE-ID\nCVE-2013-1741\n\nSecurity\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  Tampered applications may not be prevented from launching\nDescription:  Apps using custom resource rules may have been\nsusceptible to tampering that would not have invalidated the\nsignature. This issue was addressed with improved resource\nvalidation. \nCVE-ID\nCVE-2015-3714 : Joshua Pitts of Leviathan Security Group\n\nSecurity\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  A malicious application may be able to bypass code signing\nchecks\nDescription:  An issue existed where code signing did not verify\nlibraries loaded outside the application bundle. This issue was\naddressed with improved bundle verification. \nCVE-ID\nCVE-2015-3715 : Patrick Wardle of Synack\n\nSpotlight\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  Searching for a malicious file with Spotlight may lead to\ncommand injection\nDescription:  A command injection vulnerability existed in the\nhandling of filenames of photos added to the local photo library. \nThis issue was addressed through improved input validation. \nCVE-ID\nCVE-2015-3716 : Apple\n\nSQLite\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  A remote attacker may cause an unexpected application\ntermination or arbitrary code execution\nDescription:  Multiple buffer overflows existed in SQLite\u0027s printf\nimplementation. These issues were addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-3717 : Peter Rutenbar working with HP\u0027s Zero Day Initiative\n\nSystem Stats\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  A malicious app may be able to compromise systemstatsd\nDescription:  A type confusion issue existed in systemstatsd\u0027s\nhandling of interprocess communication. By sending a maliciously\nformatted message to systemstatsd, it may have been possible to\nexecute arbitrary code as the systemstatsd process. The issue was\naddressed through additional type checking. \nCVE-ID\nCVE-2015-3718 : Roberto Paleari and Aristide Fattori of Emaze\nNetworks\n\nTrueTypeScaler\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  Processing a maliciously crafted font file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-3719 : John Villamil (@day6reak), Yahoo Pentest Team\n\nzip\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  Extracting a maliciously crafted zip file using the unzip\ntool may lead to an unexpected application termination or arbitrary\ncode execution\nDescription:  Multiple memory corruption issues existed in the\nhandling of zip files. These issues were addressed through improved\nmemory handling. \nCVE-ID\n\nCVE-2014-8139\nCVE-2014-8140\nCVE-2014-8141\n\n\nOS X Yosemite 10.10.4 includes the security content of Safari 8.0.7. \nhttps://support.apple.com/en-us/HT204950\n\nOS X Yosemite 10.10.4 and Security Update 2015-005 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCAAGBQJVksFmAAoJEBcWfLTuOo7tV1AQAIYpkOMpHp181b+70sgyZ/Ue\nmFM527FFGDfLLuIW6LTcBsEFe9cfZxumB8eOFPirTNRK7krsVMo1W+faHXyWOnx7\nkbWylHdhaoxnX+A6Gj0vP71V6TNNsTi9+2dmdmHUnwxZ7Ws5QCNKebumUG3MMXXo\nEKxE5SNSNKyMSSYmliS26cdl8fWrmg9qTxiZQnxjOCrg/CNAolgVIRRfdMUL7i4w\naGAyrlJXOxFOuNkqdHX2luccuHFV7aW/dIXQ4MyjiRNl/bWrBQmQlneLLpPdFZlH\ncMfGa2/baaNaCbU/GqhNKbO4fKYVaqQWzfUrtqX0+bRv2wmOq33ARy9KE23bYTvL\nU4E9x9z87LsLXGAdjUi6MDe5g87DcmwIEigfF6/EHbDYa/2VvSdIa74XRv/JCN1+\naftHLotin76h4qV/dCAPf5J/Fr/1KFCM0IphhG7p+7fVTfyy7YDXNBiKCEZzLf8U\nTUWLUCgQhobtakqwzQJ5qyF8u63xzVXj8oeTOw6iiY/BLlj9def5LMm/z6ZKGTyC\n3c4+Sy5XvBHZoeiwdcndTVpnFbmmjZRdeqtdW/zX5mHnxXPa3lZiGoBDhHQgIg6J\n1tTVtnO1JSLXVYDR6Evx1EH10Vgkt2wAGTLjljSLwtckoEqc78qMAT1G5U4nFffI\n+gGm5FbAxjxElgA/gbaq\n=KLda\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-8129"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008539"
      },
      {
        "db": "BID",
        "id": "72352"
      },
      {
        "db": "VULHUB",
        "id": "VHN-76074"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-8129"
      },
      {
        "db": "PACKETSTORM",
        "id": "131208"
      },
      {
        "db": "PACKETSTORM",
        "id": "131177"
      },
      {
        "db": "PACKETSTORM",
        "id": "140402"
      },
      {
        "db": "PACKETSTORM",
        "id": "132053"
      },
      {
        "db": "PACKETSTORM",
        "id": "132517"
      },
      {
        "db": "PACKETSTORM",
        "id": "132518"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-8129",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "72352",
        "trust": 2.1
      },
      {
        "db": "SECTRACK",
        "id": "1032760",
        "trust": 1.8
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2015/01/24/15",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008539",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-700",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-76074",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-8129",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131208",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131177",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140402",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132053",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132517",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132518",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-76074"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-8129"
      },
      {
        "db": "BID",
        "id": "72352"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008539"
      },
      {
        "db": "PACKETSTORM",
        "id": "131208"
      },
      {
        "db": "PACKETSTORM",
        "id": "131177"
      },
      {
        "db": "PACKETSTORM",
        "id": "140402"
      },
      {
        "db": "PACKETSTORM",
        "id": "132053"
      },
      {
        "db": "PACKETSTORM",
        "id": "132517"
      },
      {
        "db": "PACKETSTORM",
        "id": "132518"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-700"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8129"
      }
    ]
  },
  "id": "VAR-201803-0086",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-76074"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T21:51:04.545000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT204941",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht204941"
      },
      {
        "title": "HT204942",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht204942"
      },
      {
        "title": "HT204941",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht204941"
      },
      {
        "title": "HT204942",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht204942"
      },
      {
        "title": "DSA-3273",
        "trust": 0.8,
        "url": "https://www.debian.org/security/2015/dsa-3273"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.simplesystems.org/libtiff/"
      },
      {
        "title": "Bug 1185815",
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185815"
      },
      {
        "title": "RHSA-2016:1546",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1546.html"
      },
      {
        "title": "RHSA-2016:1547",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1547.html"
      },
      {
        "title": "Ubuntu Security Notice: tiff vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2553-1"
      },
      {
        "title": "Ubuntu Security Notice: tiff regression",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2553-2"
      },
      {
        "title": "Debian CVElist Bug Report Logs: tiff: CVE-2014-8127 CVE-2014-8128 CVE-2014-8130",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=b9d749356a17e64ae08267d2b44915c1"
      },
      {
        "title": "Debian Security Advisories: DSA-3273-1 tiff -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=6d300f86be1291a3d63a3f789d05651d"
      },
      {
        "title": "Apple: OS X Yosemite v10.10.4 and Security Update 2015-005",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=50398602701d671602946005c7864211"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2016-733",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-733"
      },
      {
        "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=6c15273f6bf4a785175f27073b98a1ce"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=0bd8c924b56aac98dda0f5b45f425f38"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6283337cd31f81f24d445925f2138c0e"
      },
      {
        "title": "afl-cve",
        "trust": 0.1,
        "url": "https://github.com/mrash/afl-cve "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-8129"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008539"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-76074"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008539"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8129"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.9,
        "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2487"
      },
      {
        "trust": 2.9,
        "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2488"
      },
      {
        "trust": 2.1,
        "url": "http://www.conostix.com/pub/adv/cve-2014-8129-libtiff-out-of-bounds_reads_and_writes.txt"
      },
      {
        "trust": 1.9,
        "url": "http://www.securityfocus.com/bid/72352"
      },
      {
        "trust": 1.9,
        "url": "https://security.gentoo.org/glsa/201701-16"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id/1032760"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00001.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.debian.org/security/2015/dsa-3273"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1546.html"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1547.html"
      },
      {
        "trust": 1.8,
        "url": "http://openwall.com/lists/oss-security/2015/01/24/15"
      },
      {
        "trust": 1.8,
        "url": "http://support.apple.com/kb/ht204941"
      },
      {
        "trust": 1.8,
        "url": "http://support.apple.com/kb/ht204942"
      },
      {
        "trust": 1.8,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185815"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8129"
      },
      {
        "trust": 1.0,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8129"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8127"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8128"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2014-8129"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/errata/rhsa-2016:1547"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/errata/rhsa-2016:1546"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8130"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9655"
      },
      {
        "trust": 0.3,
        "url": "http://www.libtiff.org/"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024132"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024193"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1547"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8127"
      },
      {
        "trust": 0.2,
        "url": "http://advisories.mageia.org/mgasa-2015-0112.html"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8128"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9655"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8130"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1547"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9330"
      },
      {
        "trust": 0.2,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/en-us/ht204938"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1741"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/en-"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1157"
      },
      {
        "trust": 0.2,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.2,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/787.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2553-1/"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39581"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3625"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6223"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7313"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3990"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8783"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5319"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8127"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3619"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3634"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5321"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8783"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9655"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3633"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8782"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3632"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7554"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5875"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9318"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3622"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3631"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8784"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3624"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3623"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5314"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-8331"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3624"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4243"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1547"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7554"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8665"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5317"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3621"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3631"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9330"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9297"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3620"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9453"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8781"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3620"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8683"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9273"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8129"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8128"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5316"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8668"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5652"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3991"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3621"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8781"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3186"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3623"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9448"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5315"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3186"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3622"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5102"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3658"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5323"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8130"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5322"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3625"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3632"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8665"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5318"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3945"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3619"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3633"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8668"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5320"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8683"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8782"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7313"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8784"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9532"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4243"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3684"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3687"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3719"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3658"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3724"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3685"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3703"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3688"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1155"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1153"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3686"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3721"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3659"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3723"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3690"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3689"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3710"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1152"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1156"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3717"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3722"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3694"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3673"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8141"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8140"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0235"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3672"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3661"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3671"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8139"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3662"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/en-us/ht204950"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3663"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3668"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1799"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3666"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1798"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3667"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-76074"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-8129"
      },
      {
        "db": "BID",
        "id": "72352"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008539"
      },
      {
        "db": "PACKETSTORM",
        "id": "131208"
      },
      {
        "db": "PACKETSTORM",
        "id": "131177"
      },
      {
        "db": "PACKETSTORM",
        "id": "140402"
      },
      {
        "db": "PACKETSTORM",
        "id": "132053"
      },
      {
        "db": "PACKETSTORM",
        "id": "132517"
      },
      {
        "db": "PACKETSTORM",
        "id": "132518"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-700"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8129"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-76074"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-8129"
      },
      {
        "db": "BID",
        "id": "72352"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008539"
      },
      {
        "db": "PACKETSTORM",
        "id": "131208"
      },
      {
        "db": "PACKETSTORM",
        "id": "131177"
      },
      {
        "db": "PACKETSTORM",
        "id": "140402"
      },
      {
        "db": "PACKETSTORM",
        "id": "132053"
      },
      {
        "db": "PACKETSTORM",
        "id": "132517"
      },
      {
        "db": "PACKETSTORM",
        "id": "132518"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-700"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8129"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-03-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-76074"
      },
      {
        "date": "2018-03-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-8129"
      },
      {
        "date": "2015-01-29T00:00:00",
        "db": "BID",
        "id": "72352"
      },
      {
        "date": "2018-05-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-008539"
      },
      {
        "date": "2015-03-31T15:52:54",
        "db": "PACKETSTORM",
        "id": "131208"
      },
      {
        "date": "2015-03-30T23:09:44",
        "db": "PACKETSTORM",
        "id": "131177"
      },
      {
        "date": "2017-01-09T19:12:35",
        "db": "PACKETSTORM",
        "id": "140402"
      },
      {
        "date": "2015-05-26T14:44:00",
        "db": "PACKETSTORM",
        "id": "132053"
      },
      {
        "date": "2015-07-01T03:28:44",
        "db": "PACKETSTORM",
        "id": "132517"
      },
      {
        "date": "2015-07-01T05:31:53",
        "db": "PACKETSTORM",
        "id": "132518"
      },
      {
        "date": "2015-01-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201501-700"
      },
      {
        "date": "2018-03-12T02:29:00.197000",
        "db": "NVD",
        "id": "CVE-2014-8129"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-02-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-76074"
      },
      {
        "date": "2018-04-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-8129"
      },
      {
        "date": "2016-09-28T00:01:00",
        "db": "BID",
        "id": "72352"
      },
      {
        "date": "2018-05-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-008539"
      },
      {
        "date": "2023-04-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201501-700"
      },
      {
        "date": "2023-02-13T00:43:26.640000",
        "db": "NVD",
        "id": "CVE-2014-8129"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-700"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "LibTIFF Vulnerable to out-of-bounds writing",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008539"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-700"
      }
    ],
    "trust": 0.6
  }
}

var-202205-0743
Vulnerability from variot

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa. LibTIFF Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202210-10


                                       https://security.gentoo.org/

Severity: Low Title: LibTIFF: Multiple Vulnerabilities Date: October 31, 2022 Bugs: #830981, #837560 ID: 202210-10


Synopsis

Multiple vulnerabilities have been found in LibTIFF, the worst of which could result in denial of service.

Background

LibTIFF provides support for reading and manipulating TIFF (Tagged Image File Format) images.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 media-libs/tiff < 4.4.0 >= 4.4.0

Description

Multiple vulnerabilities have been discovered in LibTIFF. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All LibTIFF users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/tiff-4.4.0"

References

[ 1 ] CVE-2022-0561 https://nvd.nist.gov/vuln/detail/CVE-2022-0561 [ 2 ] CVE-2022-0562 https://nvd.nist.gov/vuln/detail/CVE-2022-0562 [ 3 ] CVE-2022-0865 https://nvd.nist.gov/vuln/detail/CVE-2022-0865 [ 4 ] CVE-2022-0891 https://nvd.nist.gov/vuln/detail/CVE-2022-0891 [ 5 ] CVE-2022-0907 https://nvd.nist.gov/vuln/detail/CVE-2022-0907 [ 6 ] CVE-2022-0908 https://nvd.nist.gov/vuln/detail/CVE-2022-0908 [ 7 ] CVE-2022-0909 https://nvd.nist.gov/vuln/detail/CVE-2022-0909 [ 8 ] CVE-2022-0924 https://nvd.nist.gov/vuln/detail/CVE-2022-0924 [ 9 ] CVE-2022-1056 https://nvd.nist.gov/vuln/detail/CVE-2022-1056 [ 10 ] CVE-2022-1210 https://nvd.nist.gov/vuln/detail/CVE-2022-1210 [ 11 ] CVE-2022-1354 https://nvd.nist.gov/vuln/detail/CVE-2022-1354 [ 12 ] CVE-2022-1355 https://nvd.nist.gov/vuln/detail/CVE-2022-1355 [ 13 ] CVE-2022-1622 https://nvd.nist.gov/vuln/detail/CVE-2022-1622 [ 14 ] CVE-2022-1623 https://nvd.nist.gov/vuln/detail/CVE-2022-1623 [ 15 ] CVE-2022-22844 https://nvd.nist.gov/vuln/detail/CVE-2022-22844

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202210-10

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16

iOS 16 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213446.

Accelerate Framework Available for: iPhone 8 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-42795: ryuzaki Entry added October 27, 2022

AppleAVD Available for: iPhone 8 and later Impact: An app may be able to cause a denial-of-service Description: A memory corruption issue was addressed with improved state management. CVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of Google Project Zero, and an anonymous researcher Entry added October 27, 2022

AppleAVD Available for: iPhone 8 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32907: Natalie Silvanovich of Google Project Zero, Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom), ABC Research s.r.o, Yinyi Wu, Tommaso Bianco (@cutesmilee__) Entry added October 27, 2022

Apple Neural Engine Available for: iPhone 8 and later Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2022-32858: Mohamed Ghannam (@_simo36) Entry added October 27, 2022

Apple Neural Engine Available for: iPhone 8 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32898: Mohamed Ghannam (@_simo36) CVE-2022-32899: Mohamed Ghannam (@_simo36) CVE-2022-32889: Mohamed Ghannam (@_simo36) Entry added October 27, 2022

Apple TV Available for: iPhone 8 and later Impact: An app may be able to access user-sensitive data Description: The issue was addressed with improved handling of caches. CVE-2022-32909: Csaba Fitzl (@theevilbit) of Offensive Security Entry added October 27, 2022

Contacts Available for: iPhone 8 and later Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved checks. CVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security

Crash Reporter Available for: iPhone 8 and later Impact: A user with physical access to an iOS device may be able to read past diagnostic logs Description: This issue was addressed with improved data protection. CVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike Entry added October 27, 2022

DriverKit Available for: iPhone 8 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de) Entry added October 27, 2022

Exchange Available for: iPhone 8 and later Impact: A user in a privileged network position may be able to intercept mail credentials Description: A logic issue was addressed with improved restrictions. CVE-2022-32928: an anonymous researcher Entry added October 27, 2022

GPU Drivers Available for: iPhone 8 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26744: an anonymous researcher Entry added October 27, 2022

GPU Drivers Available for: iPhone 8 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32903: an anonymous researcher Entry added October 27, 2022

ImageIO Available for: iPhone 8 and later Impact: Processing an image may lead to a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2022-1622 Entry added October 27, 2022

Image Processing Available for: iPhone 8 and later Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit) Entry added October 27, 2022

IOGPUFamily Available for: iPhone 8 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32887: an anonymous researcher Entry added October 27, 2022

Kernel Available for: iPhone 8 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32914: Zweig of Kunlun Lab Entry added October 27, 2022

Kernel Available for: iPhone 8 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de) CVE-2022-32911: Zweig of Kunlun Lab Entry updated October 27, 2022

Kernel Available for: iPhone 8 and later Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)

Kernel Available for: iPhone 8 and later Impact: An application may be able to execute arbitrary code with kernel privileges. Description: The issue was addressed with improved bounds checks. CVE-2022-32917: an anonymous researcher

Maps Available for: iPhone 8 and later Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas, breakpointhq.com

MediaLibrary Available for: iPhone 8 and later Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher

Notifications Available for: iPhone 8 and later Impact: A user with physical access to a device may be able to access contacts from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-32879: Ubeydullah Sümer Entry added October 27, 2022

Photos Available for: iPhone 8 and later Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved data protection. CVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha Technologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort (evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan of Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd Entry added October 27, 2022

Safari Available for: iPhone 8 and later Impact: Visiting a malicious website may lead to address bar spoofing Description: This issue was addressed with improved checks. CVE-2022-32795: Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati

Safari Extensions Available for: iPhone 8 and later Impact: A website may be able to track users through Safari web extensions Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 242278 CVE-2022-32868: Michael

Sandbox Available for: iPhone 8 and later Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security Entry added October 27, 2022

Security Available for: iPhone 8 and later Impact: An app may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de) Entry added October 27, 2022

Shortcuts Available for: iPhone 8 and later Impact: A person with physical access to an iOS device may be able to access photos from the lock screen Description: A logic issue was addressed with improved restrictions. CVE-2022-32872: Elite Tech Guru

Sidecar Available for: iPhone 8 and later Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-42790: Om kothawade of Zaprico Digital Entry added October 27, 2022

Siri Available for: iPhone 8 and later Impact: A user with physical access to a device may be able to use Siri to obtain some call history information Description: A logic issue was addressed with improved state management. CVE-2022-32870: Andrew Goldberg of The McCombs School of Business, The University of Texas at Austin (linkedin.com/andrew-goldberg-/) Entry added October 27, 2022

SQLite Available for: iPhone 8 and later Impact: A remote user may be able to cause a denial-of-service Description: This issue was addressed with improved checks. CVE-2021-36690 Entry added October 27, 2022

Time Zone Available for: iPhone 8 and later Impact: Deleted contacts may still appear in spotlight search results Description: A logic issue was addressed with improved state management. CVE-2022-32859 Entry added October 27, 2022

Watch app Available for: iPhone 8 and later Impact: An app may be able to read a persistent device identifier Description: This issue was addressed with improved entitlements. CVE-2022-32835: Guilherme Rambo of Best Buddy Apps (rambo.codes) Entry added October 27, 2022

Weather Available for: iPhone 8 and later Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved state management. CVE-2022-32875: an anonymous researcher Entry added October 27, 2022

WebKit Available for: iPhone 8 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 242047 CVE-2022-32888: P1umer (@p1umer) Entry added October 27, 2022

WebKit Available for: iPhone 8 and later Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 243236 CVE-2022-32891: @real_as3617, and an anonymous researcher Entry added October 27, 2022

WebKit Available for: iPhone 8 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 241969 CVE-2022-32886: P1umer, afang5472, xmzyshypnc

WebKit Available for: iPhone 8 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. WebKit Bugzilla: 242762 CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with Trend Micro Zero Day Initiative

WebKit Sandboxing Available for: iPhone 8 and later Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with improvements to the sandbox. WebKit Bugzilla: 243181 CVE-2022-32892: @18楼梦想改造家 and @jq0904 of DBAppSecurity's WeBin lab Entry added October 27, 2022

Wi-Fi Available for: iPhone 8 and later Impact: An app may be able to cause unexpected system termination or write kernel memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32925: Wang Yu of Cyberserval Entry added October 27, 2022

Additional recognition

AirDrop We would like to acknowledge Alexander Heinrich, Milan Stute, and Christian Weinert of Technical University of Darmstadt for their assistance. Entry added October 27, 2022

AppleCredentialManager We would like to acknowledge @jonathandata1 for their assistance. Entry added October 27, 2022

Calendar UI We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College Of Technology Bhopal for their assistance. Entry added October 27, 2022

FaceTime We would like to acknowledge an anonymous researcher for their assistance. Entry added October 27, 2022

Find My We would like to acknowledge an anonymous researcher for their assistance. Entry added October 27, 2022

Game Center We would like to acknowledge Joshua Jones for their assistance.

iCloud We would like to acknowledge Bülent Aytulun, and an anonymous researcher for their assistance. Entry added October 27, 2022

Identity Services We would like to acknowledge Joshua Jones for their assistance.

Kernel We would like to acknowledge Pan ZhenPeng(@Peterpan0927), Tingting Yin of Tsinghua University, and Min Zheng of Ant Group, and an anonymous researcher for their assistance. Entry added October 27, 2022

Mail We would like to acknowledge an anonymous researcher for their assistance. Entry added October 27, 2022

Notes We would like to acknowledge Edward Riley of Iron Cloud Limited (ironclouduk.com) for their assistance. Entry added October 27, 2022

Photo Booth We would like to acknowledge Prashanth Kannan of Dremio for their assistance. Entry added October 27, 2022

Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. Entry added October 27, 2022

Shortcuts We would like to acknowledge Shay Dror for their assistance. Entry added October 27, 2022

SOS We would like to acknowledge Xianfeng Lu and Lei Ai of OPPO Amber Security Lab for their assistance. Entry added October 27, 2022

UIKit We would like to acknowledge Aleczander Ewing, Simon de Vegt, and an anonymous researcher for their assistance. Entry added October 27, 2022

WebKit We would like to acknowledge an anonymous researcher for their assistance. Entry added October 27, 2022

WebRTC We would like to acknowledge an anonymous researcher for their assistance. Entry added October 27, 2022

This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 16". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpoACgkQ4RjMIDke NxkQ8w/9FMTP02t/AKe0nXZ44UhfMLy7Sx88gpWRHaWKZtdjPADC2kxx1RbVSvrC C5nB6bw2zGppE1V284QitcNG9WrGGTINK6Knshv0PCkWLZnh1sYqX2bYbKmY6Ol7 K+lRk6zicF3k7KcCZRly6UuJ8RvfPpa2wKuVVv5FBPM8bPRuovVRiRxGUWuO7emM ZXyp4n5u+GldW8n8hRK/jxwGGwrKqFmXL9Ecd79I2/4uYmEx6tmoAYuEZs26BfjK Etd1F54PlewmyUKvVlWiwLhpVgygRqkmvW+jKwX46gBzwHFK88B9IV6wf8ZD5JaU Ur+nqEjiqmbYdcfV8pu64eRNnlTiCmD/ehJg8sNG38m9SeqOw3ZNVaQ8+sgoXwsp rpsPDPsXmPqqadxERe7LwLXSm4KtTARdGbEffHAA5eqc+U0ja2u3piqk8ZKTrC6K tORrDjSkKx9AILbds99Wzbnb1rfF/09N1+LPQT7Ac8PCA/kE+XQ+nmSDoInh8PTU rFt3ZW9Ud0q6Y2Ix11WYrb6wOqs/vafaW5zXTnNfgKNvw2zO/9yKYhaqIjlGtLSJ Og/O1sdcPMPisBGQynF7Dj42riQD5RQGbB/GmfgRqUHFXwcWJxFRblkwUxbjuEaR nYRj90cDbUE2wmsE4y4uFfCVpKTQCQCKXuSuBkOQje0KjTDHWac= =I+iq -----END PGP SIGNATURE-----

. CVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. Apple is aware of a report that this issue may have been actively exploited. Apple is aware of a report that this issue may have been actively exploited.

Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256


Debian Security Advisory DSA-5333-1 security@debian.org https://www.debian.org/security/ Aron Xu January 29, 2023 https://www.debian.org/security/faq


Package : tiff CVE ID : CVE-2022-1354 CVE-2022-1355 CVE-2022-1622 CVE-2022-1623 CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 CVE-2022-2519 CVE-2022-2520 CVE-2022-2521 CVE-2022-2867 CVE-2022-2868 CVE-2022-2869 CVE-2022-2953 CVE-2022-3570 CVE-2022-3597 CVE-2022-3599 CVE-2022-3627 CVE-2022-3636 CVE-2022-34526 CVE-2022-48281 Debian Bug : 1011160 1014494 1022555 1024737 1029653

Several buffer overflow, divide by zero or out of bounds read/write vulnerabilities were discovered in tiff, the Tag Image File Format (TIFF) library and tools, which may cause denial of service when processing a crafted TIFF image.

For the stable distribution (bullseye), these problems have been fixed in version 4.2.0-1+deb11u3.

We recommend that you upgrade your tiff packages

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202205-0743",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ontap select deploy administration utility",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.6"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "16.0"
      },
      {
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.7"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "9.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "36"
      },
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "16.0"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "libtiff",
        "version": "4.3.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "35"
      },
      {
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.0"
      },
      {
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.0"
      },
      {
        "model": "ios",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "model": "watchos",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "model": "ontap select deploy administration utility",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "tvos",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "model": "libtiff",
        "scope": null,
        "trust": 0.8,
        "vendor": "libtiff",
        "version": null
      },
      {
        "model": "macos",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "model": "fedora",
        "scope": null,
        "trust": 0.8,
        "vendor": "fedora",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011453"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-1622"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:libtiff:libtiff:4.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "16.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.7",
                "versionStartIncluding": "11.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.6",
                "versionStartIncluding": "12.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "16.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-1622"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "169559"
      },
      {
        "db": "PACKETSTORM",
        "id": "169585"
      },
      {
        "db": "PACKETSTORM",
        "id": "169576"
      },
      {
        "db": "PACKETSTORM",
        "id": "169598"
      },
      {
        "db": "PACKETSTORM",
        "id": "169589"
      }
    ],
    "trust": 0.5
  },
  "cve": "CVE-2022-1622",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2022-1622",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-419735",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 1.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "OTHER",
            "availabilityImpact": "High",
            "baseScore": 5.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2022-011453",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-1622",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "cve@gitlab.com",
            "id": "CVE-2022-1622",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202205-2732",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-419735",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2022-1622",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-419735"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-1622"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011453"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-1622"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-1622"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-2732"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa. LibTIFF Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202210-10\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n    Title: LibTIFF: Multiple Vulnerabilities\n     Date: October 31, 2022\n     Bugs: #830981, #837560\n       ID: 202210-10\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in LibTIFF, the worst of which\ncould result in denial of service. \n\nBackground\n==========\n\nLibTIFF provides support for reading and manipulating TIFF (Tagged Image\nFile Format) images. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  media-libs/tiff            \u003c 4.4.0                      \u003e= 4.4.0\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in LibTIFF. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll LibTIFF users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=media-libs/tiff-4.4.0\"\n\nReferences\n==========\n\n[ 1 ] CVE-2022-0561\n      https://nvd.nist.gov/vuln/detail/CVE-2022-0561\n[ 2 ] CVE-2022-0562\n      https://nvd.nist.gov/vuln/detail/CVE-2022-0562\n[ 3 ] CVE-2022-0865\n      https://nvd.nist.gov/vuln/detail/CVE-2022-0865\n[ 4 ] CVE-2022-0891\n      https://nvd.nist.gov/vuln/detail/CVE-2022-0891\n[ 5 ] CVE-2022-0907\n      https://nvd.nist.gov/vuln/detail/CVE-2022-0907\n[ 6 ] CVE-2022-0908\n      https://nvd.nist.gov/vuln/detail/CVE-2022-0908\n[ 7 ] CVE-2022-0909\n      https://nvd.nist.gov/vuln/detail/CVE-2022-0909\n[ 8 ] CVE-2022-0924\n      https://nvd.nist.gov/vuln/detail/CVE-2022-0924\n[ 9 ] CVE-2022-1056\n      https://nvd.nist.gov/vuln/detail/CVE-2022-1056\n[ 10 ] CVE-2022-1210\n      https://nvd.nist.gov/vuln/detail/CVE-2022-1210\n[ 11 ] CVE-2022-1354\n      https://nvd.nist.gov/vuln/detail/CVE-2022-1354\n[ 12 ] CVE-2022-1355\n      https://nvd.nist.gov/vuln/detail/CVE-2022-1355\n[ 13 ] CVE-2022-1622\n      https://nvd.nist.gov/vuln/detail/CVE-2022-1622\n[ 14 ] CVE-2022-1623\n      https://nvd.nist.gov/vuln/detail/CVE-2022-1623\n[ 15 ] CVE-2022-22844\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22844\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202210-10\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16\n\niOS 16 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213446. \n\nAccelerate Framework\nAvailable for: iPhone 8 and later\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-42795: ryuzaki\nEntry added October 27, 2022\n\nAppleAVD\nAvailable for: iPhone 8 and later\nImpact: An app may be able to cause a denial-of-service\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of\nGoogle Project Zero, and an anonymous researcher\nEntry added October 27, 2022\n\nAppleAVD\nAvailable for: iPhone 8 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: This issue was addressed with improved checks. \nCVE-2022-32907: Natalie Silvanovich of Google Project Zero, Antonio\nZekic (@antoniozekic) and John Aakerblom (@jaakerblom), ABC Research\ns.r.o, Yinyi Wu, Tommaso Bianco (@cutesmilee__)\nEntry added October 27, 2022\n\nApple Neural Engine\nAvailable for: iPhone 8 and later\nImpact: An app may be able to leak sensitive kernel state\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32858: Mohamed Ghannam (@_simo36)\nEntry added October 27, 2022\n\nApple Neural Engine\nAvailable for: iPhone 8 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32898: Mohamed Ghannam (@_simo36)\nCVE-2022-32899: Mohamed Ghannam (@_simo36)\nCVE-2022-32889: Mohamed Ghannam (@_simo36)\nEntry added October 27, 2022\n\nApple TV\nAvailable for: iPhone 8 and later\nImpact: An app may be able to access user-sensitive data\nDescription: The issue was addressed with improved handling of\ncaches. \nCVE-2022-32909: Csaba Fitzl (@theevilbit) of Offensive Security\nEntry added October 27, 2022\n\nContacts\nAvailable for: iPhone 8 and later\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved checks. \nCVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security\n\nCrash Reporter\nAvailable for: iPhone 8 and later\nImpact: A user with physical access to an iOS device may be able to\nread past diagnostic logs\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike\nEntry added October 27, 2022\n\nDriverKit\nAvailable for: iPhone 8 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)\nEntry added October 27, 2022\n\nExchange\nAvailable for: iPhone 8 and later\nImpact: A user in a privileged network position may be able to\nintercept mail credentials\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32928: an anonymous researcher\nEntry added October 27, 2022\n\nGPU Drivers\nAvailable for: iPhone 8 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-26744: an anonymous researcher\nEntry added October 27, 2022\n\nGPU Drivers\nAvailable for: iPhone 8 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32903: an anonymous researcher\nEntry added October 27, 2022\n\nImageIO\nAvailable for: iPhone 8 and later\nImpact: Processing an image may lead to a denial-of-service\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-1622\nEntry added October 27, 2022\n\nImage Processing\nAvailable for: iPhone 8 and later\nImpact: A sandboxed app may be able to determine which app is\ncurrently using the camera\nDescription: The issue was addressed with additional restrictions on\nthe observability of app states. \nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\nEntry added October 27, 2022\n\nIOGPUFamily\nAvailable for: iPhone 8 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32887: an anonymous researcher\nEntry added October 27, 2022\n\nKernel\nAvailable for: iPhone 8 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32914: Zweig of Kunlun Lab\nEntry added October 27, 2022\n\nKernel\nAvailable for: iPhone 8 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\nCVE-2022-32911: Zweig of Kunlun Lab\nEntry updated October 27, 2022\n\nKernel\nAvailable for: iPhone 8 and later\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: iPhone 8 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32917: an anonymous researcher \n\nMaps\nAvailable for: iPhone 8 and later\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32883: Ron Masas, breakpointhq.com\n\nMediaLibrary\nAvailable for: iPhone 8 and later\nImpact: A user may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-32908: an anonymous researcher\n\nNotifications\nAvailable for: iPhone 8 and later\nImpact: A user with physical access to a device may be able to access\ncontacts from the lock screen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32879: Ubeydullah S\u00fcmer\nEntry added October 27, 2022\n\nPhotos\nAvailable for: iPhone 8 and later\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha\nTechnologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort\n(evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan\nof Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd\nEntry added October 27, 2022\n\nSafari\nAvailable for: iPhone 8 and later\nImpact: Visiting a malicious website may lead to address bar spoofing\nDescription: This issue was addressed with improved checks. \nCVE-2022-32795: Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India)\n@imnarendrabhati\n\nSafari Extensions\nAvailable for: iPhone 8 and later\nImpact: A website may be able to track users through Safari web\nextensions\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 242278\nCVE-2022-32868: Michael\n\nSandbox\nAvailable for: iPhone 8 and later\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\nEntry added October 27, 2022\n\nSecurity\nAvailable for: iPhone 8 and later\nImpact: An app may be able to bypass code signing checks\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)\nEntry added October 27, 2022\n\nShortcuts\nAvailable for: iPhone 8 and later\nImpact: A person with physical access to an iOS device may be able to\naccess photos from the lock screen\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32872: Elite Tech Guru\n\nSidecar\nAvailable for: iPhone 8 and later\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42790: Om kothawade of Zaprico Digital\nEntry added October 27, 2022\n\nSiri\nAvailable for: iPhone 8 and later\nImpact: A user with physical access to a device may be able to use\nSiri to obtain some call history information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32870: Andrew Goldberg of The McCombs School of Business,\nThe University of Texas at Austin (linkedin.com/andrew-goldberg-/)\nEntry added October 27, 2022\n\nSQLite\nAvailable for: iPhone 8 and later\nImpact: A remote user may be able to cause a denial-of-service\nDescription: This issue was addressed with improved checks. \nCVE-2021-36690\nEntry added October 27, 2022\n\nTime Zone\nAvailable for: iPhone 8 and later\nImpact: Deleted contacts may still appear in spotlight search results\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32859\nEntry added October 27, 2022\n\nWatch app\nAvailable for: iPhone 8 and later\nImpact: An app may be able to read a persistent device identifier\nDescription: This issue was addressed with improved entitlements. \nCVE-2022-32835: Guilherme Rambo of Best Buddy Apps (rambo.codes)\nEntry added October 27, 2022\n\nWeather\nAvailable for: iPhone 8 and later\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32875: an anonymous researcher\nEntry added October 27, 2022\n\nWebKit\nAvailable for: iPhone 8 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nWebKit Bugzilla: 242047\nCVE-2022-32888: P1umer (@p1umer)\nEntry added October 27, 2022\n\nWebKit\nAvailable for: iPhone 8 and later\nImpact: Visiting a website that frames malicious content may lead to\nUI spoofing\nDescription: The issue was addressed with improved UI handling. \nWebKit Bugzilla: 243236\nCVE-2022-32891: @real_as3617, and an anonymous researcher\nEntry added October 27, 2022\n\nWebKit\nAvailable for: iPhone 8 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 241969\nCVE-2022-32886: P1umer, afang5472, xmzyshypnc\n\nWebKit\nAvailable for: iPhone 8 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nWebKit Bugzilla: 242762\nCVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with\nTrend Micro Zero Day Initiative\n\nWebKit Sandboxing\nAvailable for: iPhone 8 and later\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with improvements to the\nsandbox. \nWebKit Bugzilla: 243181\nCVE-2022-32892: @18\u697c\u68a6\u60f3\u6539\u9020\u5bb6 and @jq0904 of DBAppSecurity\u0027s WeBin lab\nEntry added October 27, 2022\n\nWi-Fi\nAvailable for: iPhone 8 and later\nImpact: An app may be able to cause unexpected system termination or\nwrite kernel memory\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32925: Wang Yu of Cyberserval\nEntry added October 27, 2022\n\nAdditional recognition\n\nAirDrop\nWe would like to acknowledge Alexander Heinrich, Milan Stute, and\nChristian Weinert of Technical University of Darmstadt for their\nassistance. \nEntry added October 27, 2022\n\nAppleCredentialManager\nWe would like to acknowledge @jonathandata1 for their assistance. \nEntry added October 27, 2022\n\nCalendar UI\nWe would like to acknowledge Abhay Kailasia (@abhay_kailasia) of\nLakshmi Narain College Of Technology Bhopal for their assistance. \nEntry added October 27, 2022\n\nFaceTime\nWe would like to acknowledge an anonymous researcher for their\nassistance. \nEntry added October 27, 2022\n\nFind My\nWe would like to acknowledge an anonymous researcher for their\nassistance. \nEntry added October 27, 2022\n\nGame Center\nWe would like to acknowledge Joshua Jones for their assistance. \n\niCloud\nWe would like to acknowledge B\u00fclent Aytulun, and an anonymous\nresearcher for their assistance. \nEntry added October 27, 2022\n\nIdentity Services\nWe would like to acknowledge Joshua Jones for their assistance. \n\nKernel\nWe would like to acknowledge Pan ZhenPeng(@Peterpan0927), Tingting\nYin of Tsinghua University, and Min Zheng of Ant Group, and an\nanonymous researcher for their assistance. \nEntry added October 27, 2022\n\nMail\nWe would like to acknowledge an anonymous researcher for their\nassistance. \nEntry added October 27, 2022\n\nNotes\nWe would like to acknowledge Edward Riley of Iron Cloud Limited\n(ironclouduk.com) for their assistance. \nEntry added October 27, 2022\n\nPhoto Booth\nWe would like to acknowledge Prashanth Kannan of Dremio for their\nassistance. \nEntry added October 27, 2022\n\nSandbox\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \nEntry added October 27, 2022\n\nShortcuts\nWe would like to acknowledge Shay Dror for their assistance. \nEntry added October 27, 2022\n\nSOS\nWe would like to acknowledge Xianfeng Lu and Lei Ai of OPPO Amber\nSecurity Lab for their assistance. \nEntry added October 27, 2022\n\nUIKit\nWe would like to acknowledge Aleczander Ewing, Simon de Vegt, and an\nanonymous researcher for their assistance. \nEntry added October 27, 2022\n\nWebKit\nWe would like to acknowledge an anonymous researcher for their\nassistance. \nEntry added October 27, 2022\n\nWebRTC\nWe would like to acknowledge an anonymous researcher for their\nassistance. \nEntry added October 27, 2022\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/  iTunes and Software Update on the\ndevice will automatically check Apple\u0027s update server on its weekly\nschedule. When an update is detected, it is downloaded and the option\nto be installed is presented to the user when the iOS device is\ndocked. We recommend applying the update immediately if possible. \nSelecting Don\u0027t Install will present the option the next time you\nconnect your iOS device.  The automatic update process may take up to\na week depending on the day that iTunes or the device checks for\nupdates. You may manually obtain the update via the Check for Updates\nbutton within iTunes, or the Software Update on your device.  To\ncheck that the iPhone, iPod touch, or iPad has been updated:  *\nNavigate to Settings * Select General * Select About. The version\nafter applying this update will be \"iOS 16\". \nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpoACgkQ4RjMIDke\nNxkQ8w/9FMTP02t/AKe0nXZ44UhfMLy7Sx88gpWRHaWKZtdjPADC2kxx1RbVSvrC\nC5nB6bw2zGppE1V284QitcNG9WrGGTINK6Knshv0PCkWLZnh1sYqX2bYbKmY6Ol7\nK+lRk6zicF3k7KcCZRly6UuJ8RvfPpa2wKuVVv5FBPM8bPRuovVRiRxGUWuO7emM\nZXyp4n5u+GldW8n8hRK/jxwGGwrKqFmXL9Ecd79I2/4uYmEx6tmoAYuEZs26BfjK\nEtd1F54PlewmyUKvVlWiwLhpVgygRqkmvW+jKwX46gBzwHFK88B9IV6wf8ZD5JaU\nUr+nqEjiqmbYdcfV8pu64eRNnlTiCmD/ehJg8sNG38m9SeqOw3ZNVaQ8+sgoXwsp\nrpsPDPsXmPqqadxERe7LwLXSm4KtTARdGbEffHAA5eqc+U0ja2u3piqk8ZKTrC6K\ntORrDjSkKx9AILbds99Wzbnb1rfF/09N1+LPQT7Ac8PCA/kE+XQ+nmSDoInh8PTU\nrFt3ZW9Ud0q6Y2Ix11WYrb6wOqs/vafaW5zXTnNfgKNvw2zO/9yKYhaqIjlGtLSJ\nOg/O1sdcPMPisBGQynF7Dj42riQD5RQGbB/GmfgRqUHFXwcWJxFRblkwUxbjuEaR\nnYRj90cDbUE2wmsE4y4uFfCVpKTQCQCKXuSuBkOQje0KjTDHWac=\n=I+iq\n-----END PGP SIGNATURE-----\n\n\n. \nCVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. Apple is aware of a report that this issue may\nhave been actively exploited. Apple is aware of a report that this issue\nmay have been actively exploited. \n\nInstructions on how to update your Apple Watch software are available\nat https://support.apple.com/kb/HT204641  To check the version on\nyour Apple Watch, open the Apple Watch app on your iPhone and select\n\"My Watch \u003e General \u003e About\".  Alternatively, on your watch, select\n\"My Watch \u003e General \u003e About\". -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5333-1                   security@debian.org\nhttps://www.debian.org/security/                                  Aron Xu\nJanuary 29, 2023                      https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : tiff\nCVE ID         : CVE-2022-1354 CVE-2022-1355 CVE-2022-1622 CVE-2022-1623 \n                 CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 CVE-2022-2519 \n                 CVE-2022-2520 CVE-2022-2521 CVE-2022-2867 CVE-2022-2868 \n                 CVE-2022-2869 CVE-2022-2953 CVE-2022-3570 CVE-2022-3597 \n                 CVE-2022-3599 CVE-2022-3627 CVE-2022-3636 CVE-2022-34526\n                 CVE-2022-48281\nDebian Bug     : 1011160 1014494 1022555 1024737 1029653\n\nSeveral buffer overflow, divide by zero or out of bounds read/write\nvulnerabilities were discovered in tiff, the Tag Image File Format (TIFF)\nlibrary and tools, which may cause denial of service when processing a\ncrafted TIFF image. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 4.2.0-1+deb11u3. \n\nWe recommend that you upgrade your tiff packages",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-1622"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011453"
      },
      {
        "db": "VULHUB",
        "id": "VHN-419735"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-1622"
      },
      {
        "db": "PACKETSTORM",
        "id": "169563"
      },
      {
        "db": "PACKETSTORM",
        "id": "169559"
      },
      {
        "db": "PACKETSTORM",
        "id": "169585"
      },
      {
        "db": "PACKETSTORM",
        "id": "169576"
      },
      {
        "db": "PACKETSTORM",
        "id": "169598"
      },
      {
        "db": "PACKETSTORM",
        "id": "169589"
      },
      {
        "db": "PACKETSTORM",
        "id": "170783"
      }
    ],
    "trust": 2.43
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-419735",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-419735"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-1622",
        "trust": 4.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169598",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011453",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "170783",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2022060633",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.5473",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.5300",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.5462",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-2732",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "169589",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "169563",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "169576",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "169559",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "169585",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-419735",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-1622",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-419735"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-1622"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011453"
      },
      {
        "db": "PACKETSTORM",
        "id": "169563"
      },
      {
        "db": "PACKETSTORM",
        "id": "169559"
      },
      {
        "db": "PACKETSTORM",
        "id": "169585"
      },
      {
        "db": "PACKETSTORM",
        "id": "169576"
      },
      {
        "db": "PACKETSTORM",
        "id": "169598"
      },
      {
        "db": "PACKETSTORM",
        "id": "169589"
      },
      {
        "db": "PACKETSTORM",
        "id": "170783"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-1622"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-2732"
      }
    ]
  },
  "id": "VAR-202205-0743",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-419735"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:02:33.906000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT213488",
        "trust": 0.8,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/c7iwztb4j2n4f5or5qy4vhdskwkzswn3/"
      },
      {
        "title": "Amazon Linux 2022: ALAS2022-2022-094",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=alas2022-2022-094"
      },
      {
        "title": "Debian Security Advisories: DSA-5333-1 tiff -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=c77904c23e5b132ffe7c410eba93e432"
      },
      {
        "title": "Amazon Linux 2022: ALAS2022-2022-183",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=alas2022-2022-183"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-1622"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011453"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-125",
        "trust": 1.1
      },
      {
        "problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-419735"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011453"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-1622"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/cve-2022-1622.json"
      },
      {
        "trust": 1.8,
        "url": "http://seclists.org/fulldisclosure/2022/oct/41"
      },
      {
        "trust": 1.8,
        "url": "https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a"
      },
      {
        "trust": 1.8,
        "url": "https://gitlab.com/libtiff/libtiff/-/issues/410"
      },
      {
        "trust": 1.8,
        "url": "https://security.netapp.com/advisory/ntap-20220616-0005/"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht213443"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht213444"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht213446"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht213486"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht213487"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht213488"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1622"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2022/oct/28"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2022/oct/39"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/c7iwztb4j2n4f5or5qy4vhdskwkzswn3/"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/uxafop6qqrnzd3hpz6bmcezzom4yizmk/"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/uxafop6qqrnzd3hpz6bmcezzom4yizmk/"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/c7iwztb4j2n4f5or5qy4vhdskwkzswn3/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/170783/debian-security-advisory-5333-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/libtiff-out-of-bounds-memory-reading-via-lzwdecode-38292"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/169598/apple-security-advisory-2022-10-27-13.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.5462"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.5473"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-1622/"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht213488"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022060633"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2022-1622"
      },
      {
        "trust": 0.5,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.5,
        "url": "https://support.apple.com/en-us/ht201222."
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32866"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32864"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36690"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32854"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32881"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1355"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1623"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1354"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32858"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32835"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32875"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/downloads/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39537"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32888"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32879"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32886"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/125.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://alas.aws.amazon.com/al2022/alas-2022-094.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1056"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1210"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0908"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0907"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22844"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0562"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0909"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0561"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/glsa/202210-10"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0924"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0865"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0891"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32867"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32859"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26744"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht213446."
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32865"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32827"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32868"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32795"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32877"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht213443."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht213444."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht204641"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht213486."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32883"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32870"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32907"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32891"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht213487."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32912"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32903"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32908"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32911"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2953"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2058"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2520"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2869"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2867"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2868"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2057"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/tiff"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2056"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2519"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2521"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-419735"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-1622"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011453"
      },
      {
        "db": "PACKETSTORM",
        "id": "169563"
      },
      {
        "db": "PACKETSTORM",
        "id": "169559"
      },
      {
        "db": "PACKETSTORM",
        "id": "169585"
      },
      {
        "db": "PACKETSTORM",
        "id": "169576"
      },
      {
        "db": "PACKETSTORM",
        "id": "169598"
      },
      {
        "db": "PACKETSTORM",
        "id": "169589"
      },
      {
        "db": "PACKETSTORM",
        "id": "170783"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-1622"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-2732"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-419735"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-1622"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011453"
      },
      {
        "db": "PACKETSTORM",
        "id": "169563"
      },
      {
        "db": "PACKETSTORM",
        "id": "169559"
      },
      {
        "db": "PACKETSTORM",
        "id": "169585"
      },
      {
        "db": "PACKETSTORM",
        "id": "169576"
      },
      {
        "db": "PACKETSTORM",
        "id": "169598"
      },
      {
        "db": "PACKETSTORM",
        "id": "169589"
      },
      {
        "db": "PACKETSTORM",
        "id": "170783"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-1622"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-2732"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-05-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-419735"
      },
      {
        "date": "2022-05-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-1622"
      },
      {
        "date": "2023-08-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-011453"
      },
      {
        "date": "2022-10-31T14:24:25",
        "db": "PACKETSTORM",
        "id": "169563"
      },
      {
        "date": "2022-10-31T14:22:02",
        "db": "PACKETSTORM",
        "id": "169559"
      },
      {
        "date": "2022-10-31T14:50:18",
        "db": "PACKETSTORM",
        "id": "169585"
      },
      {
        "date": "2022-10-31T14:42:57",
        "db": "PACKETSTORM",
        "id": "169576"
      },
      {
        "date": "2022-10-31T14:56:26",
        "db": "PACKETSTORM",
        "id": "169598"
      },
      {
        "date": "2022-10-31T14:51:24",
        "db": "PACKETSTORM",
        "id": "169589"
      },
      {
        "date": "2023-01-30T16:31:59",
        "db": "PACKETSTORM",
        "id": "170783"
      },
      {
        "date": "2022-05-11T15:15:09.237000",
        "db": "NVD",
        "id": "CVE-2022-1622"
      },
      {
        "date": "2022-05-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202205-2732"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-11-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-419735"
      },
      {
        "date": "2022-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-1622"
      },
      {
        "date": "2023-08-22T07:50:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-011453"
      },
      {
        "date": "2023-11-07T03:42:03.737000",
        "db": "NVD",
        "id": "CVE-2022-1622"
      },
      {
        "date": "2023-02-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202205-2732"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-2732"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "LibTIFF\u00a0 Out-of-bounds read vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-011453"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-2732"
      }
    ],
    "trust": 0.6
  }
}

var-201803-0099
Vulnerability from variot

The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither. LibTIFF Contains a vulnerability related to division by zero.Service operation interruption (DoS) There is a possibility of being put into a state. LibTIFF is prone to a denial-of-service vulnerability. Successful exploits may allow attackers to crash the affected application, denying service to legitimate users. A denial of service vulnerability exists in Silicon Graphics LibTiff prior to 4.0.3. ============================================================================ Ubuntu Security Notice USN-2553-2 April 01, 2015

tiff regression

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary:

USN-2553-1 introduced a regression in LibTIFF. One of the security fixes caused a regression when saving certain TIFF files with a Predictor tag. The problematic patch has been temporarily backed out until a more complete fix is available.

We apologize for the inconvenience.

Original advisory details:

William Robinet discovered that LibTIFF incorrectly handled certain malformed images. (CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130) Paris Zoumpouloglou discovered that LibTIFF incorrectly handled certain malformed BMP images. (CVE-2014-9655)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.10: libtiff5 4.0.3-10ubuntu0.2

Ubuntu 14.04 LTS: libtiff5 4.0.3-7ubuntu0.3

Ubuntu 12.04 LTS: libtiff4 3.9.5-2ubuntu1.8

Ubuntu 10.04 LTS: libtiff4 3.9.2-2ubuntu0.16

In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: libtiff security update Advisory ID: RHSA-2016:1546-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1546.html Issue date: 2016-08-02 CVE Names: CVE-2014-8127 CVE-2014-8129 CVE-2014-8130 CVE-2014-9330 CVE-2014-9655 CVE-2015-1547 CVE-2015-7554 CVE-2015-8665 CVE-2015-8668 CVE-2015-8683 CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2015-8784 CVE-2016-3632 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5320 =====================================================================

  1. Summary:

An update for libtiff is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

Security Fix(es):

  • Multiple flaws have been discovered in libtiff. (CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320)

  • Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991)

  • Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running applications linked against libtiff must be restarted for this update to take effect.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1177893 - CVE-2014-9330 libtiff: Out-of-bounds reads followed by a crash in bmp2tiff 1185805 - CVE-2014-8127 libtiff: out-of-bounds read with malformed TIFF image in multiple tools 1185815 - CVE-2014-8129 libtiff: out-of-bounds read/write with malformed TIFF image in tiff2pdf 1185817 - CVE-2014-8130 libtiff: divide by zero in the tiffdither tool 1190703 - CVE-2014-9655 libtiff: use of uninitialized memory in putcontig8bitYCbCr21tile and NeXTDecode 1190709 - CVE-2015-1547 libtiff: use of uninitialized memory in NeXTDecode 1294417 - CVE-2015-7554 libtiff: Invalid-write in _TIFFVGetField() when parsing some extension tags 1294425 - CVE-2015-8668 libtiff: OOB read in bmp2tiff 1294427 - CVE-2015-8683 libtiff: Out-of-bounds when reading CIE Lab image format files 1294444 - CVE-2015-8665 libtiff: Out-of-bounds read in tif_getimage.c 1301649 - CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 libtiff: invalid assertion 1301652 - CVE-2015-8784 libtiff: out-of-bound write in NeXTDecode() 1325093 - CVE-2016-3945 libtiff: out-of-bounds write in the tiff2rgba tool 1325095 - CVE-2016-3632 libtiff: out-of-bounds write in _TIFFVGetField function 1326246 - CVE-2016-3990 libtiff: out-of-bounds write in horizontalDifference8() 1326249 - CVE-2016-3991 libtiff: out-of-bounds write in loadImage() function 1346687 - CVE-2016-5320 libtiff: Out-of-bounds write in PixarLogDecode() function in tif_pixarlog.c

  1. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source: libtiff-4.0.3-25.el7_2.src.rpm

x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: libtiff-4.0.3-25.el7_2.src.rpm

x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: libtiff-4.0.3-25.el7_2.src.rpm

ppc64: libtiff-4.0.3-25.el7_2.ppc.rpm libtiff-4.0.3-25.el7_2.ppc64.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc64.rpm libtiff-devel-4.0.3-25.el7_2.ppc.rpm libtiff-devel-4.0.3-25.el7_2.ppc64.rpm

ppc64le: libtiff-4.0.3-25.el7_2.ppc64le.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc64le.rpm libtiff-devel-4.0.3-25.el7_2.ppc64le.rpm

s390x: libtiff-4.0.3-25.el7_2.s390.rpm libtiff-4.0.3-25.el7_2.s390x.rpm libtiff-debuginfo-4.0.3-25.el7_2.s390.rpm libtiff-debuginfo-4.0.3-25.el7_2.s390x.rpm libtiff-devel-4.0.3-25.el7_2.s390.rpm libtiff-devel-4.0.3-25.el7_2.s390x.rpm

x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: libtiff-debuginfo-4.0.3-25.el7_2.ppc.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc64.rpm libtiff-static-4.0.3-25.el7_2.ppc.rpm libtiff-static-4.0.3-25.el7_2.ppc64.rpm libtiff-tools-4.0.3-25.el7_2.ppc64.rpm

ppc64le: libtiff-debuginfo-4.0.3-25.el7_2.ppc64le.rpm libtiff-static-4.0.3-25.el7_2.ppc64le.rpm libtiff-tools-4.0.3-25.el7_2.ppc64le.rpm

s390x: libtiff-debuginfo-4.0.3-25.el7_2.s390.rpm libtiff-debuginfo-4.0.3-25.el7_2.s390x.rpm libtiff-static-4.0.3-25.el7_2.s390.rpm libtiff-static-4.0.3-25.el7_2.s390x.rpm libtiff-tools-4.0.3-25.el7_2.s390x.rpm

x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: libtiff-4.0.3-25.el7_2.src.rpm

x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2014-8127 https://access.redhat.com/security/cve/CVE-2014-8129 https://access.redhat.com/security/cve/CVE-2014-8130 https://access.redhat.com/security/cve/CVE-2014-9330 https://access.redhat.com/security/cve/CVE-2014-9655 https://access.redhat.com/security/cve/CVE-2015-1547 https://access.redhat.com/security/cve/CVE-2015-7554 https://access.redhat.com/security/cve/CVE-2015-8665 https://access.redhat.com/security/cve/CVE-2015-8668 https://access.redhat.com/security/cve/CVE-2015-8683 https://access.redhat.com/security/cve/CVE-2015-8781 https://access.redhat.com/security/cve/CVE-2015-8782 https://access.redhat.com/security/cve/CVE-2015-8783 https://access.redhat.com/security/cve/CVE-2015-8784 https://access.redhat.com/security/cve/CVE-2016-3632 https://access.redhat.com/security/cve/CVE-2016-3945 https://access.redhat.com/security/cve/CVE-2016-3990 https://access.redhat.com/security/cve/CVE-2016-3991 https://access.redhat.com/security/cve/CVE-2016-5320 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFXoNKIXlSAg2UNWIIRAn0mAJ49V9uRtJCn4vAWPIfVZ3ptCa4NDQCbBuTb H5YX3gD3gJu8C4EadiP+wtg= =Z4gh -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8127 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8128 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8129 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8130 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9655 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1547 http://advisories.mageia.org/MGASA-2015-0112.html


Updated Packages:

Mandriva Business Server 2/X86_64: 17de6bd824adefbdae0ff3c563d63269 mbs2/x86_64/lib64tiff5-4.0.4-0.1.mbs2.x86_64.rpm f54719a7fc450ee6d6f755276d9e2724 mbs2/x86_64/lib64tiff-devel-4.0.4-0.1.mbs2.x86_64.rpm 919f8e9c688aa4341e3e5a0beec9d845 mbs2/x86_64/lib64tiff-static-devel-4.0.4-0.1.mbs2.x86_64.rpm f144bb33e2e10f9290851a5c8154660c mbs2/x86_64/libtiff-progs-4.0.4-0.1.mbs2.x86_64.rpm 74ddb4270be8dac262dce7cb8e33f2b6 mbs2/SRPMS/libtiff-4.0.4-0.1.mbs2.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVGACNmqjQ0CJFipgRAqWHAKCMsgmTovS2eO9vgejrPl3VxblviwCfdmYA gzHy/Xg9PwU1pycCt9bn7Xg= =Qxp+ -----END PGP SIGNATURE----- .


Gentoo Linux Security Advisory GLSA 201701-16


                                       https://security.gentoo.org/

Severity: Normal Title: libTIFF: Multiple vulnerabilities Date: January 09, 2017 Bugs: #484542, #534108, #538318, #561880, #572876, #585274, #585508, #599746 ID: 201701-16


Synopsis

Multiple vulnerabilities have been found in libTIFF, the worst of which may allow execution of arbitrary code. It is called by numerous programs, including GNOME and KDE applications, to interpret TIFF images. Please review the CVE identifier and bug reports referenced for details.

Workaround

There is no known workaround at this time.

Resolution

All libTIFF users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/tiff-4.0.7"

References

[ 1 ] CVE-2013-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4243 [ 2 ] CVE-2014-8127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8127 [ 3 ] CVE-2014-8128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8128 [ 4 ] CVE-2014-8129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8129 [ 5 ] CVE-2014-8130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8130 [ 6 ] CVE-2014-9330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9330 [ 7 ] CVE-2014-9655 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9655 [ 8 ] CVE-2015-1547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1547 [ 9 ] CVE-2015-7313 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7313 [ 10 ] CVE-2015-7554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7554 [ 11 ] CVE-2015-8665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8665 [ 12 ] CVE-2015-8668 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8668 [ 13 ] CVE-2015-8683 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8683 [ 14 ] CVE-2015-8781 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8781 [ 15 ] CVE-2015-8782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8782 [ 16 ] CVE-2015-8783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8783 [ 17 ] CVE-2015-8784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8784 [ 18 ] CVE-2016-3186 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3186 [ 19 ] CVE-2016-3619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3619 [ 20 ] CVE-2016-3620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3620 [ 21 ] CVE-2016-3621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3621 [ 22 ] CVE-2016-3622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3622 [ 23 ] CVE-2016-3623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3623 [ 24 ] CVE-2016-3624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3624 [ 25 ] CVE-2016-3625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3625 [ 26 ] CVE-2016-3631 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3631 [ 27 ] CVE-2016-3632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3632 [ 28 ] CVE-2016-3633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3633 [ 29 ] CVE-2016-3634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3634 [ 30 ] CVE-2016-3658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3658 [ 31 ] CVE-2016-3945 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3945 [ 32 ] CVE-2016-3990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3990 [ 33 ] CVE-2016-3991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3991 [ 34 ] CVE-2016-5102 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5102 [ 35 ] CVE-2016-5314 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5314 [ 36 ] CVE-2016-5315 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5315 [ 37 ] CVE-2016-5316 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5316 [ 38 ] CVE-2016-5317 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5317 [ 39 ] CVE-2016-5318 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5318 [ 40 ] CVE-2016-5319 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5319 [ 41 ] CVE-2016-5320 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5320 [ 42 ] CVE-2016-5321 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5321 [ 43 ] CVE-2016-5322 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5322 [ 44 ] CVE-2016-5323 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5323 [ 45 ] CVE-2016-5652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5652 [ 46 ] CVE-2016-5875 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5875 [ 47 ] CVE-2016-6223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6223 [ 48 ] CVE-2016-8331 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8331 [ 49 ] CVE-2016-9273 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9273 [ 50 ] CVE-2016-9297 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9297 [ 51 ] CVE-2016-9318 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9318 [ 52 ] CVE-2016-9448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9448 [ 53 ] CVE-2016-9453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9453 [ 54 ] CVE-2016-9532 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9532

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201701-16

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

--WUa5dgL7FmU1aSF31hCrUKc2JiSevbqka--

. 6) - i386, x86_64

3

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201803-0099",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "libtiff",
        "version": "4.0.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.10.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.10.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.8.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.9.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.10.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.10.2"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.4"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.4"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "*"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "mac os x",
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "ios",
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "enterprise linux desktop",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "enterprise linux server",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "enterprise linux server aus",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "enterprise linux server eus",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "enterprise linux server tus",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "enterprise linux workstation",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "iphone"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "ipad2"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "ipodtouch"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0"
      },
      {
        "model": "vm server for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x863.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.3"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1x8664"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.2"
      },
      {
        "model": "ios beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.1"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.24"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.1"
      },
      {
        "model": "ios beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "64"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.10"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.4"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.22"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.36"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.9"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.2"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.4"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "ios beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.34"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.26"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.10"
      },
      {
        "model": "ios for developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.7"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.4"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.21"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "vm server for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x863.3"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.31"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.4"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.3"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "72353"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008536"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-711"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8130"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:libtiff:libtiff:4.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:ipodtouch:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:iphone:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:ipad2:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-8130"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "William Robinet and american fuzzy lop",
    "sources": [
      {
        "db": "BID",
        "id": "72353"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-711"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2014-8130",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2014-8130",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-76075",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2014-8130",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-8130",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201501-711",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-76075",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-8130",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-76075"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-8130"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008536"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-711"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8130"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither. LibTIFF Contains a vulnerability related to division by zero.Service operation interruption (DoS) There is a possibility of being put into a state. LibTIFF is prone to a denial-of-service vulnerability. \nSuccessful exploits may allow attackers to crash the affected  application, denying service to legitimate users. A denial of service vulnerability exists in Silicon Graphics LibTiff prior to 4.0.3. ============================================================================\nUbuntu Security Notice USN-2553-2\nApril 01, 2015\n\ntiff regression\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nUSN-2553-1 introduced a regression in LibTIFF. One of the security fixes\ncaused a regression when saving certain TIFF files with a Predictor tag. \nThe problematic patch has been temporarily backed out until a more complete\nfix is available. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\n William Robinet discovered that LibTIFF incorrectly handled certain\n malformed images. (CVE-2014-8127, CVE-2014-8128, CVE-2014-8129,\n CVE-2014-8130)\n  Paris Zoumpouloglou discovered that LibTIFF incorrectly handled certain\n malformed BMP images. (CVE-2014-9655)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.10:\n  libtiff5                        4.0.3-10ubuntu0.2\n\nUbuntu 14.04 LTS:\n  libtiff5                        4.0.3-7ubuntu0.3\n\nUbuntu 12.04 LTS:\n  libtiff4                        3.9.5-2ubuntu1.8\n\nUbuntu 10.04 LTS:\n  libtiff4                        3.9.2-2ubuntu0.16\n\nIn general, a standard system update will make all the necessary changes. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: libtiff security update\nAdvisory ID:       RHSA-2016:1546-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-1546.html\nIssue date:        2016-08-02\nCVE Names:         CVE-2014-8127 CVE-2014-8129 CVE-2014-8130 \n                   CVE-2014-9330 CVE-2014-9655 CVE-2015-1547 \n                   CVE-2015-7554 CVE-2015-8665 CVE-2015-8668 \n                   CVE-2015-8683 CVE-2015-8781 CVE-2015-8782 \n                   CVE-2015-8783 CVE-2015-8784 CVE-2016-3632 \n                   CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 \n                   CVE-2016-5320 \n=====================================================================\n\n1. Summary:\n\nAn update for libtiff is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe libtiff packages contain a library of functions for manipulating Tagged\nImage File Format (TIFF) files. \n\nSecurity Fix(es):\n\n* Multiple flaws have been discovered in libtiff. (CVE-2014-9655, CVE-2015-1547,\nCVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782,\nCVE-2015-8783, CVE-2016-3990, CVE-2016-5320)\n\n* Multiple flaws have been discovered in various libtiff tools (bmp2tiff,\npal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit,\ntiff2rgba). By tricking a user into processing a specially crafted file, a\nremote attacker could exploit these flaws to cause a crash or memory\ncorruption and, possibly, execute arbitrary code with the privileges of the\nuser running the libtiff tool. (CVE-2014-8127, CVE-2014-8129,\nCVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632,\nCVE-2016-3945, CVE-2016-3991)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running applications linked against libtiff must be restarted for this\nupdate to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1177893 - CVE-2014-9330 libtiff: Out-of-bounds reads followed by a crash in bmp2tiff\n1185805 - CVE-2014-8127 libtiff: out-of-bounds read with malformed TIFF image in multiple tools\n1185815 - CVE-2014-8129 libtiff: out-of-bounds read/write with malformed TIFF image in tiff2pdf\n1185817 - CVE-2014-8130 libtiff: divide by zero in the tiffdither tool\n1190703 - CVE-2014-9655 libtiff: use of uninitialized memory in putcontig8bitYCbCr21tile and NeXTDecode\n1190709 - CVE-2015-1547 libtiff: use of uninitialized memory in NeXTDecode\n1294417 - CVE-2015-7554 libtiff: Invalid-write in _TIFFVGetField() when parsing some extension tags\n1294425 - CVE-2015-8668 libtiff: OOB read in bmp2tiff\n1294427 - CVE-2015-8683 libtiff: Out-of-bounds when reading CIE Lab image format files\n1294444 - CVE-2015-8665 libtiff: Out-of-bounds read in tif_getimage.c\n1301649 - CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 libtiff: invalid assertion\n1301652 - CVE-2015-8784 libtiff: out-of-bound write in NeXTDecode()\n1325093 - CVE-2016-3945 libtiff: out-of-bounds write in the tiff2rgba tool\n1325095 - CVE-2016-3632 libtiff: out-of-bounds write in _TIFFVGetField function\n1326246 - CVE-2016-3990 libtiff: out-of-bounds write in horizontalDifference8()\n1326249 - CVE-2016-3991 libtiff: out-of-bounds write in loadImage() function\n1346687 - CVE-2016-5320 libtiff: Out-of-bounds write in PixarLogDecode() function in tif_pixarlog.c\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nlibtiff-4.0.3-25.el7_2.src.rpm\n\nx86_64:\nlibtiff-4.0.3-25.el7_2.i686.rpm\nlibtiff-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-devel-4.0.3-25.el7_2.i686.rpm\nlibtiff-devel-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-static-4.0.3-25.el7_2.i686.rpm\nlibtiff-static-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-tools-4.0.3-25.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nlibtiff-4.0.3-25.el7_2.src.rpm\n\nx86_64:\nlibtiff-4.0.3-25.el7_2.i686.rpm\nlibtiff-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-devel-4.0.3-25.el7_2.i686.rpm\nlibtiff-devel-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-static-4.0.3-25.el7_2.i686.rpm\nlibtiff-static-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-tools-4.0.3-25.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nlibtiff-4.0.3-25.el7_2.src.rpm\n\nppc64:\nlibtiff-4.0.3-25.el7_2.ppc.rpm\nlibtiff-4.0.3-25.el7_2.ppc64.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.ppc.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.ppc64.rpm\nlibtiff-devel-4.0.3-25.el7_2.ppc.rpm\nlibtiff-devel-4.0.3-25.el7_2.ppc64.rpm\n\nppc64le:\nlibtiff-4.0.3-25.el7_2.ppc64le.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.ppc64le.rpm\nlibtiff-devel-4.0.3-25.el7_2.ppc64le.rpm\n\ns390x:\nlibtiff-4.0.3-25.el7_2.s390.rpm\nlibtiff-4.0.3-25.el7_2.s390x.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.s390.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.s390x.rpm\nlibtiff-devel-4.0.3-25.el7_2.s390.rpm\nlibtiff-devel-4.0.3-25.el7_2.s390x.rpm\n\nx86_64:\nlibtiff-4.0.3-25.el7_2.i686.rpm\nlibtiff-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-devel-4.0.3-25.el7_2.i686.rpm\nlibtiff-devel-4.0.3-25.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nlibtiff-debuginfo-4.0.3-25.el7_2.ppc.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.ppc64.rpm\nlibtiff-static-4.0.3-25.el7_2.ppc.rpm\nlibtiff-static-4.0.3-25.el7_2.ppc64.rpm\nlibtiff-tools-4.0.3-25.el7_2.ppc64.rpm\n\nppc64le:\nlibtiff-debuginfo-4.0.3-25.el7_2.ppc64le.rpm\nlibtiff-static-4.0.3-25.el7_2.ppc64le.rpm\nlibtiff-tools-4.0.3-25.el7_2.ppc64le.rpm\n\ns390x:\nlibtiff-debuginfo-4.0.3-25.el7_2.s390.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.s390x.rpm\nlibtiff-static-4.0.3-25.el7_2.s390.rpm\nlibtiff-static-4.0.3-25.el7_2.s390x.rpm\nlibtiff-tools-4.0.3-25.el7_2.s390x.rpm\n\nx86_64:\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-static-4.0.3-25.el7_2.i686.rpm\nlibtiff-static-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-tools-4.0.3-25.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nlibtiff-4.0.3-25.el7_2.src.rpm\n\nx86_64:\nlibtiff-4.0.3-25.el7_2.i686.rpm\nlibtiff-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-devel-4.0.3-25.el7_2.i686.rpm\nlibtiff-devel-4.0.3-25.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-static-4.0.3-25.el7_2.i686.rpm\nlibtiff-static-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-tools-4.0.3-25.el7_2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-8127\nhttps://access.redhat.com/security/cve/CVE-2014-8129\nhttps://access.redhat.com/security/cve/CVE-2014-8130\nhttps://access.redhat.com/security/cve/CVE-2014-9330\nhttps://access.redhat.com/security/cve/CVE-2014-9655\nhttps://access.redhat.com/security/cve/CVE-2015-1547\nhttps://access.redhat.com/security/cve/CVE-2015-7554\nhttps://access.redhat.com/security/cve/CVE-2015-8665\nhttps://access.redhat.com/security/cve/CVE-2015-8668\nhttps://access.redhat.com/security/cve/CVE-2015-8683\nhttps://access.redhat.com/security/cve/CVE-2015-8781\nhttps://access.redhat.com/security/cve/CVE-2015-8782\nhttps://access.redhat.com/security/cve/CVE-2015-8783\nhttps://access.redhat.com/security/cve/CVE-2015-8784\nhttps://access.redhat.com/security/cve/CVE-2016-3632\nhttps://access.redhat.com/security/cve/CVE-2016-3945\nhttps://access.redhat.com/security/cve/CVE-2016-3990\nhttps://access.redhat.com/security/cve/CVE-2016-3991\nhttps://access.redhat.com/security/cve/CVE-2016-5320\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXoNKIXlSAg2UNWIIRAn0mAJ49V9uRtJCn4vAWPIfVZ3ptCa4NDQCbBuTb\nH5YX3gD3gJu8C4EadiP+wtg=\n=Z4gh\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8127\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8128\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8129\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8130\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9655\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1547\n http://advisories.mageia.org/MGASA-2015-0112.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 17de6bd824adefbdae0ff3c563d63269  mbs2/x86_64/lib64tiff5-4.0.4-0.1.mbs2.x86_64.rpm\n f54719a7fc450ee6d6f755276d9e2724  mbs2/x86_64/lib64tiff-devel-4.0.4-0.1.mbs2.x86_64.rpm\n 919f8e9c688aa4341e3e5a0beec9d845  mbs2/x86_64/lib64tiff-static-devel-4.0.4-0.1.mbs2.x86_64.rpm\n f144bb33e2e10f9290851a5c8154660c  mbs2/x86_64/libtiff-progs-4.0.4-0.1.mbs2.x86_64.rpm \n 74ddb4270be8dac262dce7cb8e33f2b6  mbs2/SRPMS/libtiff-4.0.4-0.1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVGACNmqjQ0CJFipgRAqWHAKCMsgmTovS2eO9vgejrPl3VxblviwCfdmYA\ngzHy/Xg9PwU1pycCt9bn7Xg=\n=Qxp+\n-----END PGP SIGNATURE-----\n. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201701-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: libTIFF: Multiple vulnerabilities\n     Date: January 09, 2017\n     Bugs: #484542, #534108, #538318, #561880, #572876, #585274,\n           #585508, #599746\n       ID: 201701-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in libTIFF, the worst of which\nmay allow execution of arbitrary code. It is called by numerous programs, including GNOME\nand KDE applications, to interpret TIFF images. Please review\nthe CVE identifier and bug reports referenced for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll libTIFF users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=media-libs/tiff-4.0.7\"\n\nReferences\n==========\n\n[  1 ] CVE-2013-4243\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4243\n[  2 ] CVE-2014-8127\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8127\n[  3 ] CVE-2014-8128\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8128\n[  4 ] CVE-2014-8129\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8129\n[  5 ] CVE-2014-8130\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8130\n[  6 ] CVE-2014-9330\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9330\n[  7 ] CVE-2014-9655\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9655\n[  8 ] CVE-2015-1547\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1547\n[  9 ] CVE-2015-7313\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7313\n[ 10 ] CVE-2015-7554\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7554\n[ 11 ] CVE-2015-8665\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8665\n[ 12 ] CVE-2015-8668\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8668\n[ 13 ] CVE-2015-8683\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8683\n[ 14 ] CVE-2015-8781\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8781\n[ 15 ] CVE-2015-8782\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8782\n[ 16 ] CVE-2015-8783\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8783\n[ 17 ] CVE-2015-8784\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8784\n[ 18 ] CVE-2016-3186\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3186\n[ 19 ] CVE-2016-3619\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3619\n[ 20 ] CVE-2016-3620\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3620\n[ 21 ] CVE-2016-3621\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3621\n[ 22 ] CVE-2016-3622\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3622\n[ 23 ] CVE-2016-3623\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3623\n[ 24 ] CVE-2016-3624\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3624\n[ 25 ] CVE-2016-3625\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3625\n[ 26 ] CVE-2016-3631\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3631\n[ 27 ] CVE-2016-3632\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3632\n[ 28 ] CVE-2016-3633\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3633\n[ 29 ] CVE-2016-3634\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3634\n[ 30 ] CVE-2016-3658\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3658\n[ 31 ] CVE-2016-3945\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3945\n[ 32 ] CVE-2016-3990\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3990\n[ 33 ] CVE-2016-3991\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3991\n[ 34 ] CVE-2016-5102\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5102\n[ 35 ] CVE-2016-5314\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5314\n[ 36 ] CVE-2016-5315\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5315\n[ 37 ] CVE-2016-5316\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5316\n[ 38 ] CVE-2016-5317\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5317\n[ 39 ] CVE-2016-5318\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5318\n[ 40 ] CVE-2016-5319\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5319\n[ 41 ] CVE-2016-5320\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5320\n[ 42 ] CVE-2016-5321\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5321\n[ 43 ] CVE-2016-5322\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5322\n[ 44 ] CVE-2016-5323\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5323\n[ 45 ] CVE-2016-5652\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5652\n[ 46 ] CVE-2016-5875\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5875\n[ 47 ] CVE-2016-6223\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6223\n[ 48 ] CVE-2016-8331\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8331\n[ 49 ] CVE-2016-9273\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9273\n[ 50 ] CVE-2016-9297\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9297\n[ 51 ] CVE-2016-9318\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9318\n[ 52 ] CVE-2016-9448\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9448\n[ 53 ] CVE-2016-9453\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9453\n[ 54 ] CVE-2016-9532\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9532\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201701-16\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n--WUa5dgL7FmU1aSF31hCrUKc2JiSevbqka--\n\n. 6) - i386, x86_64\n\n3",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-8130"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008536"
      },
      {
        "db": "BID",
        "id": "72353"
      },
      {
        "db": "VULHUB",
        "id": "VHN-76075"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-8130"
      },
      {
        "db": "PACKETSTORM",
        "id": "131257"
      },
      {
        "db": "PACKETSTORM",
        "id": "138137"
      },
      {
        "db": "PACKETSTORM",
        "id": "131226"
      },
      {
        "db": "PACKETSTORM",
        "id": "131177"
      },
      {
        "db": "PACKETSTORM",
        "id": "140402"
      },
      {
        "db": "PACKETSTORM",
        "id": "138138"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-8130",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "72353",
        "trust": 2.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2015/01/24/15",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1032760",
        "trust": 1.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008536",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-711",
        "trust": 0.7
      },
      {
        "db": "NSFOCUS",
        "id": "29124",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "131257",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-76075",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-8130",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138137",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131226",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131177",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140402",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138138",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-76075"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-8130"
      },
      {
        "db": "BID",
        "id": "72353"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008536"
      },
      {
        "db": "PACKETSTORM",
        "id": "131257"
      },
      {
        "db": "PACKETSTORM",
        "id": "138137"
      },
      {
        "db": "PACKETSTORM",
        "id": "131226"
      },
      {
        "db": "PACKETSTORM",
        "id": "131177"
      },
      {
        "db": "PACKETSTORM",
        "id": "140402"
      },
      {
        "db": "PACKETSTORM",
        "id": "138138"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-711"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8130"
      }
    ]
  },
  "id": "VAR-201803-0099",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-76075"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T21:49:16.122000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT204941",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht204941"
      },
      {
        "title": "HT204942",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht204942"
      },
      {
        "title": "HT204941",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht204941"
      },
      {
        "title": "HT204942",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht204942"
      },
      {
        "title": "* libtiff/tif_{unix,vms,win32}.c (_TIFFmalloc):",
        "trust": 0.8,
        "url": "https://github.com/vadz/libtiff/commit/3c5eb8b1be544e41d2c336191bc4936300ad7543"
      },
      {
        "title": "Bug 1185817",
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185817"
      },
      {
        "title": "RHSA-2016:1546",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1546.html"
      },
      {
        "title": "RHSA-2016:1547",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1547.html"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2014-8130"
      },
      {
        "title": "Ubuntu Security Notice: tiff vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2553-1"
      },
      {
        "title": "Ubuntu Security Notice: tiff regression",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2553-2"
      },
      {
        "title": "Debian CVElist Bug Report Logs: tiff: CVE-2014-8127 CVE-2014-8128 CVE-2014-8130",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=b9d749356a17e64ae08267d2b44915c1"
      },
      {
        "title": "Apple: OS X Yosemite v10.10.4 and Security Update 2015-005",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=50398602701d671602946005c7864211"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2016-733",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-733"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201611-26] libtiff: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201611-26"
      },
      {
        "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=6c15273f6bf4a785175f27073b98a1ce"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201611-27] lib32-libtiff: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201611-27"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=0bd8c924b56aac98dda0f5b45f425f38"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6283337cd31f81f24d445925f2138c0e"
      },
      {
        "title": "afl-cve",
        "trust": 0.1,
        "url": "https://github.com/mrash/afl-cve "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-8130"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008536"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-369",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-76075"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008536"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8130"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.9,
        "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2483"
      },
      {
        "trust": 2.1,
        "url": "http://www.conostix.com/pub/adv/cve-2014-8130-libtiff-division_by_zero.txt"
      },
      {
        "trust": 1.9,
        "url": "http://www.securityfocus.com/bid/72353"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00001.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html"
      },
      {
        "trust": 1.8,
        "url": "http://openwall.com/lists/oss-security/2015/01/24/15"
      },
      {
        "trust": 1.8,
        "url": "http://support.apple.com/kb/ht204941"
      },
      {
        "trust": 1.8,
        "url": "http://support.apple.com/kb/ht204942"
      },
      {
        "trust": 1.8,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185817"
      },
      {
        "trust": 1.8,
        "url": "https://github.com/vadz/libtiff/commit/3c5eb8b1be544e41d2c336191bc4936300ad7543"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8130"
      },
      {
        "trust": 1.3,
        "url": "https://security.gentoo.org/glsa/201701-16"
      },
      {
        "trust": 1.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1546.html"
      },
      {
        "trust": 1.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1547.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.securitytracker.com/id/1032760"
      },
      {
        "trust": 0.9,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8130"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9655"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/29124"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9330"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8127"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8129"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1547"
      },
      {
        "trust": 0.3,
        "url": "http://www.libtiff.org/"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024132"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024193"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3632"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8668"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8783"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7554"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8665"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8782"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8781"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8784"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8683"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8128"
      },
      {
        "trust": 0.2,
        "url": "http://www.ubuntu.com/usn/usn-2553-1"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-8129"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-9330"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-3991"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-8665"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-8683"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-3632"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-3945"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-8782"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3945"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-8127"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-8784"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-8781"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5320"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-9655"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-5320"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3990"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3991"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-8783"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-8130"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-1547"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-3990"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-7554"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-8668"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/369.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://security.archlinux.org/cve-2014-8130"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2553-1/"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39581"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/bugs/1439186"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/tiff/4.0.3-7ubuntu0.3"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2553-2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/tiff/3.9.5-2ubuntu1.8"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/tiff/4.0.3-10ubuntu0.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/tiff/3.9.2-2ubuntu0.16"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/tiff/3.9.2-2ubuntu0.15"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/tiff/4.0.3-7ubuntu0.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/tiff/3.9.5-2ubuntu1.7"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/tiff/4.0.3-10ubuntu0.1"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8127"
      },
      {
        "trust": 0.1,
        "url": "http://advisories.mageia.org/mgasa-2015-0112.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8129"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8128"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9655"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1547"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3625"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6223"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7313"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3990"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5319"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8127"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3619"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3634"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5321"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8783"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9655"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3633"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8782"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3632"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7554"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5875"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9318"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3622"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3631"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8784"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3624"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3623"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5314"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-8331"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3624"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4243"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1547"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5317"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3621"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3631"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9330"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9297"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3620"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9453"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3620"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9273"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8129"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8128"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5316"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5652"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3991"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3621"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8781"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3186"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3623"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9448"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5315"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3186"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3622"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5102"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3658"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5323"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8130"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5322"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3625"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8665"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5318"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3945"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3619"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3633"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8668"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5320"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8683"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7313"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9532"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4243"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-76075"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-8130"
      },
      {
        "db": "BID",
        "id": "72353"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008536"
      },
      {
        "db": "PACKETSTORM",
        "id": "131257"
      },
      {
        "db": "PACKETSTORM",
        "id": "138137"
      },
      {
        "db": "PACKETSTORM",
        "id": "131226"
      },
      {
        "db": "PACKETSTORM",
        "id": "131177"
      },
      {
        "db": "PACKETSTORM",
        "id": "140402"
      },
      {
        "db": "PACKETSTORM",
        "id": "138138"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-711"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8130"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-76075"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-8130"
      },
      {
        "db": "BID",
        "id": "72353"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008536"
      },
      {
        "db": "PACKETSTORM",
        "id": "131257"
      },
      {
        "db": "PACKETSTORM",
        "id": "138137"
      },
      {
        "db": "PACKETSTORM",
        "id": "131226"
      },
      {
        "db": "PACKETSTORM",
        "id": "131177"
      },
      {
        "db": "PACKETSTORM",
        "id": "140402"
      },
      {
        "db": "PACKETSTORM",
        "id": "138138"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-711"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8130"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-03-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-76075"
      },
      {
        "date": "2018-03-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-8130"
      },
      {
        "date": "2015-01-24T00:00:00",
        "db": "BID",
        "id": "72353"
      },
      {
        "date": "2018-04-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-008536"
      },
      {
        "date": "2015-04-02T00:39:26",
        "db": "PACKETSTORM",
        "id": "131257"
      },
      {
        "date": "2016-08-02T23:00:03",
        "db": "PACKETSTORM",
        "id": "138137"
      },
      {
        "date": "2015-04-01T00:37:57",
        "db": "PACKETSTORM",
        "id": "131226"
      },
      {
        "date": "2015-03-30T23:09:44",
        "db": "PACKETSTORM",
        "id": "131177"
      },
      {
        "date": "2017-01-09T19:12:35",
        "db": "PACKETSTORM",
        "id": "140402"
      },
      {
        "date": "2016-08-02T23:00:12",
        "db": "PACKETSTORM",
        "id": "138138"
      },
      {
        "date": "2015-01-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201501-711"
      },
      {
        "date": "2018-03-12T02:29:00.307000",
        "db": "NVD",
        "id": "CVE-2014-8130"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-04-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-76075"
      },
      {
        "date": "2018-04-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-8130"
      },
      {
        "date": "2016-09-28T01:01:00",
        "db": "BID",
        "id": "72353"
      },
      {
        "date": "2018-04-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-008536"
      },
      {
        "date": "2018-12-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201501-711"
      },
      {
        "date": "2018-04-05T21:07:22.410000",
        "db": "NVD",
        "id": "CVE-2014-8130"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "138137"
      },
      {
        "db": "PACKETSTORM",
        "id": "131226"
      },
      {
        "db": "PACKETSTORM",
        "id": "138138"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-711"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "LibTIFF Vulnerable to division by zero",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008536"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-711"
      }
    ],
    "trust": 0.6
  }
}

var-201103-0291
Vulnerability from variot

Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information. plural Apple Product LIBTIFF Is libtiff/tif_fax3.h. libTIFF is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. NOTE: This BID was previously titled 'Apple iTunes libTIFF CCITT Group 4 Encoded TIFF Image Buffer Overflow Vulnerability' but has been changed to better reflect the affected library. Note (March 30, 2011): This issue has not been patched as expected. Silicon Graphics LibTIFF is a library for reading and writing TIFF (Tagged Image File Format) files from Silicon Graphics in the United States. This library contains some command line tools for working with TIFF files. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1


Debian Security Advisory DSA-2210-2 security@debian.org http://www.debian.org/security/ Luciano Bello June 25, 2011 http://www.debian.org/security/faq


Package : tiff Vulnerability : several Problem type : local (remote) Debian-specific: no CVE ID : CVE-2011-0191 CVE-2011-0192 CVE-2011-1167 Debian Bug : 619614 630042

The recent tiff update DSA-2210-1 introduced a regression that could lead to encoding problems of tiff files. This issue affects the Debian 5.0 Lenny package only.

For the oldstable distribution (lenny), this problem has been fixed in version 3.8.2-11.5.

For the stable distribution (squeeze), this problem has been fixed in version 3.9.4-5+squeeze3.

For the testing distribution (wheezy), this problem has been fixed in version 3.9.5-1.

For the unstable distribution (sid), this problem has been fixed in version 3.9.5-1.

We recommend that you upgrade your tiff packages. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . =========================================================== Ubuntu Security Notice USN-1085-2 March 15, 2011 tiff regression https://launchpad.net/bugs/731540 ===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: libtiff4 3.7.4-1ubuntu3.10

Ubuntu 8.04 LTS: libtiff4 3.8.2-7ubuntu3.8

Ubuntu 9.10: libtiff4 3.8.2-13ubuntu0.5

Ubuntu 10.04 LTS: libtiff4 3.9.2-2ubuntu0.5

Ubuntu 10.10: libtiff4 3.9.4-2ubuntu0.2

After a standard system update you need to restart your session to make all the necessary changes.

Details follow:

USN-1085-1 fixed vulnerabilities in the system TIFF library. The upstream fixes were incomplete and created problems for certain CCITTFAX4 files.

We apologize for the inconvenience.

Original advisory details:

Sauli Pahlman discovered that the TIFF library incorrectly handled invalid td_stripbytecount fields. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS and 10.10. (CVE-2010-2482)

Sauli Pahlman discovered that the TIFF library incorrectly handled TIFF files with an invalid combination of SamplesPerPixel and Photometric values. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service. This issue only affected Ubuntu 10.10. (CVE-2010-2482)

Nicolae Ghimbovschi discovered that the TIFF library incorrectly handled invalid ReferenceBlackWhite values. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service. (CVE-2010-2595)

Sauli Pahlman discovered that the TIFF library incorrectly handled certain default fields. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service. (CVE-2010-2597, CVE-2010-2598)

It was discovered that the TIFF library incorrectly validated certain data types. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service. (CVE-2010-2630)

It was discovered that the TIFF library incorrectly handled downsampled JPEG data. This issue only affected Ubuntu 10.04 LTS and 10.10. (CVE-2010-3087)

It was discovered that the TIFF library incorrectly handled certain JPEG data. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS and 9.10. (CVE-2011-0191)

It was discovered that the TIFF library incorrectly handled certain TIFF FAX images. (CVE-2011-0191)

Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.10.diff.gz
  Size/MD5:    24707 92ee677a20237cfdb17b5dcbe024fc81
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.10.dsc
  Size/MD5:     1445 19186c480eda8ade1d4fd194a7e08bf6
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4.orig.tar.gz
  Size/MD5:  1280113 02cf5c3820bda83b35bb35b45ae27005

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.10_amd64.deb
  Size/MD5:   220784 7b8f336c5190b816fb92f498b30755c9
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.10_amd64.deb
  Size/MD5:   283278 2633a7f81897814f7bddb303f6952b34
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.10_amd64.deb
  Size/MD5:   488554 bd11ebd5ae319660ec0eff4f22b55268
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.10_amd64.deb
  Size/MD5:    45210 2d75169ed1d84f4907d505780123691d
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.10_amd64.deb
  Size/MD5:    50372 d606202ec431cee4d43658887b7c53f7

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.10_i386.deb
  Size/MD5:   206424 d346905ce628f3b5afdfe1a4b5e46ee8
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.10_i386.deb
  Size/MD5:   260146 f8a0af4bb2a87fab5833e8bea85b4179
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.10_i386.deb
  Size/MD5:   462812 81f1884d1f83fbc7cf670233e79e464b
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.10_i386.deb
  Size/MD5:    45144 047a98941044eb476ff601a50a94cb97
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.10_i386.deb
  Size/MD5:    49650 0298317461310597a873c28bbe6c9c2d

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.10_powerpc.deb
  Size/MD5:   240378 8f832fa2e7ca2122ea17b8440db407a3
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.10_powerpc.deb
  Size/MD5:   289250 7118c8a2b9ee67fb759d89631b80ec33
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.10_powerpc.deb
  Size/MD5:   477164 46d81e5cca275c4f9fa490bccf5e1b54
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.10_powerpc.deb
  Size/MD5:    47366 8f493b29a1c6af1ede1ae20bb340542e
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.10_powerpc.deb
  Size/MD5:    52018 9cbc82320c0fb9160a55d9e966935308

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.10_sparc.deb
  Size/MD5:   209294 1c075ff5d8fe054cfbe59767156f2b12
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.10_sparc.deb
  Size/MD5:   271226 083721bbf42b3a9c2ba0619725cdea1c
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.10_sparc.deb
  Size/MD5:   467842 244140481e39cbae1caeea1cbc7242fb
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.10_sparc.deb
  Size/MD5:    45072 0ecf1aa2519fd0f70a54e97299a9a2aa
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.10_sparc.deb
  Size/MD5:    50206 1fd3434ab16f251802c05e69b2ec4172

Updated packages for Ubuntu 8.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu3.8.diff.gz
  Size/MD5:    23098 1ee89aac13034400cc5f65bc82350576
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu3.8.dsc
  Size/MD5:     1534 db81aff18857a6a792e8e3d9f6419c25
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2.orig.tar.gz
  Size/MD5:  1333780 e6ec4ab957ef49d5aabc38b7a376910b

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.8_amd64.deb
  Size/MD5:   186052 117b7fef507321d3b40f31e82121d65c
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.8_amd64.deb
  Size/MD5:   583498 356ff0e0f3fa15764371a8d0ffbd2574
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.8_amd64.deb
  Size/MD5:   132044 f21e514b5f9ffa5e083d48e3ff2876be
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.8_amd64.deb
  Size/MD5:     5060 bd0be2af72fb9789ef27a5cf3445a960
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.8_amd64.deb
  Size/MD5:    10482 a49a0b07d12a18248a56d1c64322687b

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.8_i386.deb
  Size/MD5:   175314 d510325b149f2106114857e9cd1887a1
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.8_i386.deb
  Size/MD5:   552824 044e167a1106988f710d4b26cd480c13
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.8_i386.deb
  Size/MD5:   123468 8c41a5b4deb4daf59a27aa18bafc2a33
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.8_i386.deb
  Size/MD5:     5044 221fabdeb10a45b0e39b30fcd9876d57
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.8_i386.deb
  Size/MD5:     9934 139ed154385849ed4a76c21f14d1824c

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.8_lpia.deb
  Size/MD5:   177010 f861eceecd6f08085a7e66038b28d148
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.8_lpia.deb
  Size/MD5:   555294 27b3f40726cd5cf866dd80b5fb5f652d
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.8_lpia.deb
  Size/MD5:   124582 a101756bd948bc2d526bbb3793655c46
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.8_lpia.deb
  Size/MD5:     4916 0fde80306a67eb766b878040048003fa
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.8_lpia.deb
  Size/MD5:     9976 36fdc7a9337f4a5391a5d951624775df

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.8_powerpc.deb
  Size/MD5:   223488 04f35d447aa797b255c249719f467896
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.8_powerpc.deb
  Size/MD5:   577476 53e4f31126ecae60b54a2614c29a02ef
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.8_powerpc.deb
  Size/MD5:   135174 24d5e5f4e4903eae9ba2b4163eb0ab44
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.8_powerpc.deb
  Size/MD5:     7512 a361eb4c3985a90189342aced3932676
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.8_powerpc.deb
  Size/MD5:    13288 2f458ba98bbf136958d2a8cdc87a83ab

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.8_sparc.deb
  Size/MD5:   178860 d48dc98bba2aaaf1830ad3a9d69b99db
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.8_sparc.deb
  Size/MD5:   558838 c9ffd065811bf117f5c57dae82c4173b
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.8_sparc.deb
  Size/MD5:   123254 e11f44522f5cef8b3f4a8a633be5437d
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.8_sparc.deb
  Size/MD5:     4796 498f87c694b19560fe59ee3afb605af4
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.8_sparc.deb
  Size/MD5:    10700 5bb66a32a926f8fbd1a5b864a3d88cd7

Updated packages for Ubuntu 9.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-13ubuntu0.5.diff.gz
  Size/MD5:    43070 e8b35ecf046a7c3619e1d9929de8b830
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-13ubuntu0.5.dsc
  Size/MD5:     1978 d8a8180b56ba05c422d4b443afb1d44e
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2.orig.tar.gz
  Size/MD5:  1333780 e6ec4ab957ef49d5aabc38b7a376910b

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.8.2-13ubuntu0.5_all.deb
  Size/MD5:   348112 a84bc452f3a0eea39c87ac3ac744112c

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_amd64.deb
  Size/MD5:   191416 300ef146f5155ff8ccdf51e8a684ff34
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_amd64.deb
  Size/MD5:   252426 b78ec6fcac494ac67fb4b357632dace3
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_amd64.deb
  Size/MD5:   135940 d3f0cb6e3491b6d335e905ddb2139dfc
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_amd64.deb
  Size/MD5:     6332 b7da9edb5b42f9c08596a6b1966cb6e0
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_amd64.deb
  Size/MD5:    12004 3107c05e0644d55184c568fbd205c8d4

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_i386.deb
  Size/MD5:   176368 b2b0a5ed89fa9405dea1a1944bf4e606
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_i386.deb
  Size/MD5:   232588 71573f111b56ed24c2bb95e70cf24950
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_i386.deb
  Size/MD5:   125002 9127f1c5991d7bebf346d7996aa05549
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_i386.deb
  Size/MD5:     6446 8535ecbdf277f311afe69e053e7027eb
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_i386.deb
  Size/MD5:    11292 21192b1ec3a90204f70ac7e715f6ef94

armel architecture (ARM Architecture):

http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_armel.deb
  Size/MD5:   182752 27e8c1ba005bb913056725f27afed10b
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_armel.deb
  Size/MD5:   233860 7bb2dfcf30084a32cfda47150de12820
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_armel.deb
  Size/MD5:   124716 5bf3991de9df681e72aeb2b9cb0157e3
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_armel.deb
  Size/MD5:     5966 f7269719e2c4b9f44abb54ea640452b9
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_armel.deb
  Size/MD5:    11160 213b7115f391a62a039e86bd2aed21e3

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_lpia.deb
  Size/MD5:   177048 6f228aae0027ce228001ab1e03c1420f
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_lpia.deb
  Size/MD5:   234412 2be52c2f11d51dc60ebd6358921ed539
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_lpia.deb
  Size/MD5:   126608 5b98943322e5546def050c29f0137c51
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_lpia.deb
  Size/MD5:     6312 9dfcffd32f1aa8e42e6e5f94c8171333
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_lpia.deb
  Size/MD5:    11340 69f92d56438e597d2733cca9fe192e09

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_powerpc.deb
  Size/MD5:   191484 3af0b1c5f8e037c97831d2321c144069
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_powerpc.deb
  Size/MD5:   256554 94513c2b20ec5e2206d5b5476ac4b6e1
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_powerpc.deb
  Size/MD5:   137434 0dd8d58ca4136b26395ec9619352cbf4
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_powerpc.deb
  Size/MD5:     6724 752b5398be235d406db9b0070c8b4bcc
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_powerpc.deb
  Size/MD5:    12080 857d09fbe80934ec33149da04cf5b4fe

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_sparc.deb
  Size/MD5:   184288 a83a8a638af348c50d3bb64a2c0490e4
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_sparc.deb
  Size/MD5:   237164 9a5c6358c6c65dfc8e5154f79c5937a1
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_sparc.deb
  Size/MD5:   125062 2e70ed4b0b98f15d9b6d4d1aa2c223fe
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_sparc.deb
  Size/MD5:     6096 e374e39bdeb2b16f8944713dc6b59ec2
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_sparc.deb
  Size/MD5:    12036 3bd0ece44e01a49c32decff3d318bcc3

Updated packages for Ubuntu 10.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2-2ubuntu0.5.diff.gz
  Size/MD5:    20142 b939eddaecc09a223f750ddc9ec300a7
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2-2ubuntu0.5.dsc
  Size/MD5:     1974 0ab3539d8af96ca2ca23c1d74d79e8c6
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2.orig.tar.gz
  Size/MD5:  1419742 93e56e421679c591de7552db13384cb8

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.9.2-2ubuntu0.5_all.deb
  Size/MD5:   359126 ddf2cb68732e7fd96ea2078ce0ad4742

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.5_amd64.deb
  Size/MD5:   250490 975aec44c621ff1e524a7d0c344c461d
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.5_amd64.deb
  Size/MD5:   269922 24ffd793f4f4cab1c419281358f95b06
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.5_amd64.deb
  Size/MD5:   149244 8de4b36f57fd254339472d92d58df436
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.5_amd64.deb
  Size/MD5:     6384 dd647e2d96b24485c9a3d512568a33e8
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.5_amd64.deb
  Size/MD5:    12028 f312a06be417327ccaab3bc83fce43ee

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.5_i386.deb
  Size/MD5:   234120 b80a26f6acbf41fc2835dea7be97d332
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.5_i386.deb
  Size/MD5:   246962 2aced2d3476f07034714c32581451fca
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.5_i386.deb
  Size/MD5:   136750 9e662029ab9932f9bb5cf551c9a25c70
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.5_i386.deb
  Size/MD5:     6486 588d1bff01cbec45eefbfb25864b48c7
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.5_i386.deb
  Size/MD5:    11282 028b976bcc83292a2a436961a26cff1b

armel architecture (ARM Architecture):

http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.5_armel.deb
  Size/MD5:   237816 b1bb7396d24ca82d5a72012e7f5902df
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.5_armel.deb
  Size/MD5:   238800 82ec468a735c037f758424ee05ab0eda
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.5_armel.deb
  Size/MD5:   129636 b6277537fd8ca0a7258d156b8185fc6c
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.5_armel.deb
  Size/MD5:     5980 5ee322e0d78f7f440501872a91e78c98
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.5_armel.deb
  Size/MD5:    11300 c0120b282e1fa3c9922b9218a1d86271

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.5_powerpc.deb
  Size/MD5:   253514 208b8a67298bb8435b790579c2369258
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.5_powerpc.deb
  Size/MD5:   275256 4ccb314e621e464c06a709fbd7632384
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.5_powerpc.deb
  Size/MD5:   150724 4787f755ef29dd7198699c9456ca5fd0
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.5_powerpc.deb
  Size/MD5:     6770 759c330d4a755d3d217ca8afef8cb191
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.5_powerpc.deb
  Size/MD5:    12092 86dd9f88b6d3f4e3f7ee0c3f98ce4448

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.5_sparc.deb
  Size/MD5:   248776 0e081f6795686de636fdb537d0da0af3
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.5_sparc.deb
  Size/MD5:   257346 b1cb2500a7b1ada561852e12546279a4
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.5_sparc.deb
  Size/MD5:   143484 b24ccd56b9eee79c062d8a1e13e65326
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.5_sparc.deb
  Size/MD5:     6226 28e807e1ae69640a7e0a35ea79b8913a
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.5_sparc.deb
  Size/MD5:    11922 1acad867116630bb02cf53831f49fb91

Updated packages for Ubuntu 10.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.4-2ubuntu0.2.debian.tar.gz
  Size/MD5:    18124 6b91f60b7bc92c8f0710f4088c1f38f3
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.4-2ubuntu0.2.dsc
  Size/MD5:     1991 020c2a94b61792b09f6d01752f2c7f5d
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.4.orig.tar.gz
  Size/MD5:  1436968 2006c1bdd12644dbf02956955175afd6

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.9.4-2ubuntu0.2_all.deb
  Size/MD5:   342928 4d7df4c971ba92ab11d738820853fcc4

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.4-2ubuntu0.2_amd64.deb
  Size/MD5:   248246 dd83a166330ad6268952b8e49f075012
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.4-2ubuntu0.2_amd64.deb
  Size/MD5:   270788 73525f6754327725fd2e93fe1fc0e4fb
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.4-2ubuntu0.2_amd64.deb
  Size/MD5:   149490 2da1a59a5a933e822256d2b6d89454c6
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.4-2ubuntu0.2_amd64.deb
  Size/MD5:     6310 b566e3ac1e893179519b2596798ad492
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.4-2ubuntu0.2_amd64.deb
  Size/MD5:    11806 a523fb6ef9ac518e5869fdc9bd72d937

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.4-2ubuntu0.2_i386.deb
  Size/MD5:   230148 a676650de4cfea04a7bfd000de0da151
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.4-2ubuntu0.2_i386.deb
  Size/MD5:   247138 95194c2ea2ab0ca87e6b8867dae07385
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.4-2ubuntu0.2_i386.deb
  Size/MD5:   136668 f0931de0028f3538f92ef2547cde7bba
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.4-2ubuntu0.2_i386.deb
  Size/MD5:     6424 ad458d476aa6df65bfaec35f5cba9c0b
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.4-2ubuntu0.2_i386.deb
  Size/MD5:    11144 efd76c12cc9f9df3ba719e8f073a6bfa

armel architecture (ARM Architecture):

http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.4-2ubuntu0.2_armel.deb
  Size/MD5:   256880 6aedba603449a04715b504caac95ed22
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.4-2ubuntu0.2_armel.deb
  Size/MD5:   271424 0587dc26b90416181bb71f0ee0acbed3
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.4-2ubuntu0.2_armel.deb
  Size/MD5:   151800 0a97a3959787ce6e4d4a60db21f4bd19
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.4-2ubuntu0.2_armel.deb
  Size/MD5:     5844 6efde8a677921feabc6dd5156181d72a
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.4-2ubuntu0.2_armel.deb
  Size/MD5:    11228 9e354f5270bc717488682dfc4712e74a

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.4-2ubuntu0.2_powerpc.deb
  Size/MD5:   250366 6fa58ac5fb03e3b6866499f53cb3e79d
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.4-2ubuntu0.2_powerpc.deb
  Size/MD5:   275860 d4f92d8330e793d8056e4bc5c180fba9
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.4-2ubuntu0.2_powerpc.deb
  Size/MD5:   150712 c47116bbde1de23b39bd86ce6733e033
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.4-2ubuntu0.2_powerpc.deb
  Size/MD5:     6702 d9524527cbcbd6b38cb782d73adbdc3b
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.4-2ubuntu0.2_powerpc.deb
  Size/MD5:    11962 a31983d4e49adaa4fa0321c16105bae3

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

APPLE-SA-2011-10-12-1 iOS 5 Software Update

iOS 5 Software Update is now available and addresses the following:

CalDAV Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information from a CalDAV calendar server Description: CalDAV did not check that the SSL certificate presented by the server was trusted. CVE-ID CVE-2011-3253 : Leszek Tasiemski of nSense

Calendar Available for: iOS 4.2.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 4.2.0 through 4.3.5 for iPod touch (3rd generation) and later, iOS 4.2.0 through 4.3.5 for iPad Impact: Viewing a maliciously crafted calendar invitation may inject script in the local domain Description: A script injection issue existed in Calendar's handling of invitation notes. This issue is addressed through improved escaping of special characters in invitation notes. This issues does not affect devices prior to iOS 4.2.0. CVE-ID CVE-2011-3254 : Rick Deacon

CFNetwork Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: User's AppleID password may be logged to a local file Description: A user's AppleID password and username were logged to a file that was readable by applications on the system. This is resolved by no longer logging these credentials. CVE-ID CVE-2011-3255 : Peter Quade of qdevelop

CFNetwork Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in CFNetwork's handling of HTTP cookies. When accessing a maliciously crafted HTTP or HTTPS URL, CFNetwork could incorrectly send the cookies for a domain to a server outside that domain. CVE-ID CVE-2011-3246 : Erling Ellingsen of Facebook

CoreFoundation Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Viewing a maliciously crafted website or e-mail message may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in CoreFoundation's handling of string tokenization. CVE-ID CVE-2011-0259 : Apple

CoreGraphics Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Viewing a document containing a maliciously crafted font may lead to arbitrary code execution Description: Multiple memory corruption existed in freetype, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. CVE-ID CVE-2011-3256 : Apple

CoreMedia Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Visiting a maliciously crafted website may lead to the disclosure of video data from another site Description: A cross-origin issue existed in CoreMedia's handling of cross-site redirects. This issue is addressed through improved origin tracking. CVE-ID CVE-2011-0187 : Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR)

Data Access Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: An exchange mail cookie management issue could incorrectly cause data synchronization across different accounts Description: When multiple mail exchange accounts are configured which connect to the same server, a session could potentially receive a valid cookie corresponding to a different account. This issue is addressed by ensuring that cookies are separated across different accounts. CVE-ID CVE-2011-3257 : Bob Sielken of IBM

Data Security Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: Fraudulent certificates were issued by multiple certificate authorities operated by DigiNotar. This issue is addressed by removing DigiNotar from the list of trusted root certificates, from the list of Extended Validation (EV) certificate authorities, and by configuring default system trust settings so that DigiNotar's certificates, including those issued by other authorities, are not trusted.

Data Security Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Support for X.509 certificates with MD5 hashes may expose users to spoofing and information disclosure as attacks improve Description: Certificates signed using the MD5 hash algorithm were accepted by iOS. This algorithm has known cryptographic weaknesses. Further research or a misconfigured certificate authority could have allowed the creation of X.509 certificates with attacker controlled values that would have been trusted by the system. This would have exposed X.509 based protocols to spoofing, man in the middle attacks, and information disclosure. This update disables support for an X.509 certificate with an MD5 hash for any use other than as a trusted root certificate. CVE-ID CVE-2011-3427

Data Security Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: An attacker could decrypt part of a SSL connection Description: Only the SSLv3 and TLS 1.0 versions of SSL were supported. These versions are subject to a protocol weakness when using block ciphers. A man-in-the-middle attacker could have injected invalid data, causing the connection to close but revealing some information about the previous data. If the same connection was attempted repeatedly the attacker may eventually have been able to decrypt the data being sent, such as a password. This issue is addressed by adding support for TLS 1.2. CVE-ID CVE-2011-3389

Home screen Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Switching between applications may lead to the disclosure of sensitive application information Description: When switching between applications with the four- finger app switching gesture, the display could have revealed the previous application state. This issue is addressed by ensuring that the system properly calls the applicationWillResignActive: method when transitioning between applications. CVE-ID CVE-2011-3431 : Abe White of Hedonic Software Inc. CVE-ID CVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies

International Components for Unicode Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code execution Description: A buffer overflow issue existed in ICU's generation of collation keys for long strings of mostly uppercase letters. CVE-ID CVE-2011-0206 : David Bienvenu of Mozilla

Kernel Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: A remote attacker may cause a device reset Description: The kernel failed to promptly reclaim memory from incomplete TCP connections. An attacker with the ability to connect to a listening service on an iOS device could exhaust system resources. CVE-ID CVE-2011-3259 : Wouter van der Veer of Topicus I&I, and Josh Enders

Kernel Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: A local user may be able to cause a system reset Description: A null dereference issue existed in the handling of IPV6 socket options. CVE-ID CVE-2011-1132 : Thomas Clement of Intego

Keyboards Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: A user may be able to determine information about the last character of a password Description: The keyboard used to type the last character of a password was briefly displayed the next time the keyboard was used. CVE-ID CVE-2011-3245 : Paul Mousdicas

libxml Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A one-byte heap buffer overflow existed in libxml's handling of XML data. CVE-ID CVE-2011-0216 : Billy Rios of the Google Security Team

OfficeImport Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Viewing a maliciously crafted Word file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in OfficeImport's handling of Microsoft Word documents. CVE-ID CVE-2011-3260 : Tobias Klein working with Verisign iDefense Labs

OfficeImport Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Viewing a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution Description: A double free issue existed in OfficeImport's handling of Excel files. CVE-ID CVE-2011-3261 : Tobias Klein of www.trapkit.de

OfficeImport Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in OfficeImport's handling of Microsoft Office files. CVE-ID CVE-2011-0208 : Tobias Klein working with iDefense VCP

OfficeImport Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Downloading a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in OfficeImport's handling of Excel files. CVE-ID CVE-2011-0184 : Tobias Klein working with iDefense VCP

Safari Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Opening maliciously crafted files on certain websites may lead to a cross-site scripting attack Description: iOS did not support the 'attachment' value for the HTTP Content-Disposition header. This header is used by many websites to serve files that were uploaded to the site by a third-party, such as attachments in web-based e-mail applications. Any script in files served with this header value would run as if the file had been served inline, with full access to other resources on the origin server. This issue is addressed by loading attachments in an isolated security origin with no access to resources on other sites. CVE-ID CVE-2011-3426 : Christian Matthies working with iDefense VCP, Yoshinori Oota from Business Architects Inc working with JP/CERT

Settings Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: An attacker with physical access to a device may be able to recover the restrictions passcode Description: The parental restrictions functionality enforces UI restrictions. Configuring parental restrictions is protected by a passcode, which was previously stored in plaintext on disk. This issue is addressed by securely storing the parental restrictions passcode in the system keychain. CVE-ID CVE-2011-3429 : an anonymous reporter

Settings Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Misleading UI Description: Configurations and settings applied via configuration profiles did not appear to function properly under any non-English language. Settings could be improperly displayed as a result. This issue is addressed by fixing a localization error. CVE-ID CVE-2011-3430 : Florian Kreitmaier of Siemens CERT

UIKit Alerts Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Visiting a malicious website may cause an unexpected device hang Description: An excessive maximum text layout length permitted malicious websites to cause iOS to hang when drawing acceptance dialogs for very long tel: URIs. This issue is addressed by using a more reasonable maximum URI size. CVE-ID CVE-2011-3432 : Simon Young of Anglia Ruskin University

WebKit Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. CVE-ID CVE-2011-0218 : SkyLined of Google Chrome Security Team CVE-2011-0221 : Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-0222 : Nikita Tarakanov and Alex Bazhanyuk of the CISS Research Team, and Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-0225 : Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-0232 : J23 working with TippingPoint's Zero Day Initiative CVE-2011-0233 : wushi of team509 working with TippingPoint's Zero Day Initiative CVE-2011-0234 : Rob King working with TippingPoint's Zero Day Initiative, wushi of team509 working with TippingPoint's Zero Day Initiative CVE-2011-0235 : Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-0238 : Adam Barth of Google Chrome Security Team CVE-2011-0254 : An anonymous researcher working with TippingPoint's Zero Day Initiative CVE-2011-0255 : An anonymous reporter working with TippingPoint's Zero Day Initiative CVE-2011-0981 : Rik Cabanier of Adobe Systems, Inc CVE-2011-0983 : Martin Barbella CVE-2011-1109 : Sergey Glazunov CVE-2011-1114 : Martin Barbella CVE-2011-1115 : Martin Barbella CVE-2011-1117 : wushi of team509 CVE-2011-1121 : miaubiz CVE-2011-1188 : Martin Barbella CVE-2011-1203 : Sergey Glazunov CVE-2011-1204 : Sergey Glazunov CVE-2011-1288 : Andreas Kling of Nokia CVE-2011-1293 : Sergey Glazunov CVE-2011-1296 : Sergey Glazunov CVE-2011-1449 : Marek Majkowski CVE-2011-1451 : Sergey Glazunov CVE-2011-1453 : wushi of team509 working with TippingPoint's Zero Day Initiative CVE-2011-1457 : John Knottenbelt of Google CVE-2011-1462 : wushi of team509 CVE-2011-1797 : wushi of team509 CVE-2011-2338 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2339 : Cris Neckar of the Google Chrome Security Team CVE-2011-2341 : Apple CVE-2011-2351 : miaubiz CVE-2011-2352 : Apple CVE-2011-2354 : Apple CVE-2011-2356 : Adam Barth and Abhishek Arya of Google Chrome Security Team using AddressSanitizer CVE-2011-2359 : miaubiz CVE-2011-2788 : Mikolaj Malecki of Samsung CVE-2011-2790 : miaubiz CVE-2011-2792 : miaubiz CVE-2011-2797 : miaubiz CVE-2011-2799 : miaubiz CVE-2011-2809 : Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-2813 : Cris Neckar of Google Chrome Security Team using AddressSanitizer CVE-2011-2814 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2816 : Apple CVE-2011-2817 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2818 : Martin Barbella CVE-2011-2820 : Raman Tenneti and Philip Rogers of Google CVE-2011-2823 : SkyLined of Google Chrome Security Team CVE-2011-2827 : miaubiz CVE-2011-2831 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-3232 : Aki Helin of OUSPG CVE-2011-3234 : miaubiz CVE-2011-3235 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the Chromium development community, and Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-3236 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-3237 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the Chromium development community, and Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-3244 : vkouchna

WebKit Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-origin issue existed in the handling of URLs with an embedded username. This issue is addressed through improved handling of URLs with an embedded username. CVE-ID CVE-2011-0242 : Jobert Abma of Online24

WebKit Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-origin issue existed in the handling of DOM nodes. CVE-ID CVE-2011-1295 : Sergey Glazunov

WebKit Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: A maliciously crafted website may be able to cause a different URL to be shown in the address bar Description: A URL spoofing issue existed in the handling of the DOM history object. CVE-ID CVE-2011-1107 : Jordi Chancel

WebKit Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A configuration issue existed in WebKit's use of libxslt. Visiting a maliciously crafted website may lead to arbitrary files being created with the privileges of the user, which may lead to arbitrary code execution. This issue is addressed through improved libxslt security settings. CVE-ID CVE-2011-1774 : Nicolas Gregoire of Agarri

WebKit Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Visiting a malicious website and dragging content in the page may lead to an information disclosure Description: A cross-origin issue existed in WebKit's handling of HTML5 drag and drop. This issue is addressed by disallowing drag and drop across different origins. CVE-ID CVE-2011-0166 : Michal Zalewski of Google Inc.

WebKit Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Visiting a maliciously crafted website may lead to an information disclosure Description: A cross-origin issue existed in the handling of Web Workers. CVE-ID CVE-2011-1190 : Daniel Divricean of divricean.ro

WebKit Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-origin issue existed in the handling of the window.open method. CVE-ID CVE-2011-2805 : Sergey Glazunov

WebKit Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-origin issue existed in the handling of inactive DOM windows. CVE-ID CVE-2011-3243 : Sergey Glazunov

WebKit Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-origin issue existed in the handling of the document.documentURI property. CVE-ID CVE-2011-2819 : Sergey Glazunov

WebKit Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: A maliciously crafted website may be able to track the URLs that a user visits within a frame Description: A cross-origin issue existed in the handling of the beforeload event. CVE-ID CVE-2011-2800 : Juho Nurminen

WiFi Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: WiFi credentials may be logged to a local file Description: WiFi credentials including the passphrase and encryption keys were logged to a file that was readable by applications on the system. This is resolved by no longer logging these credentials. CVE-ID CVE-2011-3434 : Laurent OUDOT of TEHTRI Security

Installation note:

This update is only available through iTunes, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/

iTunes will automatically check Apple's update server on its weekly schedule. When an update is detected, it will download it. When the iPhone, iPod touch or iPad is docked, iTunes will present the user with the option to install the update. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iPhone, iPod touch, or iPad.

The automatic update process may take up to a week depending on the day that iTunes checks for updates. You may manually obtain the update via the Check for Updates button within iTunes. After doing this, the update can be applied when your iPhone, iPod touch, or iPad is docked to your computer.

To check that the iPhone, iPod touch, or iPad has been updated:

  • Navigate to Settings
  • Select General
  • Select About. The version after applying this update will be "5 (9A334)".

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin)

iQEcBAEBAgAGBQJOldmtAAoJEGnF2JsdZQee/qMIAIPxmIiOqj+FMLFHZtPeC/Dp 3s4JliKOOgNnjXkxErfaNvYGmeVbDaUER5jdVrWccTauzlYmy8G4uK0An2GD2YiP gB5AiCQXpONdBCi38QNdRqrYoYjc8Sa0nUp4r5uWPoiHoj5KfxvBpgygEL+zjHXS fmnrONOCWhOYp0w4q6mdTg5BH2uJCbXscD/JjbmgHQI0Vs/iUZKSRyqFo2b0Mvze NiSyzcj/4l62Cxx7xM9VbdrYL7Al2yyHfNYJQsZmoeDUlJQcdgEgEMXvOuhY3sFK maxYr2oCp6Mtf53fplAeJIV4ijLynEWAKxTuTznAyW1k7oiGrDTfORSFKPEB9MQ= =LCQZ -----END PGP SIGNATURE-----

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201103-0291",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "9.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "9.2.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "9.0.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "9.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "10.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.1.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "9.0.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "8.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "7.3.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "7.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "7.3.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "4.7.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "6.0.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "4.5"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "8.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "4.6"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "6.0.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "6.0.5"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "4.7"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "apple",
        "version": "10"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "apple",
        "version": "4.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "8.0.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.7.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "6.0.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.7.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.4.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.1.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "8.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "8.1.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "6.0.4.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.5"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.7.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.6.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.4.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.7"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.2.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.6.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "9.0.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.6.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.6"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "8.0.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.3.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.0.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.9.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.0.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.8.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.5.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.1.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.4.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.6.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "6.0.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.4.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "5.0.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.7.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "8.2.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.2.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.5.0"
      },
      {
        "model": "itunes",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.1.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5.8"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5.8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "3.0 to  4.2.1 (iphone 3gs after )"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "3.1 to  4.2.1 (ipod touch (3rd generation) after )"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "3.2 to  4.2.1 (ipad for )"
      },
      {
        "model": "ipad",
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "iphone",
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "ipod touch",
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "5"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4.8 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4.8 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "5 (server)"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "5.0 (client)"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "6"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "6"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "6"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "6"
      },
      {
        "model": "rhel desktop workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "5 (client)"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.1.2"
      },
      {
        "model": "in motion blackberry enterprise server for exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "5.0.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.7"
      },
      {
        "model": "in motion blackberry enterprise server for novell groupwise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.1"
      },
      {
        "model": "in motion blackberry enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.0.3"
      },
      {
        "model": "linux enterprise sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.6"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "in motion blackberry enterprise server express for exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "5.0.0"
      },
      {
        "model": "in motion blackberry enterprise server for exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.0"
      },
      {
        "model": "ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "in motion blackberry enterprise server for domino",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "5.0.1"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1.1"
      },
      {
        "model": "in motion blackberry enterprise server express for exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.1.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.4"
      },
      {
        "model": "opencall multiservice controller sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.0"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.5.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "in motion blackberry enterprise server for domino sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.1"
      },
      {
        "model": "beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "4.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "in motion blackberry enterprise server for exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "5.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.10"
      },
      {
        "model": "hat enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.5"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.7.4"
      },
      {
        "model": "in motion blackberry enterprise server for domino",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "5.0"
      },
      {
        "model": "itunes",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.6.0"
      },
      {
        "model": "aura system platform sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.2"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.2"
      },
      {
        "model": "in motion blackberry enterprise server express for exchange mr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "5.0.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "linux enterprise sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "in motion blackberry enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.1.6"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.6"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.1"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.7.2-7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.4"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.10"
      },
      {
        "model": "in motion blackberry enterprise server for novell groupwise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "5.0.1"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.9.2-5.2.1"
      },
      {
        "model": "beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.5.6"
      },
      {
        "model": "in motion blackberry enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.1.5"
      },
      {
        "model": "beta36",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.4"
      },
      {
        "model": "clientless vpn gateway series sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "44004.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.3"
      },
      {
        "model": "beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.7.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.7.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.7"
      },
      {
        "model": "in motion blackberry enterprise server for domino",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.1.4"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.5"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.72"
      },
      {
        "model": "alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "4.0"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.0"
      },
      {
        "model": "in motion blackberry enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.1.3"
      },
      {
        "model": "hat enterprise linux desktop optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.2"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.9"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2009.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.7.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.9.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.6"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "linux armel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.2.20"
      },
      {
        "model": "in motion blackberry enterprise server for exchange sp3 hotfix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.03"
      },
      {
        "model": "safari for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.4"
      },
      {
        "model": "in motion blackberry enterprise server for exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.1.7"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "12.2"
      },
      {
        "model": "hat enterprise linux server optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "in motion blackberry enterprise server for domino",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.1.7"
      },
      {
        "model": "clientless vpn gateway series sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "44004.0"
      },
      {
        "model": "beta28",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.4"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "in motion blackberry enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "2.0.0.65"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.2"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pardus",
        "version": "20110"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "model": "beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.6.0"
      },
      {
        "model": "alpha4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.5.7"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "in motion blackberry enterprise server for novell groupwise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.1.4"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "beta6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "4.0"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "networks contivity secure ip services gateway sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "46004.0"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.7.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11.4"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.5.7"
      },
      {
        "model": "messaging storage server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.5"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.5.4"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "12.1"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "linux enterprise sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.6.0"
      },
      {
        "model": "in motion blackberry enterprise server for exchange mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "5.0.3"
      },
      {
        "model": "enterprise linux desktop version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.4"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.9.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "mobile safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "alpha3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.5.7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.5.2"
      },
      {
        "model": "in motion blackberry enterprise server for exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.1.3"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "in motion blackberry enterprise server for novell groupwise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.1.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.5"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "in motion blackberry enterprise server for domino mr3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "5.0.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.5"
      },
      {
        "model": "in motion blackberry enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "0"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.5.3"
      },
      {
        "model": "in motion blackberry enterprise server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.0"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.8.2"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.3"
      },
      {
        "model": "in motion blackberry enterprise server express for domino",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "5.0.3"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.7.1"
      },
      {
        "model": "tv",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "aura system manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.2"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.3"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "messaging storage server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "opencall multiservice controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "enterprise server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "tv",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.5"
      },
      {
        "model": "opencall multiservice controller sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.0"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.3"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.6"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.1.8"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.5.1"
      },
      {
        "model": "networks contivity secure ip services gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "46004.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "in motion blackberry enterprise server for exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "in motion blackberry enterprise server for exchange sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "5.0"
      },
      {
        "model": "in motion blackberry enterprise server mr5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.1.6"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "beta35",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.5"
      },
      {
        "model": "in motion blackberry enterprise server express for exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "5.0.3"
      },
      {
        "model": "hat enterprise linux desktop client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "in motion blackberry enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "beta24",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.4"
      },
      {
        "model": "esignal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "esignal",
        "version": "6.0.2"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.9.3"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.0"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "in motion blackberry enterprise server for novell groupwise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.1.3"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2009.0"
      },
      {
        "model": "hat enterprise linux hpc node optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.2"
      },
      {
        "model": "in motion blackberry enterprise server express for domino",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.1.4"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "in motion blackberry enterprise server express for domino",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "5.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.3"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.10"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.5.7"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "beta31",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.4"
      },
      {
        "model": "networks contivity secure ip services gateway sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "46004.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "in motion blackberry enterprise server for novell groupwise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "5.0.0"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53001.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.10"
      },
      {
        "model": "in motion blackberry enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.1"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.2.1"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1"
      },
      {
        "model": "clientless vpn gateway series sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "44004.0"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "linux lts lpia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.10"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "beta18",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.4"
      },
      {
        "model": "beta34",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.4"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.4"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.3"
      },
      {
        "model": "beta29",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.4"
      },
      {
        "model": "in motion blackberry enterprise server for exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "5.0.3"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0"
      },
      {
        "model": "messaging storage server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "in motion blackberry enterprise server for domino mr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "5.0.2"
      },
      {
        "model": "in motion blackberry enterprise server express for exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "5.0.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.8"
      },
      {
        "model": "beta32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.4"
      },
      {
        "model": "in motion blackberry enterprise server for domino",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "5.0.3"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.4"
      },
      {
        "model": "hat enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.5.7"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11.3"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1.2"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "safari",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.8"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "12.0"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "in motion blackberry enterprise server for novell groupwise sp3 hotfix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.01"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.2"
      },
      {
        "model": "in motion blackberry enterprise server for domino",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.0"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.9.1"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "hat enterprise linux workstation optional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.4"
      },
      {
        "model": "in motion blackberry enterprise server for exchange mr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "5.0.2"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "11.0"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.9.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.1"
      },
      {
        "model": "ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.8"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "4.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.8"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "alpha2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.5.7"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "in motion blackberry enterprise server for exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.1.4"
      },
      {
        "model": "in motion blackberry enterprise server for exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "5.0.2"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "aura system platform sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "hat enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5"
      },
      {
        "model": "linux lpia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.10"
      },
      {
        "model": "in motion blackberry enterprise server express for exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "5.0.1"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.7.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "in motion blackberry enterprise server mr4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.1.6"
      },
      {
        "model": "in motion blackberry enterprise server for domino",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "5.0.2"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.6.1"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.9"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.5.6"
      },
      {
        "model": "beta5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "4.0"
      },
      {
        "model": "hat enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "enterprise linux desktop workstation client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "ios beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.2"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.8.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "in motion blackberry enterprise server express for domino",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "5.0.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.7"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.8"
      },
      {
        "model": "beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "4.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "in motion blackberry enterprise server express for domino mr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "5.0.2"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.1"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "4.0"
      },
      {
        "model": "in motion blackberry enterprise server for domino sp3 hotfix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.04"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "in motion blackberry enterprise server for novell groupwise mr3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "5.0.1"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0.1"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.3"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "hat enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "6"
      },
      {
        "model": "in motion blackberry enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "research",
        "version": "4.1.4"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "beta4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "4.0"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "beta37",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.4"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "networks contivity secure ip services gateway sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "46004.0"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.10"
      },
      {
        "model": "mac os server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.7"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "46658"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001352"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201103-112"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-0192"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:4.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:4.7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:6.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:6.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.6.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.6.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:8.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:8.1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:9.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:9.2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:4.2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:4.7.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:4.7.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:6.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:6.0.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.4.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.4.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:8.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:8.2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:10.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:10.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:10.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:4.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:4.5.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:4.8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:4.9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:6.0.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:6.0.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.4.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.5.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.7.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:8.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:9.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:9.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:10.1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.1.2",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:4.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:4.6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:5.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:5.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:5.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:6.0.4.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.3.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.3.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:7.6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:8.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:8.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:9.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:9.0.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-0192"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "BID",
        "id": "46658"
      },
      {
        "db": "PACKETSTORM",
        "id": "105737"
      },
      {
        "db": "PACKETSTORM",
        "id": "105736"
      }
    ],
    "trust": 0.5
  },
  "cve": "CVE-2011-0192",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2011-0192",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-48137",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2011-0192",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201103-112",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-48137",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-48137"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001352"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201103-112"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-0192"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h.  NOTE: some of these details are obtained from third party information. plural Apple Product LIBTIFF Is libtiff/tif_fax3.h. libTIFF is prone to a buffer-overflow  vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. \nAn attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. \nNOTE: This BID was previously titled \u0027Apple iTunes libTIFF CCITT Group 4 Encoded TIFF Image Buffer Overflow Vulnerability\u0027 but has been changed to better reflect the affected library. \nNote (March 30, 2011): This issue has not been patched as expected. Silicon Graphics LibTIFF is a library for reading and writing TIFF (Tagged Image File Format) files from Silicon Graphics in the United States. This library contains some command line tools for working with TIFF files. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2210-2                   security@debian.org\nhttp://www.debian.org/security/                             Luciano Bello\nJune 25, 2011                          http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : tiff\nVulnerability  : several\nProblem type   : local (remote)\nDebian-specific: no\nCVE ID         : CVE-2011-0191 CVE-2011-0192 CVE-2011-1167\nDebian Bug     : 619614 630042\n\nThe recent tiff update DSA-2210-1 introduced a regression that could\nlead to encoding problems of tiff files. \n  This issue affects the Debian 5.0 Lenny package only. \n\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 3.8.2-11.5. \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.9.4-5+squeeze3. \n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 3.9.5-1. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.9.5-1. \n\nWe recommend that you upgrade your tiff packages. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. ===========================================================\nUbuntu Security Notice USN-1085-2            March 15, 2011\ntiff regression\nhttps://launchpad.net/bugs/731540\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 8.04 LTS\nUbuntu 9.10\nUbuntu 10.04 LTS\nUbuntu 10.10\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n  libtiff4                        3.7.4-1ubuntu3.10\n\nUbuntu 8.04 LTS:\n  libtiff4                        3.8.2-7ubuntu3.8\n\nUbuntu 9.10:\n  libtiff4                        3.8.2-13ubuntu0.5\n\nUbuntu 10.04 LTS:\n  libtiff4                        3.9.2-2ubuntu0.5\n\nUbuntu 10.10:\n  libtiff4                        3.9.4-2ubuntu0.2\n\nAfter a standard system update you need to restart your session to make\nall the necessary changes. \n\nDetails follow:\n\nUSN-1085-1 fixed vulnerabilities in the system TIFF library. The upstream\nfixes were incomplete and created problems for certain CCITTFAX4 files. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\n Sauli Pahlman discovered that the TIFF library incorrectly handled invalid\n td_stripbytecount fields. If a user or automated system were tricked into\n opening a specially crafted TIFF image, a remote attacker could crash the\n application, leading to a denial of service. This issue only affected\n Ubuntu 10.04 LTS and 10.10. (CVE-2010-2482)\n \n Sauli Pahlman discovered that the TIFF library incorrectly handled TIFF\n files with an invalid combination of SamplesPerPixel and Photometric\n values. If a user or automated system were tricked into opening a specially\n crafted TIFF image, a remote attacker could crash the application, leading\n to a denial of service. This issue only affected Ubuntu 10.10. \n (CVE-2010-2482)\n \n Nicolae Ghimbovschi discovered that the TIFF library incorrectly handled\n invalid ReferenceBlackWhite values. If a user or automated system were\n tricked into opening a specially crafted TIFF image, a remote attacker\n could crash the application, leading to a denial of service. \n (CVE-2010-2595)\n \n Sauli Pahlman discovered that the TIFF library incorrectly handled certain\n default fields. If a user or automated system were tricked into opening a\n specially crafted TIFF image, a remote attacker could crash the\n application, leading to a denial of service. (CVE-2010-2597, CVE-2010-2598)\n \n It was discovered that the TIFF library incorrectly validated certain\n data types. If a user or automated system were tricked into opening a\n specially crafted TIFF image, a remote attacker could crash the\n application, leading to a denial of service. (CVE-2010-2630)\n \n It was discovered that the TIFF library incorrectly handled downsampled\n JPEG data. This issue only affected Ubuntu 10.04 LTS and 10.10. \n (CVE-2010-3087)\n \n It was discovered that the TIFF library incorrectly handled certain JPEG\n data. \n This issue only affected Ubuntu 6.06 LTS, 8.04 LTS and 9.10. \n (CVE-2011-0191)\n \n It was discovered that the TIFF library incorrectly handled certain TIFF\n FAX images. (CVE-2011-0191)\n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n  Source archives:\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.10.diff.gz\n      Size/MD5:    24707 92ee677a20237cfdb17b5dcbe024fc81\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.10.dsc\n      Size/MD5:     1445 19186c480eda8ade1d4fd194a7e08bf6\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4.orig.tar.gz\n      Size/MD5:  1280113 02cf5c3820bda83b35bb35b45ae27005\n\n  amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.10_amd64.deb\n      Size/MD5:   220784 7b8f336c5190b816fb92f498b30755c9\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.10_amd64.deb\n      Size/MD5:   283278 2633a7f81897814f7bddb303f6952b34\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.10_amd64.deb\n      Size/MD5:   488554 bd11ebd5ae319660ec0eff4f22b55268\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.10_amd64.deb\n      Size/MD5:    45210 2d75169ed1d84f4907d505780123691d\n    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.10_amd64.deb\n      Size/MD5:    50372 d606202ec431cee4d43658887b7c53f7\n\n  i386 architecture (x86 compatible Intel/AMD):\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.10_i386.deb\n      Size/MD5:   206424 d346905ce628f3b5afdfe1a4b5e46ee8\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.10_i386.deb\n      Size/MD5:   260146 f8a0af4bb2a87fab5833e8bea85b4179\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.10_i386.deb\n      Size/MD5:   462812 81f1884d1f83fbc7cf670233e79e464b\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.10_i386.deb\n      Size/MD5:    45144 047a98941044eb476ff601a50a94cb97\n    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.10_i386.deb\n      Size/MD5:    49650 0298317461310597a873c28bbe6c9c2d\n\n  powerpc architecture (Apple Macintosh G3/G4/G5):\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.10_powerpc.deb\n      Size/MD5:   240378 8f832fa2e7ca2122ea17b8440db407a3\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.10_powerpc.deb\n      Size/MD5:   289250 7118c8a2b9ee67fb759d89631b80ec33\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.10_powerpc.deb\n      Size/MD5:   477164 46d81e5cca275c4f9fa490bccf5e1b54\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.10_powerpc.deb\n      Size/MD5:    47366 8f493b29a1c6af1ede1ae20bb340542e\n    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.10_powerpc.deb\n      Size/MD5:    52018 9cbc82320c0fb9160a55d9e966935308\n\n  sparc architecture (Sun SPARC/UltraSPARC):\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.10_sparc.deb\n      Size/MD5:   209294 1c075ff5d8fe054cfbe59767156f2b12\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.10_sparc.deb\n      Size/MD5:   271226 083721bbf42b3a9c2ba0619725cdea1c\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.10_sparc.deb\n      Size/MD5:   467842 244140481e39cbae1caeea1cbc7242fb\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.10_sparc.deb\n      Size/MD5:    45072 0ecf1aa2519fd0f70a54e97299a9a2aa\n    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.10_sparc.deb\n      Size/MD5:    50206 1fd3434ab16f251802c05e69b2ec4172\n\nUpdated packages for Ubuntu 8.04 LTS:\n\n  Source archives:\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu3.8.diff.gz\n      Size/MD5:    23098 1ee89aac13034400cc5f65bc82350576\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu3.8.dsc\n      Size/MD5:     1534 db81aff18857a6a792e8e3d9f6419c25\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2.orig.tar.gz\n      Size/MD5:  1333780 e6ec4ab957ef49d5aabc38b7a376910b\n\n  amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.8_amd64.deb\n      Size/MD5:   186052 117b7fef507321d3b40f31e82121d65c\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.8_amd64.deb\n      Size/MD5:   583498 356ff0e0f3fa15764371a8d0ffbd2574\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.8_amd64.deb\n      Size/MD5:   132044 f21e514b5f9ffa5e083d48e3ff2876be\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.8_amd64.deb\n      Size/MD5:     5060 bd0be2af72fb9789ef27a5cf3445a960\n    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.8_amd64.deb\n      Size/MD5:    10482 a49a0b07d12a18248a56d1c64322687b\n\n  i386 architecture (x86 compatible Intel/AMD):\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.8_i386.deb\n      Size/MD5:   175314 d510325b149f2106114857e9cd1887a1\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.8_i386.deb\n      Size/MD5:   552824 044e167a1106988f710d4b26cd480c13\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.8_i386.deb\n      Size/MD5:   123468 8c41a5b4deb4daf59a27aa18bafc2a33\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.8_i386.deb\n      Size/MD5:     5044 221fabdeb10a45b0e39b30fcd9876d57\n    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.8_i386.deb\n      Size/MD5:     9934 139ed154385849ed4a76c21f14d1824c\n\n  lpia architecture (Low Power Intel Architecture):\n\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.8_lpia.deb\n      Size/MD5:   177010 f861eceecd6f08085a7e66038b28d148\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.8_lpia.deb\n      Size/MD5:   555294 27b3f40726cd5cf866dd80b5fb5f652d\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.8_lpia.deb\n      Size/MD5:   124582 a101756bd948bc2d526bbb3793655c46\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.8_lpia.deb\n      Size/MD5:     4916 0fde80306a67eb766b878040048003fa\n    http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.8_lpia.deb\n      Size/MD5:     9976 36fdc7a9337f4a5391a5d951624775df\n\n  powerpc architecture (Apple Macintosh G3/G4/G5):\n\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.8_powerpc.deb\n      Size/MD5:   223488 04f35d447aa797b255c249719f467896\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.8_powerpc.deb\n      Size/MD5:   577476 53e4f31126ecae60b54a2614c29a02ef\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.8_powerpc.deb\n      Size/MD5:   135174 24d5e5f4e4903eae9ba2b4163eb0ab44\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.8_powerpc.deb\n      Size/MD5:     7512 a361eb4c3985a90189342aced3932676\n    http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.8_powerpc.deb\n      Size/MD5:    13288 2f458ba98bbf136958d2a8cdc87a83ab\n\n  sparc architecture (Sun SPARC/UltraSPARC):\n\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.8_sparc.deb\n      Size/MD5:   178860 d48dc98bba2aaaf1830ad3a9d69b99db\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.8_sparc.deb\n      Size/MD5:   558838 c9ffd065811bf117f5c57dae82c4173b\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.8_sparc.deb\n      Size/MD5:   123254 e11f44522f5cef8b3f4a8a633be5437d\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.8_sparc.deb\n      Size/MD5:     4796 498f87c694b19560fe59ee3afb605af4\n    http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.8_sparc.deb\n      Size/MD5:    10700 5bb66a32a926f8fbd1a5b864a3d88cd7\n\nUpdated packages for Ubuntu 9.10:\n\n  Source archives:\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-13ubuntu0.5.diff.gz\n      Size/MD5:    43070 e8b35ecf046a7c3619e1d9929de8b830\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-13ubuntu0.5.dsc\n      Size/MD5:     1978 d8a8180b56ba05c422d4b443afb1d44e\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2.orig.tar.gz\n      Size/MD5:  1333780 e6ec4ab957ef49d5aabc38b7a376910b\n\n  Architecture independent packages:\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.8.2-13ubuntu0.5_all.deb\n      Size/MD5:   348112 a84bc452f3a0eea39c87ac3ac744112c\n\n  amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_amd64.deb\n      Size/MD5:   191416 300ef146f5155ff8ccdf51e8a684ff34\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_amd64.deb\n      Size/MD5:   252426 b78ec6fcac494ac67fb4b357632dace3\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_amd64.deb\n      Size/MD5:   135940 d3f0cb6e3491b6d335e905ddb2139dfc\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_amd64.deb\n      Size/MD5:     6332 b7da9edb5b42f9c08596a6b1966cb6e0\n    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_amd64.deb\n      Size/MD5:    12004 3107c05e0644d55184c568fbd205c8d4\n\n  i386 architecture (x86 compatible Intel/AMD):\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_i386.deb\n      Size/MD5:   176368 b2b0a5ed89fa9405dea1a1944bf4e606\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_i386.deb\n      Size/MD5:   232588 71573f111b56ed24c2bb95e70cf24950\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_i386.deb\n      Size/MD5:   125002 9127f1c5991d7bebf346d7996aa05549\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_i386.deb\n      Size/MD5:     6446 8535ecbdf277f311afe69e053e7027eb\n    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_i386.deb\n      Size/MD5:    11292 21192b1ec3a90204f70ac7e715f6ef94\n\n  armel architecture (ARM Architecture):\n\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_armel.deb\n      Size/MD5:   182752 27e8c1ba005bb913056725f27afed10b\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_armel.deb\n      Size/MD5:   233860 7bb2dfcf30084a32cfda47150de12820\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_armel.deb\n      Size/MD5:   124716 5bf3991de9df681e72aeb2b9cb0157e3\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_armel.deb\n      Size/MD5:     5966 f7269719e2c4b9f44abb54ea640452b9\n    http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_armel.deb\n      Size/MD5:    11160 213b7115f391a62a039e86bd2aed21e3\n\n  lpia architecture (Low Power Intel Architecture):\n\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_lpia.deb\n      Size/MD5:   177048 6f228aae0027ce228001ab1e03c1420f\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_lpia.deb\n      Size/MD5:   234412 2be52c2f11d51dc60ebd6358921ed539\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_lpia.deb\n      Size/MD5:   126608 5b98943322e5546def050c29f0137c51\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_lpia.deb\n      Size/MD5:     6312 9dfcffd32f1aa8e42e6e5f94c8171333\n    http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_lpia.deb\n      Size/MD5:    11340 69f92d56438e597d2733cca9fe192e09\n\n  powerpc architecture (Apple Macintosh G3/G4/G5):\n\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_powerpc.deb\n      Size/MD5:   191484 3af0b1c5f8e037c97831d2321c144069\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_powerpc.deb\n      Size/MD5:   256554 94513c2b20ec5e2206d5b5476ac4b6e1\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_powerpc.deb\n      Size/MD5:   137434 0dd8d58ca4136b26395ec9619352cbf4\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_powerpc.deb\n      Size/MD5:     6724 752b5398be235d406db9b0070c8b4bcc\n    http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_powerpc.deb\n      Size/MD5:    12080 857d09fbe80934ec33149da04cf5b4fe\n\n  sparc architecture (Sun SPARC/UltraSPARC):\n\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_sparc.deb\n      Size/MD5:   184288 a83a8a638af348c50d3bb64a2c0490e4\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_sparc.deb\n      Size/MD5:   237164 9a5c6358c6c65dfc8e5154f79c5937a1\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_sparc.deb\n      Size/MD5:   125062 2e70ed4b0b98f15d9b6d4d1aa2c223fe\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_sparc.deb\n      Size/MD5:     6096 e374e39bdeb2b16f8944713dc6b59ec2\n    http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_sparc.deb\n      Size/MD5:    12036 3bd0ece44e01a49c32decff3d318bcc3\n\nUpdated packages for Ubuntu 10.04 LTS:\n\n  Source archives:\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2-2ubuntu0.5.diff.gz\n      Size/MD5:    20142 b939eddaecc09a223f750ddc9ec300a7\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2-2ubuntu0.5.dsc\n      Size/MD5:     1974 0ab3539d8af96ca2ca23c1d74d79e8c6\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2.orig.tar.gz\n      Size/MD5:  1419742 93e56e421679c591de7552db13384cb8\n\n  Architecture independent packages:\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.9.2-2ubuntu0.5_all.deb\n      Size/MD5:   359126 ddf2cb68732e7fd96ea2078ce0ad4742\n\n  amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.5_amd64.deb\n      Size/MD5:   250490 975aec44c621ff1e524a7d0c344c461d\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.5_amd64.deb\n      Size/MD5:   269922 24ffd793f4f4cab1c419281358f95b06\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.5_amd64.deb\n      Size/MD5:   149244 8de4b36f57fd254339472d92d58df436\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.5_amd64.deb\n      Size/MD5:     6384 dd647e2d96b24485c9a3d512568a33e8\n    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.5_amd64.deb\n      Size/MD5:    12028 f312a06be417327ccaab3bc83fce43ee\n\n  i386 architecture (x86 compatible Intel/AMD):\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.5_i386.deb\n      Size/MD5:   234120 b80a26f6acbf41fc2835dea7be97d332\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.5_i386.deb\n      Size/MD5:   246962 2aced2d3476f07034714c32581451fca\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.5_i386.deb\n      Size/MD5:   136750 9e662029ab9932f9bb5cf551c9a25c70\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.5_i386.deb\n      Size/MD5:     6486 588d1bff01cbec45eefbfb25864b48c7\n    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.5_i386.deb\n      Size/MD5:    11282 028b976bcc83292a2a436961a26cff1b\n\n  armel architecture (ARM Architecture):\n\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.5_armel.deb\n      Size/MD5:   237816 b1bb7396d24ca82d5a72012e7f5902df\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.5_armel.deb\n      Size/MD5:   238800 82ec468a735c037f758424ee05ab0eda\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.5_armel.deb\n      Size/MD5:   129636 b6277537fd8ca0a7258d156b8185fc6c\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.5_armel.deb\n      Size/MD5:     5980 5ee322e0d78f7f440501872a91e78c98\n    http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.5_armel.deb\n      Size/MD5:    11300 c0120b282e1fa3c9922b9218a1d86271\n\n  powerpc architecture (Apple Macintosh G3/G4/G5):\n\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.5_powerpc.deb\n      Size/MD5:   253514 208b8a67298bb8435b790579c2369258\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.5_powerpc.deb\n      Size/MD5:   275256 4ccb314e621e464c06a709fbd7632384\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.5_powerpc.deb\n      Size/MD5:   150724 4787f755ef29dd7198699c9456ca5fd0\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.5_powerpc.deb\n      Size/MD5:     6770 759c330d4a755d3d217ca8afef8cb191\n    http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.5_powerpc.deb\n      Size/MD5:    12092 86dd9f88b6d3f4e3f7ee0c3f98ce4448\n\n  sparc architecture (Sun SPARC/UltraSPARC):\n\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.5_sparc.deb\n      Size/MD5:   248776 0e081f6795686de636fdb537d0da0af3\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.5_sparc.deb\n      Size/MD5:   257346 b1cb2500a7b1ada561852e12546279a4\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.5_sparc.deb\n      Size/MD5:   143484 b24ccd56b9eee79c062d8a1e13e65326\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.5_sparc.deb\n      Size/MD5:     6226 28e807e1ae69640a7e0a35ea79b8913a\n    http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.5_sparc.deb\n      Size/MD5:    11922 1acad867116630bb02cf53831f49fb91\n\nUpdated packages for Ubuntu 10.10:\n\n  Source archives:\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.4-2ubuntu0.2.debian.tar.gz\n      Size/MD5:    18124 6b91f60b7bc92c8f0710f4088c1f38f3\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.4-2ubuntu0.2.dsc\n      Size/MD5:     1991 020c2a94b61792b09f6d01752f2c7f5d\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.4.orig.tar.gz\n      Size/MD5:  1436968 2006c1bdd12644dbf02956955175afd6\n\n  Architecture independent packages:\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.9.4-2ubuntu0.2_all.deb\n      Size/MD5:   342928 4d7df4c971ba92ab11d738820853fcc4\n\n  amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.4-2ubuntu0.2_amd64.deb\n      Size/MD5:   248246 dd83a166330ad6268952b8e49f075012\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.4-2ubuntu0.2_amd64.deb\n      Size/MD5:   270788 73525f6754327725fd2e93fe1fc0e4fb\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.4-2ubuntu0.2_amd64.deb\n      Size/MD5:   149490 2da1a59a5a933e822256d2b6d89454c6\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.4-2ubuntu0.2_amd64.deb\n      Size/MD5:     6310 b566e3ac1e893179519b2596798ad492\n    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.4-2ubuntu0.2_amd64.deb\n      Size/MD5:    11806 a523fb6ef9ac518e5869fdc9bd72d937\n\n  i386 architecture (x86 compatible Intel/AMD):\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.4-2ubuntu0.2_i386.deb\n      Size/MD5:   230148 a676650de4cfea04a7bfd000de0da151\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.4-2ubuntu0.2_i386.deb\n      Size/MD5:   247138 95194c2ea2ab0ca87e6b8867dae07385\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.4-2ubuntu0.2_i386.deb\n      Size/MD5:   136668 f0931de0028f3538f92ef2547cde7bba\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.4-2ubuntu0.2_i386.deb\n      Size/MD5:     6424 ad458d476aa6df65bfaec35f5cba9c0b\n    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.4-2ubuntu0.2_i386.deb\n      Size/MD5:    11144 efd76c12cc9f9df3ba719e8f073a6bfa\n\n  armel architecture (ARM Architecture):\n\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.4-2ubuntu0.2_armel.deb\n      Size/MD5:   256880 6aedba603449a04715b504caac95ed22\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.4-2ubuntu0.2_armel.deb\n      Size/MD5:   271424 0587dc26b90416181bb71f0ee0acbed3\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.4-2ubuntu0.2_armel.deb\n      Size/MD5:   151800 0a97a3959787ce6e4d4a60db21f4bd19\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.4-2ubuntu0.2_armel.deb\n      Size/MD5:     5844 6efde8a677921feabc6dd5156181d72a\n    http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.4-2ubuntu0.2_armel.deb\n      Size/MD5:    11228 9e354f5270bc717488682dfc4712e74a\n\n  powerpc architecture (Apple Macintosh G3/G4/G5):\n\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.4-2ubuntu0.2_powerpc.deb\n      Size/MD5:   250366 6fa58ac5fb03e3b6866499f53cb3e79d\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.4-2ubuntu0.2_powerpc.deb\n      Size/MD5:   275860 d4f92d8330e793d8056e4bc5c180fba9\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.4-2ubuntu0.2_powerpc.deb\n      Size/MD5:   150712 c47116bbde1de23b39bd86ce6733e033\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.4-2ubuntu0.2_powerpc.deb\n      Size/MD5:     6702 d9524527cbcbd6b38cb782d73adbdc3b\n    http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.4-2ubuntu0.2_powerpc.deb\n      Size/MD5:    11962 a31983d4e49adaa4fa0321c16105bae3\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2011-10-12-1 iOS 5 Software Update\n\niOS 5 Software Update is now available and addresses the following:\n\nCalDAV\nAvailable for:  iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\niOS 3.2 through 4.3.5 for iPad\nImpact:  An attacker with a privileged network position may intercept\nuser credentials or other sensitive information from a CalDAV\ncalendar server\nDescription:  CalDAV did not check that the SSL certificate presented\nby the server was trusted. \nCVE-ID\nCVE-2011-3253 : Leszek Tasiemski of nSense\n\nCalendar\nAvailable for:  iOS 4.2.0 through 4.3.5 for iPhone 3GS and iPhone 4,\niOS 4.2.0 through 4.3.5 for iPod touch (3rd generation) and later,\niOS 4.2.0 through 4.3.5 for iPad\nImpact:  Viewing a maliciously crafted calendar invitation may inject\nscript in the local domain\nDescription:  A script injection issue existed in Calendar\u0027s handling\nof invitation notes. This issue is addressed through improved\nescaping of special characters in invitation notes. This issues does\nnot affect devices prior to iOS 4.2.0. \nCVE-ID\nCVE-2011-3254 : Rick Deacon\n\nCFNetwork\nAvailable for:  iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\niOS 3.2 through 4.3.5 for iPad\nImpact:  User\u0027s AppleID password may be logged to a local file\nDescription:  A user\u0027s AppleID password and username were logged to a\nfile that was readable by applications on the system. This is\nresolved by no longer logging these credentials. \nCVE-ID\nCVE-2011-3255 : Peter Quade of qdevelop\n\nCFNetwork\nAvailable for:  iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\niOS 3.2 through 4.3.5 for iPad\nImpact:  Visiting a maliciously crafted website may lead to the\ndisclosure of sensitive information\nDescription:  An issue existed in CFNetwork\u0027s handling of HTTP\ncookies. When accessing a maliciously crafted HTTP or HTTPS URL,\nCFNetwork could incorrectly send the cookies for a domain to a server\noutside that domain. \nCVE-ID\nCVE-2011-3246 : Erling Ellingsen of Facebook\n\nCoreFoundation\nAvailable for:  iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\niOS 3.2 through 4.3.5 for iPad\nImpact:  Viewing a maliciously crafted website or e-mail message may\nlead to an unexpected application termination or arbitrary code\nexecution\nDescription:  A memory corruption issue existed in CoreFoundation\u0027s\nhandling of string tokenization. \nCVE-ID\nCVE-2011-0259 : Apple\n\nCoreGraphics\nAvailable for:  iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\niOS 3.2 through 4.3.5 for iPad\nImpact:  Viewing a document containing a maliciously crafted font may\nlead to arbitrary code execution\nDescription:  Multiple memory corruption existed in freetype, the\nmost serious of which may lead to arbitrary code execution when\nprocessing a maliciously crafted font. \nCVE-ID\nCVE-2011-3256 : Apple\n\nCoreMedia\nAvailable for:  iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\niOS 3.2 through 4.3.5 for iPad\nImpact:  Visiting a maliciously crafted website may lead to the\ndisclosure of video data from another site\nDescription:  A cross-origin issue existed in CoreMedia\u0027s handling of\ncross-site redirects. This issue is addressed through improved origin\ntracking. \nCVE-ID\nCVE-2011-0187 : Nirankush Panchbhai and Microsoft Vulnerability\nResearch (MSVR)\n\nData Access\nAvailable for:  iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\niOS 3.2 through 4.3.5 for iPad\nImpact:  An exchange mail cookie management issue could incorrectly\ncause data synchronization across different accounts\nDescription:  When multiple mail exchange accounts are configured\nwhich connect to the same server, a session could potentially receive\na valid cookie corresponding to a different account. This issue is\naddressed by ensuring that cookies are separated across different\naccounts. \nCVE-ID\nCVE-2011-3257 : Bob Sielken of IBM\n\nData Security\nAvailable for:  iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\niOS 3.2 through 4.3.5 for iPad\nImpact:  An attacker with a privileged network position may intercept\nuser credentials or other sensitive information\nDescription:  Fraudulent certificates were issued by multiple\ncertificate authorities operated by DigiNotar. This issue is\naddressed by removing DigiNotar from the list of trusted root\ncertificates, from the list of Extended Validation (EV) certificate\nauthorities, and by configuring default system trust settings so that\nDigiNotar\u0027s certificates, including those issued by other\nauthorities, are not trusted. \n\nData Security\nAvailable for:  iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\niOS 3.2 through 4.3.5 for iPad\nImpact:  Support for X.509 certificates with MD5 hashes may expose\nusers to spoofing and information disclosure as attacks improve\nDescription:  Certificates signed using the MD5 hash algorithm were\naccepted by iOS. This algorithm has known cryptographic weaknesses. \nFurther research or a misconfigured certificate authority could have\nallowed the creation of X.509 certificates with attacker controlled\nvalues that would have been trusted by the system. This would have\nexposed X.509 based protocols to spoofing, man in the middle attacks,\nand information disclosure. This update disables support for an X.509\ncertificate with an MD5 hash for any use other than as a trusted root\ncertificate. \nCVE-ID\nCVE-2011-3427\n\nData Security\nAvailable for:  iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\niOS 3.2 through 4.3.5 for iPad\nImpact:  An attacker could decrypt part of a SSL connection\nDescription:  Only the SSLv3 and TLS 1.0 versions of SSL were\nsupported. These versions are subject to a protocol weakness when\nusing block ciphers. A man-in-the-middle attacker could have injected\ninvalid data, causing the connection to close but revealing some\ninformation about the previous data. If the same connection was\nattempted repeatedly the attacker may eventually have been able to\ndecrypt the data being sent, such as a password. This issue is\naddressed by adding support for TLS 1.2. \nCVE-ID\nCVE-2011-3389\n\nHome screen\nAvailable for:  iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\niOS 3.2 through 4.3.5 for iPad\nImpact:  Switching between applications may lead to the disclosure of\nsensitive application information\nDescription:  When switching between applications with the four-\nfinger app switching gesture, the display could have revealed the\nprevious application state. This issue is addressed by ensuring that\nthe system properly calls the applicationWillResignActive: method\nwhen transitioning between applications. \nCVE-ID\nCVE-2011-3431 : Abe White of Hedonic Software Inc. \nCVE-ID\nCVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies\n\nInternational Components for Unicode\nAvailable for:  iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\niOS 3.2 through 4.3.5 for iPad\nImpact:  Applications that use ICU may be vulnerable to an unexpected\napplication termination or arbitrary code execution\nDescription:  A buffer overflow issue existed in ICU\u0027s generation of\ncollation keys for long strings of mostly uppercase letters. \nCVE-ID\nCVE-2011-0206 : David Bienvenu of Mozilla\n\nKernel\nAvailable for:  iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\niOS 3.2 through 4.3.5 for iPad\nImpact:  A remote attacker may cause a device reset\nDescription:  The kernel failed to promptly reclaim memory from\nincomplete TCP connections. An attacker with the ability to connect\nto a listening service on an iOS device could exhaust system\nresources. \nCVE-ID\nCVE-2011-3259 : Wouter van der Veer of Topicus I\u0026I, and Josh Enders\n\nKernel\nAvailable for:  iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\niOS 3.2 through 4.3.5 for iPad\nImpact:  A local user may be able to cause a system reset\nDescription:  A null dereference issue existed in the handling of\nIPV6 socket options. \nCVE-ID\nCVE-2011-1132 : Thomas Clement of Intego\n\nKeyboards\nAvailable for:  iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\niOS 3.2 through 4.3.5 for iPad\nImpact:  A user may be able to determine information about the last\ncharacter of a password\nDescription:  The keyboard used to type the last character of a\npassword was briefly displayed the next time the keyboard was used. \nCVE-ID\nCVE-2011-3245 : Paul Mousdicas\n\nlibxml\nAvailable for:  iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\niOS 3.2 through 4.3.5 for iPad\nImpact:  Visiting a maliciously crafted website may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A one-byte heap buffer overflow existed in libxml\u0027s\nhandling of XML data. \nCVE-ID\nCVE-2011-0216 : Billy Rios of the Google Security Team\n\nOfficeImport\nAvailable for:  iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\niOS 3.2 through 4.3.5 for iPad\nImpact:  Viewing a maliciously crafted Word file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A buffer overflow existed in OfficeImport\u0027s handling of\nMicrosoft Word documents. \nCVE-ID\nCVE-2011-3260 : Tobias Klein working with Verisign iDefense Labs\n\nOfficeImport\nAvailable for:  iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\niOS 3.2 through 4.3.5 for iPad\nImpact:  Viewing a maliciously crafted Excel file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A double free issue existed in OfficeImport\u0027s handling\nof Excel files. \nCVE-ID\nCVE-2011-3261 : Tobias Klein of www.trapkit.de\n\nOfficeImport\nAvailable for:  iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\niOS 3.2 through 4.3.5 for iPad\nImpact:  Downloading a maliciously crafted Microsoft Office file may\nlead to an unexpected application termination or arbitrary code\nexecution\nDescription:  A memory corruption issue existed in OfficeImport\u0027s\nhandling of Microsoft Office files. \nCVE-ID\nCVE-2011-0208 : Tobias Klein working with iDefense VCP\n\nOfficeImport\nAvailable for:  iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\niOS 3.2 through 4.3.5 for iPad\nImpact:  Downloading a maliciously crafted Excel file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue existed in OfficeImport\u0027s\nhandling of Excel files. \nCVE-ID\nCVE-2011-0184 : Tobias Klein working with iDefense VCP\n\nSafari\nAvailable for:  iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\niOS 3.2 through 4.3.5 for iPad\nImpact:  Opening maliciously crafted files on certain websites may\nlead to a cross-site scripting attack\nDescription:  iOS did not support the \u0027attachment\u0027 value for the HTTP\nContent-Disposition header. This header is used by many websites to\nserve files that were uploaded to the site by a third-party, such as\nattachments in web-based e-mail applications. Any script in files\nserved with this header value would run as if the file had been\nserved inline, with full access to other resources on the origin\nserver. This issue is addressed by loading attachments in an isolated\nsecurity origin with no access to resources on other sites. \nCVE-ID\nCVE-2011-3426 : Christian Matthies working with iDefense VCP,\nYoshinori Oota from Business Architects Inc working with JP/CERT\n\nSettings\nAvailable for:  iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\niOS 3.2 through 4.3.5 for iPad\nImpact:  An attacker with physical access to a device may be able to\nrecover the restrictions passcode\nDescription:  The parental restrictions functionality enforces UI\nrestrictions. Configuring parental restrictions is protected by a\npasscode, which was previously stored in plaintext on disk. This\nissue is addressed by securely storing the parental restrictions\npasscode in the system keychain. \nCVE-ID\nCVE-2011-3429 : an anonymous reporter\n\nSettings\nAvailable for:  iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\niOS 3.2 through 4.3.5 for iPad\nImpact:  Misleading UI\nDescription:  Configurations and settings applied via configuration\nprofiles did not appear to function properly under any non-English\nlanguage. Settings could be improperly displayed as a result. This\nissue is addressed by fixing a localization error. \nCVE-ID\nCVE-2011-3430 : Florian Kreitmaier of Siemens CERT\n\nUIKit Alerts\nAvailable for:  iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\niOS 3.2 through 4.3.5 for iPad\nImpact:  Visiting a malicious website may cause an unexpected device\nhang\nDescription:  An excessive maximum text layout length permitted\nmalicious websites to cause iOS to hang when drawing acceptance\ndialogs for very long tel: URIs. This issue is addressed by using a\nmore reasonable maximum URI size. \nCVE-ID\nCVE-2011-3432 : Simon Young of Anglia Ruskin University\n\nWebKit\nAvailable for:  iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\niOS 3.2 through 4.3.5 for iPad\nImpact:  Visiting a maliciously crafted website may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  Multiple memory corruption issues existed in WebKit. \nCVE-ID\nCVE-2011-0218 : SkyLined of Google Chrome Security Team\nCVE-2011-0221 : Abhishek Arya (Inferno) of Google Chrome Security\nTeam\nCVE-2011-0222 : Nikita Tarakanov and Alex Bazhanyuk of the CISS\nResearch Team, and Abhishek Arya (Inferno) of Google Chrome Security\nTeam\nCVE-2011-0225 : Abhishek Arya (Inferno) of Google Chrome Security\nTeam\nCVE-2011-0232 : J23 working with TippingPoint\u0027s Zero Day Initiative\nCVE-2011-0233 : wushi of team509 working with TippingPoint\u0027s Zero Day\nInitiative\nCVE-2011-0234 : Rob King working with TippingPoint\u0027s Zero Day\nInitiative, wushi of team509 working with TippingPoint\u0027s Zero Day\nInitiative\nCVE-2011-0235 : Abhishek Arya (Inferno) of Google Chrome Security\nTeam\nCVE-2011-0238 : Adam Barth of Google Chrome Security Team\nCVE-2011-0254 : An anonymous researcher working with TippingPoint\u0027s\nZero Day Initiative\nCVE-2011-0255 : An anonymous reporter working with TippingPoint\u0027s\nZero Day Initiative\nCVE-2011-0981 : Rik Cabanier of Adobe Systems, Inc\nCVE-2011-0983 : Martin Barbella\nCVE-2011-1109 : Sergey Glazunov\nCVE-2011-1114 : Martin Barbella\nCVE-2011-1115 : Martin Barbella\nCVE-2011-1117 : wushi of team509\nCVE-2011-1121 : miaubiz\nCVE-2011-1188 : Martin Barbella\nCVE-2011-1203 : Sergey Glazunov\nCVE-2011-1204 : Sergey Glazunov\nCVE-2011-1288 : Andreas Kling of Nokia\nCVE-2011-1293 : Sergey Glazunov\nCVE-2011-1296 : Sergey Glazunov\nCVE-2011-1449 : Marek Majkowski\nCVE-2011-1451 : Sergey Glazunov\nCVE-2011-1453 : wushi of team509 working with TippingPoint\u0027s Zero Day\nInitiative\nCVE-2011-1457 : John Knottenbelt of Google\nCVE-2011-1462 : wushi of team509\nCVE-2011-1797 : wushi of team509\nCVE-2011-2338 : Abhishek Arya (Inferno) of Google Chrome Security\nTeam using AddressSanitizer\nCVE-2011-2339 : Cris Neckar of the Google Chrome Security Team\nCVE-2011-2341 : Apple\nCVE-2011-2351 : miaubiz\nCVE-2011-2352 : Apple\nCVE-2011-2354 : Apple\nCVE-2011-2356 : Adam Barth and Abhishek Arya of Google Chrome\nSecurity Team using AddressSanitizer\nCVE-2011-2359 : miaubiz\nCVE-2011-2788 : Mikolaj Malecki of Samsung\nCVE-2011-2790 : miaubiz\nCVE-2011-2792 : miaubiz\nCVE-2011-2797 : miaubiz\nCVE-2011-2799 : miaubiz\nCVE-2011-2809 : Abhishek Arya (Inferno) of Google Chrome Security\nTeam\nCVE-2011-2813 : Cris Neckar of Google Chrome Security Team using\nAddressSanitizer\nCVE-2011-2814 : Abhishek Arya (Inferno) of Google Chrome Security\nTeam using AddressSanitizer\nCVE-2011-2816 : Apple\nCVE-2011-2817 : Abhishek Arya (Inferno) of Google Chrome Security\nTeam using AddressSanitizer\nCVE-2011-2818 : Martin Barbella\nCVE-2011-2820 : Raman Tenneti and Philip Rogers of Google\nCVE-2011-2823 : SkyLined of Google Chrome Security Team\nCVE-2011-2827 : miaubiz\nCVE-2011-2831 : Abhishek Arya (Inferno) of Google Chrome Security\nTeam using AddressSanitizer\nCVE-2011-3232 : Aki Helin of OUSPG\nCVE-2011-3234 : miaubiz\nCVE-2011-3235 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the\nChromium development community, and Abhishek Arya (Inferno) of Google\nChrome Security Team\nCVE-2011-3236 : Abhishek Arya (Inferno) of Google Chrome Security\nTeam using AddressSanitizer\nCVE-2011-3237 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the\nChromium development community, and Abhishek Arya (Inferno) of Google\nChrome Security Team\nCVE-2011-3244 : vkouchna\n\nWebKit\nAvailable for:  iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\niOS 3.2 through 4.3.5 for iPad\nImpact:  Visiting a maliciously crafted website may lead to a cross-\nsite scripting attack\nDescription:  A cross-origin issue existed in the handling of URLs\nwith an embedded username. This issue is addressed through improved\nhandling of URLs with an embedded username. \nCVE-ID\nCVE-2011-0242 : Jobert Abma of Online24\n\nWebKit\nAvailable for:  iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\niOS 3.2 through 4.3.5 for iPad\nImpact:  Visiting a maliciously crafted website may lead to a cross-\nsite scripting attack\nDescription:  A cross-origin issue existed in the handling of DOM\nnodes. \nCVE-ID\nCVE-2011-1295 : Sergey Glazunov\n\nWebKit\nAvailable for:  iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\niOS 3.2 through 4.3.5 for iPad\nImpact:  A maliciously crafted website may be able to cause a\ndifferent URL to be shown in the address bar\nDescription:  A URL spoofing issue existed in the handling of the DOM\nhistory object. \nCVE-ID\nCVE-2011-1107 : Jordi Chancel\n\nWebKit\nAvailable for:  iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\niOS 3.2 through 4.3.5 for iPad\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  A configuration issue existed in WebKit\u0027s use of\nlibxslt. Visiting a maliciously crafted website may lead to arbitrary\nfiles being created with the privileges of the user, which may lead\nto arbitrary code execution. This issue is addressed through improved\nlibxslt security settings. \nCVE-ID\nCVE-2011-1774 : Nicolas Gregoire of Agarri\n\nWebKit\nAvailable for:  iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\niOS 3.2 through 4.3.5 for iPad\nImpact:  Visiting a malicious website and dragging content in the\npage may lead to an information disclosure\nDescription:  A cross-origin issue existed in WebKit\u0027s handling of\nHTML5 drag and drop. This issue is addressed by disallowing drag and\ndrop across different origins. \nCVE-ID\nCVE-2011-0166 : Michal Zalewski of Google Inc. \n\nWebKit\nAvailable for:  iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\niOS 3.2 through 4.3.5 for iPad\nImpact:  Visiting a maliciously crafted website may lead to an\ninformation disclosure\nDescription:  A cross-origin issue existed in the handling of Web\nWorkers. \nCVE-ID\nCVE-2011-1190 : Daniel Divricean of divricean.ro\n\nWebKit\nAvailable for:  iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\niOS 3.2 through 4.3.5 for iPad\nImpact:  Visiting a maliciously crafted website may lead to a cross-\nsite scripting attack\nDescription:  A cross-origin issue existed in the handling of the\nwindow.open method. \nCVE-ID\nCVE-2011-2805 : Sergey Glazunov\n\nWebKit\nAvailable for:  iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\niOS 3.2 through 4.3.5 for iPad\nImpact:  Visiting a maliciously crafted website may lead to a cross-\nsite scripting attack\nDescription:  A cross-origin issue existed in the handling of\ninactive DOM windows. \nCVE-ID\nCVE-2011-3243 : Sergey Glazunov\n\nWebKit\nAvailable for:  iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\niOS 3.2 through 4.3.5 for iPad\nImpact:  Visiting a maliciously crafted website may lead to a cross-\nsite scripting attack\nDescription:  A cross-origin issue existed in the handling of the\ndocument.documentURI property. \nCVE-ID\nCVE-2011-2819 : Sergey Glazunov\n\nWebKit\nAvailable for:  iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\niOS 3.2 through 4.3.5 for iPad\nImpact:  A maliciously crafted website may be able to track the URLs\nthat a user visits within a frame\nDescription:  A cross-origin issue existed in the handling of the\nbeforeload event. \nCVE-ID\nCVE-2011-2800 : Juho Nurminen\n\nWiFi\nAvailable for:  iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\niOS 3.2 through 4.3.5 for iPad\nImpact:  WiFi credentials may be logged to a local file\nDescription:  WiFi credentials including the passphrase and\nencryption keys were logged to a file that was readable by\napplications on the system. This is resolved by no longer logging\nthese credentials. \nCVE-ID\nCVE-2011-3434 : Laurent OUDOT of TEHTRI Security\n\nInstallation note:\n\nThis update is only available through iTunes, and will not appear\nin your computer\u0027s Software Update application, or in the Apple\nDownloads site. Make sure you have an Internet connection and have\ninstalled the latest version of iTunes from www.apple.com/itunes/\n\niTunes will automatically check Apple\u0027s update server on its weekly\nschedule. When an update is detected, it will download it. When\nthe iPhone, iPod touch or iPad is docked, iTunes will present the\nuser with the option to install the update. We recommend applying\nthe update immediately if possible. Selecting Don\u0027t Install will\npresent the option the next time you connect your iPhone, iPod touch,\nor iPad. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes checks for updates. You may manually obtain the\nupdate via the Check for Updates button within iTunes. After doing\nthis, the update can be applied when your iPhone, iPod touch, or iPad\nis docked to your computer. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update will be\n\"5 (9A334)\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\n\niQEcBAEBAgAGBQJOldmtAAoJEGnF2JsdZQee/qMIAIPxmIiOqj+FMLFHZtPeC/Dp\n3s4JliKOOgNnjXkxErfaNvYGmeVbDaUER5jdVrWccTauzlYmy8G4uK0An2GD2YiP\ngB5AiCQXpONdBCi38QNdRqrYoYjc8Sa0nUp4r5uWPoiHoj5KfxvBpgygEL+zjHXS\nfmnrONOCWhOYp0w4q6mdTg5BH2uJCbXscD/JjbmgHQI0Vs/iUZKSRyqFo2b0Mvze\nNiSyzcj/4l62Cxx7xM9VbdrYL7Al2yyHfNYJQsZmoeDUlJQcdgEgEMXvOuhY3sFK\nmaxYr2oCp6Mtf53fplAeJIV4ijLynEWAKxTuTznAyW1k7oiGrDTfORSFKPEB9MQ=\n=LCQZ\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-0192"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001352"
      },
      {
        "db": "BID",
        "id": "46658"
      },
      {
        "db": "VULHUB",
        "id": "VHN-48137"
      },
      {
        "db": "PACKETSTORM",
        "id": "100027"
      },
      {
        "db": "PACKETSTORM",
        "id": "99031"
      },
      {
        "db": "PACKETSTORM",
        "id": "102606"
      },
      {
        "db": "PACKETSTORM",
        "id": "99337"
      },
      {
        "db": "PACKETSTORM",
        "id": "105737"
      },
      {
        "db": "PACKETSTORM",
        "id": "105736"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2011-0192",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "46658",
        "trust": 2.2
      },
      {
        "db": "SECUNIA",
        "id": "43593",
        "trust": 1.9
      },
      {
        "db": "SECUNIA",
        "id": "43664",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "50726",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "43585",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "44135",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "43934",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "44117",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2011-0960",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2011-0551",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2011-0599",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2011-0621",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2011-0845",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2011-0930",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2011-0905",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1025153",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001352",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201103-112",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2340",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "105737",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "99068",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-48137",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "100027",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "99031",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "102606",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "99337",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "105736",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-48137"
      },
      {
        "db": "BID",
        "id": "46658"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001352"
      },
      {
        "db": "PACKETSTORM",
        "id": "100027"
      },
      {
        "db": "PACKETSTORM",
        "id": "99031"
      },
      {
        "db": "PACKETSTORM",
        "id": "102606"
      },
      {
        "db": "PACKETSTORM",
        "id": "99337"
      },
      {
        "db": "PACKETSTORM",
        "id": "105737"
      },
      {
        "db": "PACKETSTORM",
        "id": "105736"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201103-112"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-0192"
      }
    ]
  },
  "id": "VAR-201103-0291",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-48137"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T21:12:37.468000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT4554",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4554"
      },
      {
        "title": "HT4566",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4566"
      },
      {
        "title": "HT4564",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4564"
      },
      {
        "title": "HT4565",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4565"
      },
      {
        "title": "HT4581",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4581"
      },
      {
        "title": "HT4566",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4566?viewlocale=ja_jp"
      },
      {
        "title": "HT4564",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4564?viewlocale=ja_jp"
      },
      {
        "title": "HT4565",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4565?viewlocale=ja_jp"
      },
      {
        "title": "HT4581",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4581?viewlocale=ja_jp"
      },
      {
        "title": "HT4554",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4554?viewlocale=ja_jp"
      },
      {
        "title": "FTP Directory",
        "trust": 0.8,
        "url": "ftp://ftp.remotesensing.org/pub/libtiff/"
      },
      {
        "title": "RHSA-2011:0318",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2011-0318.html"
      },
      {
        "title": "Multiple vulnerabilities in LibTIFF",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_libtiff"
      },
      {
        "title": "iTunes 10.2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39588"
      },
      {
        "title": "iTunes 10.2 for Windows (64 bit)",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=39587"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001352"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201103-112"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-48137"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001352"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-0192"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "http://www.securityfocus.com/bid/46658"
      },
      {
        "trust": 1.9,
        "url": "http://secunia.com/advisories/43593"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2011/mar/msg00000.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2011//mar/msg00003.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2011//mar/msg00004.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2011//mar/msg00005.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2011/mar/msg00006.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2011//oct/msg00001.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2011//oct/msg00002.html"
      },
      {
        "trust": 1.1,
        "url": "http://blackberry.com/btsc/kb27244"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/kb/ht4554"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/kb/ht4564"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/kb/ht4565"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/kb/ht4566"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/kb/ht4581"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/kb/ht4999"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/kb/ht5001"
      },
      {
        "trust": 1.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=678635"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2011/dsa-2210"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-march/055683.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-march/055240.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-april/057840.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-april/057763.html"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2011:043"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2011-0318.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1025153"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/43585"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/43664"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/43934"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/44117"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/44135"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/50726"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2011/0551"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2011/0599"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2011/0621"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2011/0845"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2011/0905"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2011/0930"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2011/0960"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.587820"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0192"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu643615"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu867452"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu636925"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu574588"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu556020"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0192"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0192"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2340/"
      },
      {
        "trust": 0.4,
        "url": "http://www.apple.com/itunes/"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0191"
      },
      {
        "trust": 0.3,
        "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2297"
      },
      {
        "trust": 0.3,
        "url": "http://www.libtiff.org/"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/css/p8/documents/100133190"
      },
      {
        "trust": 0.3,
        "url": "http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displaykc\u0026doctype=kc\u0026externalid=kb27244"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1167"
      },
      {
        "trust": 0.2,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.2,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.2,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2.orig.tar.gz"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2630"
      },
      {
        "trust": 0.2,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4.orig.tar.gz"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3087"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2595"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2598"
      },
      {
        "trust": 0.2,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2.orig.tar.gz"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2482"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2483"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2597"
      },
      {
        "trust": 0.2,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.4.orig.tar.gz"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0216"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0241"
      },
      {
        "trust": 0.2,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.2,
        "url": "http://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026amp;y=2011\u0026amp;m=slackware-security.587820"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu3.7.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.7_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.4-2ubuntu0.1_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.8.2-13ubuntu0.4_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.7_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.4_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.4_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.9_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.7_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.9_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.4-2ubuntu0.1_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.4_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.9.4-2ubuntu0.1_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.4_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.4-2ubuntu0.1_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.9_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.4-2ubuntu0.1_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.4-2ubuntu0.1_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.9_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.4-2ubuntu0.1_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.7_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.9_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.7_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.7_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.7_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.9.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.9_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2-2ubuntu0.4.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.7_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.4_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.7_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.9_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.7_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.4-2ubuntu0.1_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.4_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.7_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.4_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.4-2ubuntu0.1_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.9_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.4_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.4_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.4_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.4_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.9.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.4_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.9.2-2ubuntu0.4_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.9_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.4_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.4-2ubuntu0.1_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.4_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.4-2ubuntu0.1_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.4-2ubuntu0.1_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.9_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.9_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.4_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.4-2ubuntu0.1_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.4-2ubuntu0.1_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.4_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.7_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.4-2ubuntu0.1_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.4_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.4-2ubuntu0.1_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.4_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.7_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.9_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.4_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.9_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.4_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.9_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.4-2ubuntu0.1_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu3.7.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.7_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.4_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.4-2ubuntu0.1_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.9_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.4-2ubuntu0.1_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.7_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.9_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.4-2ubuntu0.1_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.4_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.4-2ubuntu0.1.debian.tar.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.9_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.7_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.4-2ubuntu0.1.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.7_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.7_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.4_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.7_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.4_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.9_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.9_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.4_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.7_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.4_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.4_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-13ubuntu0.4.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.7_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.4_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.7_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.7_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.4_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.4_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.4_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.7_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2-2ubuntu0.4.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.4_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-13ubuntu0.4.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.4_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.7_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.4_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.9_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.4-2ubuntu0.1_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.4_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu3.8.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.8_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.9.4-2ubuntu0.2_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.4-2ubuntu0.2_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.10_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.5_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.10_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.10_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.4-2ubuntu0.2.debian.tar.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.10_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu3.8.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.10_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-13ubuntu0.5.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.5_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.4-2ubuntu0.2_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.5_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.10_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.5_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.10_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.4-2ubuntu0.2_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.8_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2-2ubuntu0.5.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.4-2ubuntu0.2_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.8_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.8_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.4-2ubuntu0.2.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.10_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.5_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.10.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.5_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.8_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.5_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.4-2ubuntu0.2_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.4-2ubuntu0.2_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.5_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.5_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.10_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/bugs/731540"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.5_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.4-2ubuntu0.2_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.4-2ubuntu0.2_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.10_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-13ubuntu0.5.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.10_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.10_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.10_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.4-2ubuntu0.2_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.5_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.10_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.5_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.4-2ubuntu0.2_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.5_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.8_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.4-2ubuntu0.2_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.5_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.8_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.4-2ubuntu0.2_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2-2ubuntu0.5.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.5_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.4-2ubuntu0.2_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.4-2ubuntu0.2_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.4-2ubuntu0.2_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.10_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.5_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.4-2ubuntu0.2_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.8_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.8_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.8_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.8_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.8_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.8_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.8_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.5_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.5_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.8.2-13ubuntu0.5_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.8_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.8_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.4-2ubuntu0.2_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.8_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.8_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.4-2ubuntu0.2_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.8_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.4-2ubuntu0.2_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.5_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.5_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.4-2ubuntu0.2_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.8_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.5_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.5_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.5_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.10_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.5_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.8_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.10_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.10.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.5_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.10_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.10_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.8_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.8_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.8_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.9.2-2ubuntu0.5_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.8_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.10_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3232"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3389"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3427"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3259"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0184"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0206"
      },
      {
        "trust": 0.1,
        "url": "https://www.trapkit.de"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0259"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0235"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0187"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0254"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0238"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0983"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1117"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1109"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1115"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0233"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0166"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0234"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0242"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0255"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0981"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1114"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0221"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1107"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0218"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0225"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0208"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0232"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-48137"
      },
      {
        "db": "BID",
        "id": "46658"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001352"
      },
      {
        "db": "PACKETSTORM",
        "id": "100027"
      },
      {
        "db": "PACKETSTORM",
        "id": "99031"
      },
      {
        "db": "PACKETSTORM",
        "id": "102606"
      },
      {
        "db": "PACKETSTORM",
        "id": "99337"
      },
      {
        "db": "PACKETSTORM",
        "id": "105737"
      },
      {
        "db": "PACKETSTORM",
        "id": "105736"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201103-112"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-0192"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-48137"
      },
      {
        "db": "BID",
        "id": "46658"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001352"
      },
      {
        "db": "PACKETSTORM",
        "id": "100027"
      },
      {
        "db": "PACKETSTORM",
        "id": "99031"
      },
      {
        "db": "PACKETSTORM",
        "id": "102606"
      },
      {
        "db": "PACKETSTORM",
        "id": "99337"
      },
      {
        "db": "PACKETSTORM",
        "id": "105737"
      },
      {
        "db": "PACKETSTORM",
        "id": "105736"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201103-112"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-0192"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-03-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-48137"
      },
      {
        "date": "2011-03-02T00:00:00",
        "db": "BID",
        "id": "46658"
      },
      {
        "date": "2011-04-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-001352"
      },
      {
        "date": "2011-04-04T16:47:55",
        "db": "PACKETSTORM",
        "id": "100027"
      },
      {
        "date": "2011-03-07T16:03:11",
        "db": "PACKETSTORM",
        "id": "99031"
      },
      {
        "date": "2011-06-27T23:06:48",
        "db": "PACKETSTORM",
        "id": "102606"
      },
      {
        "date": "2011-03-15T20:48:58",
        "db": "PACKETSTORM",
        "id": "99337"
      },
      {
        "date": "2011-10-13T02:32:41",
        "db": "PACKETSTORM",
        "id": "105737"
      },
      {
        "date": "2011-10-13T02:28:22",
        "db": "PACKETSTORM",
        "id": "105736"
      },
      {
        "date": "2011-03-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201103-112"
      },
      {
        "date": "2011-03-03T20:00:02.643000",
        "db": "NVD",
        "id": "CVE-2011-0192"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-02-21T00:00:00",
        "db": "VULHUB",
        "id": "VHN-48137"
      },
      {
        "date": "2015-05-07T17:14:00",
        "db": "BID",
        "id": "46658"
      },
      {
        "date": "2012-04-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-001352"
      },
      {
        "date": "2020-07-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201103-112"
      },
      {
        "date": "2014-02-21T04:39:24.093000",
        "db": "NVD",
        "id": "CVE-2011-0192"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201103-112"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Apple Product  LIBTIFF Vulnerable to buffer overflow",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001352"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201103-112"
      }
    ],
    "trust": 0.6
  }
}

var-200501-0287
Vulnerability from variot

Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls. Apple Mac OS X with Bluetooth support may unintentionally allow files to be exchanged with other systems by default. Apple Mac OS X Directory Service utilities use external programs insecurely, potentially allowing an attacker to execute arbitrary code. Multiple integer overflows in the LibTIFF library may allow an attacker to execute arbitrary code. Multiple integer overflows in the LibTIFF library may allow an attacker to execute arbitrary code. LibTIFF is affected by multiple buffer-overflow vulnerabilities because the software fails to properly perform boundary checks before copying user-supplied strings into finite process buffers. An attacker may leverage these issues to execute arbitrary code on a vulnerable computer with the privileges of the user running a vulnerable application, facilitating unauthorized access. The attacker may also leverage these issues to crash the affected application. libtiff is an application library responsible for encoding/decoding the TIFF image format.


Want a new IT Security job?

Vacant positions at Secunia: http://secunia.com/secunia_vacancies/


TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA15227

VERIFY ADVISORY: http://secunia.com/advisories/15227/

CRITICAL: Highly critical

IMPACT: Security Bypass, Spoofing, Exposure of sensitive information, Privilege escalation, System access

WHERE:

From remote

OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/

DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes various vulnerabilities.

1) A boundary error in htdigest can be exploited to cause a buffer overflow by passing an overly long realm argument.

NOTE: htdigest is by default only locally accessible and not setuid / setgid.

2) An integer overflow error in the AppKit component when processing TIFF files can be exploited by malicious people to compromise a user's system.

For more information: SA13607

3) An error in the AppKit component when parsing certain TIFF images can result in an invalid call to the "NXSeek()" function, which will crash an affected Cocoa application.

4) An error within the handling of AppleScript can be exploited to display code to a user that is different than the code, which will actually run.

5) An error in the Bluetooth support may cause Bluetooth-enabled systems to share files via the Bluetooth file exchange service without notifying the user properly.

6) An input validation error can be exploited to access arbitrary files on a Bluetooth-enabled system using directory traversal attacks via the Bluetooth file and object exchange services.

7) The chfn, chpass, and chsh utilities invoke certain external helper programs insecurely, which can be exploited by malicious, local users to gain escalated privileges.

8) A vulnerability in Finder can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges due to insecure creation of ".DS_Store" files.

For more information: SA14188

9) A boundary error within the Foundation framework when handling environment variables can be exploited to cause a buffer overflow and may allow execution of arbitrary code.

10) An error in Help Viewer can be exploited to run JavaScript without the normally imposed security restrictions.

11) A security issue in the LDAP functionality may under certain circumstances result in passwords initially being stored in plain text.

12) Errors within the parsing of XPM files can potentially be exploited by malicious people to compromise a vulnerable system.

For more information: SA12549

13) An error in lukemftpd can be exploited by malicious users to bypass chroot restrictions. In order to restrict users to their home directory, both their full name and short name must be listed in the "/etc/ftpchroot" file. However, the problem is that users can change their full name and thereby bypass this restriction.

15) When enabling the HTTP proxy service in Server Admin, it is by default possible for everyone (including users on the Internet) to use the proxy service.

16) A vulnerability in sudo within the environment clearing can be exploited by malicious, local users to gain escalated privileges.

For more information: SA13199

17) An error in the Terminal utility can be exploited to inject data via malicious input containing escape sequences in window titles.

18) An error in the Terminal utility can be exploited to inject commands into a user's Terminal session via malicious input containing escape characters in x-man-path URIs.

SOLUTION: Apply Security Update 2005-005.

Security Update 2005-005 (Client): http://www.apple.com/support/downloads/securityupdate2005005client.html

Security Update 2005-005 (Server): http://www.apple.com/support/downloads/securityupdate2005005server.html

PROVIDED AND/OR DISCOVERED BY: 1) JxT 3) Henrik Dalgaard 4) David Remahl 5) Kevin Finisterre, digitalmunition.com. 6) Kevin Finisterre, digitalmunition.com. 10) David Remahl 13) Rob Griffiths 14) Nico 17) David Remahl 18) David Remahl 19) Pieter de Boer

ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=301528

David Remahl: http://remahl.se/david/vuln/004/ http://remahl.se/david/vuln/010/ http://remahl.se/david/vuln/011/ http://remahl.se/david/vuln/012/

digitalmunition.com: http://www.digitalmunition.com/DMA[2005-0502a].txt

iDEFENSE: http://www.idefense.com/application/poi/display?id=239&type=vulnerabilities

OTHER REFERENCES: SA12549: http://secunia.com/advisories/12549/

SA13199: http://secunia.com/advisories/13199/

SA13607: http://secunia.com/advisories/13607/

SA14188: http://secunia.com/advisories/14188/


About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1


Debian Security Advisory DSA 567-1 security@debian.org http://www.debian.org/security/ Martin Schulze October 15th, 2004 http://www.debian.org/security/faq


Package : tiff Vulnerability : heap overflows Problem-Type : remote Debian-specific: no CVE ID : CAN-2004-0803 CAN-2004-0804 CAN-2004-0886

Several problems have been discovered in libtiff, the Tag Image File Format library for processing TIFF graphics files. The Common Vulnerabilities and Exposures Project has identified the following problems:

CAN-2004-0803

Chris Evans discovered several problems in the RLE (run length
encoding) decoders that could lead to arbitrary code execution.

CAN-2004-0804

Matthias Clasen discovered a division by zero through an integer
overflow.

CAN-2004-0886

Dmitry V.

For the stable distribution (woody) these problems have been fixed in version 3.5.5-6woody1.

For the unstable distribution (sid) these problems have been fixed in version 3.6.1-2.

We recommend that you upgrade your libtiff package.

Upgrade Instructions


wget url will fetch the file for you dpkg -i file.deb will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update will update the internal database apt-get upgrade will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-6woody1.dsc
  Size/MD5 checksum:      635 11a374e916d818c05a373feb04cab6a0
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-6woody1.diff.gz
  Size/MD5 checksum:    36717 6f4d137f7c935d57757313a610dbd389
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5.orig.tar.gz
  Size/MD5 checksum:   693641 3b7199ba793dec6ca88f38bb0c8cc4d8

Alpha architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_alpha.deb
  Size/MD5 checksum:   141424 18b6e6b621178c1419de8a13a0a62366
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_alpha.deb
  Size/MD5 checksum:   105148 875257fb73ba05a575d06650c130a545
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_alpha.deb
  Size/MD5 checksum:   423194 9796f3e82553cedb237f1b574570f143

ARM architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_arm.deb
  Size/MD5 checksum:   116928 5ed91b9586d830e8da9a5086fc5a6e76
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_arm.deb
  Size/MD5 checksum:    90466 f04c381a418fd33602d1ba30158597d3
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_arm.deb
  Size/MD5 checksum:   404262 30f13bfdf54cfca30ee5ca0f6c6d0e4e

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_i386.deb
  Size/MD5 checksum:   112068 d15dfdf84f010be08799d456726e1d9d
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_i386.deb
  Size/MD5 checksum:    81054 293f5c99f0a589917257ec7fee0b92fe
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_i386.deb
  Size/MD5 checksum:   387052 9606adb1668decf5ac1ee02a94298e85

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_ia64.deb
  Size/MD5 checksum:   158774 80c1b7ad68ecc78091ea95414125e81c
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_ia64.deb
  Size/MD5 checksum:   135386 b17f87aa0ad98fc50aa8c137a6f5089c
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_ia64.deb
  Size/MD5 checksum:   446496 757f3b6cc9d3f1ec5a2dfb1c3485caf3

HP Precision architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_hppa.deb
  Size/MD5 checksum:   128298 46dece015f0282bca0af7f6e740e9d31
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_hppa.deb
  Size/MD5 checksum:   106788 b837005b41c54c341cbd61e8fdb581ff
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_hppa.deb
  Size/MD5 checksum:   420346 3a2b91ee22af99eec3ab42d81cf9d59f

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_m68k.deb
  Size/MD5 checksum:   107302 0c702a3e5c2ad7ad7bd96dae64fa2d61
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_m68k.deb
  Size/MD5 checksum:    79770 d67f4347d35bf898a6ab1914cb53a42f
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_m68k.deb
  Size/MD5 checksum:   380218 42e6f07cf2e70de01ca40ac4a97254bf

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_mips.deb
  Size/MD5 checksum:   124048 85d8c8cbb62cc62c876bf4ed721027cf
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_mips.deb
  Size/MD5 checksum:    87840 5f3312f22b0f345c7eae434f5b871993
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_mips.deb
  Size/MD5 checksum:   410770 be817ddffa91c423b55fda3388d7ce48

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_mipsel.deb
  Size/MD5 checksum:   123558 42594e9270de16ff802c11eccf7a0efb
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_mipsel.deb
  Size/MD5 checksum:    88198 a8f0abe9205431caf94dce77d11ac477
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_mipsel.deb
  Size/MD5 checksum:   410860 68a12ef6d37fc575105c4ceb9b766949

PowerPC architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_powerpc.deb
  Size/MD5 checksum:   116042 2258da94549ae05ffae643bc40790487
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_powerpc.deb
  Size/MD5 checksum:    89424 c8d782561a299ffb65ea84b59d88117a
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_powerpc.deb
  Size/MD5 checksum:   402372 1eca24adda52b40c7a8d789fdeb3cb2e

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_s390.deb
  Size/MD5 checksum:   116870 dcddc86a0d96296c07076391adc9d754
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_s390.deb
  Size/MD5 checksum:    91742 40c1de704b191e4abb65af8a4b7fd75d
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_s390.deb
  Size/MD5 checksum:   395332 86d351b75f1f146ddad6d562ca77005c

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_sparc.deb
  Size/MD5 checksum:   132888 9ed9db78d727ba8bfbb25c1e68b03bf2
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_sparc.deb
  Size/MD5 checksum:    88556 a4069600bd9295a27d4eb6e9e0995495
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_sparc.deb
  Size/MD5 checksum:   397026 149e12055c5711129552fa938b5af431

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBcA4UW5ql+IAeqTIRAgMFAKC3Kbs2MxW5XlOa3aK9oo76W8wt9gCfXzyA fD+15yHAK6bw15bB4ejaGV8= =KPqY -----END PGP SIGNATURE-----

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200501-0287",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 6.4,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "trustix",
        "version": "2.1"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "secure linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "trustix",
        "version": "1.5"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "suse",
        "version": "8.1"
      },
      {
        "model": "pdf library",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "pdflib",
        "version": "5.0.2"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "libtiff",
        "version": "3.6.1"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "libtiff",
        "version": "3.6.0"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "libtiff",
        "version": "3.5.7"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "libtiff",
        "version": "3.5.5"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "libtiff",
        "version": "3.5.4"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "libtiff",
        "version": "3.5.3"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "libtiff",
        "version": "3.5.2"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "libtiff",
        "version": "3.5.1"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "libtiff",
        "version": "3.4"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "kde",
        "version": "3.3.1"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "kde",
        "version": "3.3"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "kde",
        "version": "3.2.3"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "kde",
        "version": "3.2.2"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "kde",
        "version": "3.2.1"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "kde",
        "version": "3.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.2.6"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.2.6"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "9.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "1.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.2.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.2.1"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.2.3"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.2.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.2"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.2.2"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.2.7"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.2.2"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.2.7"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.2.8"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "wxgtk2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "wxgtk2",
        "version": "*"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "8.2"
      },
      {
        "model": "mandrake linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mandrakesoft",
        "version": "10.0"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.2.8"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.6"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.2.4"
      },
      {
        "model": "wxgtk2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "wxgtk2",
        "version": "2.5_.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.4"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.4"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.6"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.1"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.2.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.2.5"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.1"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.2.5"
      },
      {
        "model": "fedora core",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "core_2.0"
      },
      {
        "model": "linux advanced workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.2"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.5"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "9.0"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "2.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "2.1"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "3.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "3.0 (x86-64)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (x86)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "7.0 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "7.0 (x86)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "8 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "8 (x86)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (x86)"
      },
      {
        "model": "turbolinux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10_f"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (hosting)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "1.0 (workgroup)"
      },
      {
        "model": "turbolinux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "turbolinux workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "turbolinux workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (ws)"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3.0"
      },
      {
        "model": "linux advanced workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1"
      },
      {
        "model": "wxgtk2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "wxgtk2",
        "version": "2.5.0"
      },
      {
        "model": "wxgtk2",
        "scope": null,
        "trust": 0.3,
        "vendor": "wxgtk2",
        "version": null
      },
      {
        "model": "secure enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trustix",
        "version": "2.0"
      },
      {
        "model": "tetex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tetex",
        "version": "1.0.7"
      },
      {
        "model": "tetex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "tetex",
        "version": "1.0.6"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "8"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "1.0"
      },
      {
        "model": "solaris 9 x86 update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "2"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "9"
      },
      {
        "model": "solaris 8 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "solaris 8 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "solaris 7.0 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "7.0"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "solaris 10.0 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "10"
      },
      {
        "model": "propack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "3.0"
      },
      {
        "model": "unixware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sco",
        "version": "7.1.4"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.1"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.2"
      },
      {
        "model": "fedora core2",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "enterprise linux ws ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "enterprise linux es ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "enterprise linux as ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "advanced workstation for the itanium processor ia64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "advanced workstation for the itanium processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "linux mandrake amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "10.0"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "10.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "do not use",
        "scope": null,
        "trust": 0.3,
        "vendor": "libtiff",
        "version": null
      },
      {
        "model": "modular messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "modular messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1"
      },
      {
        "model": "modular messaging s3400",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "mn100",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "intuity lx",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "integrated management",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "cvlan",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2"
      },
      {
        "model": "pdf library p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "pdflib",
        "version": "5.0.4"
      },
      {
        "model": "kde",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.3.2"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#354486"
      },
      {
        "db": "CERT/CC",
        "id": "VU#258390"
      },
      {
        "db": "CERT/CC",
        "id": "VU#356070"
      },
      {
        "db": "CERT/CC",
        "id": "VU#539110"
      },
      {
        "db": "CERT/CC",
        "id": "VU#706838"
      },
      {
        "db": "CERT/CC",
        "id": "VU#331694"
      },
      {
        "db": "CERT/CC",
        "id": "VU#687568"
      },
      {
        "db": "CERT/CC",
        "id": "VU#687568"
      },
      {
        "db": "BID",
        "id": "11406"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000445"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200501-308"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0886"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pdflib:pdf_library:5.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wxgtk2:wxgtk2:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wxgtk2:wxgtk2:2.5_.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.2.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:kde:kde:3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:kde:kde:3.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:kde:kde:3.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:kde:kde:3.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:trustix:secure_linux:1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:kde:kde:3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:kde:kde:3.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-0886"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "chris chris@cr-secure.net",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200501-308"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2004-0886",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2004-0886",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-9316",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2004-0886",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#687568",
            "trust": 1.6,
            "value": "10.33"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#354486",
            "trust": 0.8,
            "value": "10.69"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#258390",
            "trust": 0.8,
            "value": "2.03"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#356070",
            "trust": 0.8,
            "value": "22.31"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#539110",
            "trust": 0.8,
            "value": "5.04"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#706838",
            "trust": 0.8,
            "value": "9.38"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#331694",
            "trust": 0.8,
            "value": "15.94"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200501-308",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-9316",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#354486"
      },
      {
        "db": "CERT/CC",
        "id": "VU#258390"
      },
      {
        "db": "CERT/CC",
        "id": "VU#356070"
      },
      {
        "db": "CERT/CC",
        "id": "VU#539110"
      },
      {
        "db": "CERT/CC",
        "id": "VU#706838"
      },
      {
        "db": "CERT/CC",
        "id": "VU#331694"
      },
      {
        "db": "CERT/CC",
        "id": "VU#687568"
      },
      {
        "db": "CERT/CC",
        "id": "VU#687568"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9316"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000445"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200501-308"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0886"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls. Apple Mac OS X with Bluetooth support may unintentionally allow files to be exchanged with other systems by default. Apple Mac OS X Directory Service utilities use external programs insecurely, potentially allowing an attacker to execute arbitrary code. Multiple integer overflows in the LibTIFF library may allow an attacker to execute arbitrary code. Multiple integer overflows in the LibTIFF library may allow an attacker to execute arbitrary code. LibTIFF is affected by multiple buffer-overflow vulnerabilities because the software fails to properly perform boundary checks before copying user-supplied strings into finite process buffers. \nAn attacker may leverage these issues to execute arbitrary code on a vulnerable computer with the privileges of the user running a vulnerable application, facilitating unauthorized access.  The attacker may also leverage these issues to crash the affected application. libtiff is an application library responsible for encoding/decoding the TIFF image format. \n\n----------------------------------------------------------------------\n\nWant a new IT Security job?\n\nVacant positions at Secunia:\nhttp://secunia.com/secunia_vacancies/\n\n----------------------------------------------------------------------\n\nTITLE:\nMac OS X Security Update Fixes Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA15227\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/15227/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSecurity Bypass, Spoofing, Exposure of sensitive information,\nPrivilege escalation, System access\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nApple Macintosh OS X\nhttp://secunia.com/product/96/\n\nDESCRIPTION:\nApple has issued a security update for Mac OS X, which fixes various\nvulnerabilities. \n\n1) A boundary error in htdigest can be exploited to cause a buffer\noverflow by passing an overly long realm argument. \n\nNOTE: htdigest is by default only locally accessible and not setuid /\nsetgid. \n\n2) An integer overflow error in the AppKit component when processing\nTIFF files can be exploited by malicious people to compromise a\nuser\u0027s system. \n\nFor more information:\nSA13607\n\n3) An error in the AppKit component when parsing certain TIFF images\ncan result in an invalid call to the \"NXSeek()\" function, which will\ncrash an affected Cocoa application. \n\n4) An error within the handling of AppleScript can be exploited to\ndisplay code to a user that is different than the code, which will\nactually run. \n\n5) An error in the Bluetooth support may cause Bluetooth-enabled\nsystems to share files via the Bluetooth file exchange service\nwithout notifying the user properly. \n\n6) An input validation error can be exploited to access arbitrary\nfiles on a Bluetooth-enabled system using directory traversal attacks\nvia the Bluetooth file and object exchange services. \n\n7) The chfn, chpass, and chsh utilities invoke certain external\nhelper programs insecurely, which can be exploited by malicious,\nlocal users to gain escalated privileges. \n\n8) A vulnerability in Finder can be exploited by malicious, local\nusers to perform certain actions on a vulnerable system with\nescalated privileges due to insecure creation of \".DS_Store\" files. \n\nFor more information:\nSA14188\n\n9) A boundary error within the Foundation framework when handling\nenvironment variables can be exploited to cause a buffer overflow and\nmay allow execution of arbitrary code. \n\n10) An error in Help Viewer can be exploited to run JavaScript\nwithout the normally imposed security restrictions. \n\n11) A security issue in the LDAP functionality may under certain\ncircumstances result in passwords initially being stored in plain\ntext. \n\n12) Errors within the parsing of XPM files can potentially be\nexploited by malicious people to compromise a vulnerable system. \n\nFor more information:\nSA12549\n\n13) An error in lukemftpd can be exploited by malicious users to\nbypass chroot restrictions. In order to restrict users to their home\ndirectory, both their full name and short name must be listed in the\n\"/etc/ftpchroot\" file. However, the problem is that users can change\ntheir full name and thereby bypass this restriction. \n\n15) When enabling the HTTP proxy service in Server Admin, it is by\ndefault possible for everyone (including users on the Internet) to\nuse the proxy service. \n\n16) A vulnerability in sudo within the environment clearing can be\nexploited by malicious, local users to gain escalated privileges. \n\nFor more information:\nSA13199\n\n17) An error in the Terminal utility can be exploited to inject data\nvia malicious input containing escape sequences in window titles. \n\n18) An error in the Terminal utility can be exploited to inject\ncommands into a user\u0027s Terminal session via malicious input\ncontaining escape characters in x-man-path URIs. \n\nSOLUTION:\nApply Security Update 2005-005. \n\nSecurity Update 2005-005 (Client):\nhttp://www.apple.com/support/downloads/securityupdate2005005client.html\n\nSecurity Update 2005-005 (Server):\nhttp://www.apple.com/support/downloads/securityupdate2005005server.html\n\nPROVIDED AND/OR DISCOVERED BY:\n1) JxT\n3) Henrik Dalgaard\n4) David Remahl\n5) Kevin Finisterre, digitalmunition.com. \n6) Kevin Finisterre, digitalmunition.com. \n10) David Remahl\n13) Rob Griffiths\n14) Nico\n17) David Remahl\n18) David Remahl\n19) Pieter de Boer\n\nORIGINAL ADVISORY:\nApple:\nhttp://docs.info.apple.com/article.html?artnum=301528\n\nDavid Remahl:\nhttp://remahl.se/david/vuln/004/\nhttp://remahl.se/david/vuln/010/\nhttp://remahl.se/david/vuln/011/\nhttp://remahl.se/david/vuln/012/\n\ndigitalmunition.com:\nhttp://www.digitalmunition.com/DMA[2005-0502a].txt\n\niDEFENSE:\nhttp://www.idefense.com/application/poi/display?id=239\u0026type=vulnerabilities\n\nOTHER REFERENCES:\nSA12549:\nhttp://secunia.com/advisories/12549/\n\nSA13199:\nhttp://secunia.com/advisories/13199/\n\nSA13607:\nhttp://secunia.com/advisories/13607/\n\nSA14188:\nhttp://secunia.com/advisories/14188/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- --------------------------------------------------------------------------\nDebian Security Advisory DSA 567-1                     security@debian.org\nhttp://www.debian.org/security/                             Martin Schulze\nOctober 15th, 2004                      http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage        : tiff\nVulnerability  : heap overflows\nProblem-Type   : remote\nDebian-specific: no\nCVE ID         : CAN-2004-0803 CAN-2004-0804 CAN-2004-0886\n\nSeveral problems have been discovered in libtiff, the Tag Image File\nFormat library for processing TIFF graphics files.  The Common Vulnerabilities and\nExposures Project has identified the following problems:\n\nCAN-2004-0803\n\n    Chris Evans discovered several problems in the RLE (run length\n    encoding) decoders that could lead to arbitrary code execution. \n\nCAN-2004-0804\n\n    Matthias Clasen discovered a division by zero through an integer\n    overflow. \n\nCAN-2004-0886\n\n    Dmitry V. \n\n\nFor the stable distribution (woody) these problems have been fixed in\nversion 3.5.5-6woody1. \n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 3.6.1-2. \n\nWe recommend that you upgrade your libtiff package. \n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n        will fetch the file for you\ndpkg -i file.deb\n        will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n        will update the internal database\napt-get upgrade\n        will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n  Source archives:\n\n    http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-6woody1.dsc\n      Size/MD5 checksum:      635 11a374e916d818c05a373feb04cab6a0\n    http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-6woody1.diff.gz\n      Size/MD5 checksum:    36717 6f4d137f7c935d57757313a610dbd389\n    http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5.orig.tar.gz\n      Size/MD5 checksum:   693641 3b7199ba793dec6ca88f38bb0c8cc4d8\n\n  Alpha architecture:\n\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_alpha.deb\n      Size/MD5 checksum:   141424 18b6e6b621178c1419de8a13a0a62366\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_alpha.deb\n      Size/MD5 checksum:   105148 875257fb73ba05a575d06650c130a545\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_alpha.deb\n      Size/MD5 checksum:   423194 9796f3e82553cedb237f1b574570f143\n\n  ARM architecture:\n\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_arm.deb\n      Size/MD5 checksum:   116928 5ed91b9586d830e8da9a5086fc5a6e76\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_arm.deb\n      Size/MD5 checksum:    90466 f04c381a418fd33602d1ba30158597d3\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_arm.deb\n      Size/MD5 checksum:   404262 30f13bfdf54cfca30ee5ca0f6c6d0e4e\n\n  Intel IA-32 architecture:\n\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_i386.deb\n      Size/MD5 checksum:   112068 d15dfdf84f010be08799d456726e1d9d\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_i386.deb\n      Size/MD5 checksum:    81054 293f5c99f0a589917257ec7fee0b92fe\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_i386.deb\n      Size/MD5 checksum:   387052 9606adb1668decf5ac1ee02a94298e85\n\n  Intel IA-64 architecture:\n\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_ia64.deb\n      Size/MD5 checksum:   158774 80c1b7ad68ecc78091ea95414125e81c\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_ia64.deb\n      Size/MD5 checksum:   135386 b17f87aa0ad98fc50aa8c137a6f5089c\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_ia64.deb\n      Size/MD5 checksum:   446496 757f3b6cc9d3f1ec5a2dfb1c3485caf3\n\n  HP Precision architecture:\n\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_hppa.deb\n      Size/MD5 checksum:   128298 46dece015f0282bca0af7f6e740e9d31\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_hppa.deb\n      Size/MD5 checksum:   106788 b837005b41c54c341cbd61e8fdb581ff\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_hppa.deb\n      Size/MD5 checksum:   420346 3a2b91ee22af99eec3ab42d81cf9d59f\n\n  Motorola 680x0 architecture:\n\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_m68k.deb\n      Size/MD5 checksum:   107302 0c702a3e5c2ad7ad7bd96dae64fa2d61\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_m68k.deb\n      Size/MD5 checksum:    79770 d67f4347d35bf898a6ab1914cb53a42f\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_m68k.deb\n      Size/MD5 checksum:   380218 42e6f07cf2e70de01ca40ac4a97254bf\n\n  Big endian MIPS architecture:\n\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_mips.deb\n      Size/MD5 checksum:   124048 85d8c8cbb62cc62c876bf4ed721027cf\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_mips.deb\n      Size/MD5 checksum:    87840 5f3312f22b0f345c7eae434f5b871993\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_mips.deb\n      Size/MD5 checksum:   410770 be817ddffa91c423b55fda3388d7ce48\n\n  Little endian MIPS architecture:\n\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_mipsel.deb\n      Size/MD5 checksum:   123558 42594e9270de16ff802c11eccf7a0efb\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_mipsel.deb\n      Size/MD5 checksum:    88198 a8f0abe9205431caf94dce77d11ac477\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_mipsel.deb\n      Size/MD5 checksum:   410860 68a12ef6d37fc575105c4ceb9b766949\n\n  PowerPC architecture:\n\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_powerpc.deb\n      Size/MD5 checksum:   116042 2258da94549ae05ffae643bc40790487\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_powerpc.deb\n      Size/MD5 checksum:    89424 c8d782561a299ffb65ea84b59d88117a\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_powerpc.deb\n      Size/MD5 checksum:   402372 1eca24adda52b40c7a8d789fdeb3cb2e\n\n  IBM S/390 architecture:\n\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_s390.deb\n      Size/MD5 checksum:   116870 dcddc86a0d96296c07076391adc9d754\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_s390.deb\n      Size/MD5 checksum:    91742 40c1de704b191e4abb65af8a4b7fd75d\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_s390.deb\n      Size/MD5 checksum:   395332 86d351b75f1f146ddad6d562ca77005c\n\n  Sun Sparc architecture:\n\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_sparc.deb\n      Size/MD5 checksum:   132888 9ed9db78d727ba8bfbb25c1e68b03bf2\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_sparc.deb\n      Size/MD5 checksum:    88556 a4069600bd9295a27d4eb6e9e0995495\n    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_sparc.deb\n      Size/MD5 checksum:   397026 149e12055c5711129552fa938b5af431\n\n\n  These files will probably be moved into the stable distribution on\n  its next update. \n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show \u003cpkg\u003e\u0027 and http://packages.debian.org/\u003cpkg\u003e\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.5 (GNU/Linux)\n\niD8DBQFBcA4UW5ql+IAeqTIRAgMFAKC3Kbs2MxW5XlOa3aK9oo76W8wt9gCfXzyA\nfD+15yHAK6bw15bB4ejaGV8=\n=KPqY\n-----END PGP SIGNATURE-----\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-0886"
      },
      {
        "db": "CERT/CC",
        "id": "VU#354486"
      },
      {
        "db": "CERT/CC",
        "id": "VU#258390"
      },
      {
        "db": "CERT/CC",
        "id": "VU#356070"
      },
      {
        "db": "CERT/CC",
        "id": "VU#539110"
      },
      {
        "db": "CERT/CC",
        "id": "VU#706838"
      },
      {
        "db": "CERT/CC",
        "id": "VU#331694"
      },
      {
        "db": "CERT/CC",
        "id": "VU#687568"
      },
      {
        "db": "CERT/CC",
        "id": "VU#687568"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000445"
      },
      {
        "db": "BID",
        "id": "11406"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9316"
      },
      {
        "db": "PACKETSTORM",
        "id": "37530"
      },
      {
        "db": "PACKETSTORM",
        "id": "34737"
      }
    ],
    "trust": 7.92
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "SECUNIA",
        "id": "15227",
        "trust": 4.9
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0886",
        "trust": 4.5
      },
      {
        "db": "SECTRACK",
        "id": "1011674",
        "trust": 3.5
      },
      {
        "db": "SECUNIA",
        "id": "12818",
        "trust": 3.5
      },
      {
        "db": "CERT/CC",
        "id": "VU#687568",
        "trust": 3.5
      },
      {
        "db": "SECTRACK",
        "id": "1012651",
        "trust": 2.4
      },
      {
        "db": "BID",
        "id": "11406",
        "trust": 2.2
      },
      {
        "db": "OSVDB",
        "id": "10751",
        "trust": 1.6
      },
      {
        "db": "CERT/CC",
        "id": "VU#354486",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#258390",
        "trust": 0.8
      },
      {
        "db": "OSVDB",
        "id": "16084",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "13502",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#356070",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "13607",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#539110",
        "trust": 0.8
      },
      {
        "db": "OSVDB",
        "id": "16085",
        "trust": 0.8
      },
      {
        "db": "SECTRACK",
        "id": "1013887",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#706838",
        "trust": 0.8
      },
      {
        "db": "OSVDB",
        "id": "16075",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "20376",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#331694",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "17715",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000445",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200501-308",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "11501",
        "trust": 0.6
      },
      {
        "db": "SUSE",
        "id": "SUSE-SA:2004:039",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "17819",
        "trust": 0.6
      },
      {
        "db": "GENTOO",
        "id": "GLSA-200410-30",
        "trust": 0.6
      },
      {
        "db": "GENTOO",
        "id": "GLSA-200410-20",
        "trust": 0.6
      },
      {
        "db": "MANDRAKE",
        "id": "MDKSA-2004:113",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-9316",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "37530",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "34737",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#354486"
      },
      {
        "db": "CERT/CC",
        "id": "VU#258390"
      },
      {
        "db": "CERT/CC",
        "id": "VU#356070"
      },
      {
        "db": "CERT/CC",
        "id": "VU#539110"
      },
      {
        "db": "CERT/CC",
        "id": "VU#706838"
      },
      {
        "db": "CERT/CC",
        "id": "VU#331694"
      },
      {
        "db": "CERT/CC",
        "id": "VU#687568"
      },
      {
        "db": "CERT/CC",
        "id": "VU#687568"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9316"
      },
      {
        "db": "BID",
        "id": "11406"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000445"
      },
      {
        "db": "PACKETSTORM",
        "id": "37530"
      },
      {
        "db": "PACKETSTORM",
        "id": "34737"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200501-308"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0886"
      }
    ]
  },
  "id": "VAR-200501-0287",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-9316"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T21:36:19.004000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "libtiff",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/data/libtiff.html"
      },
      {
        "title": "AXSA-2005-62:1",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=184"
      },
      {
        "title": "RHSA-2005:021",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2005-021.html"
      },
      {
        "title": "RHSA-2005:354",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2005-354.html"
      },
      {
        "title": "RHSA-2004:577",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2004-577.html"
      },
      {
        "title": "101677",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1"
      },
      {
        "title": "101677",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-3"
      },
      {
        "title": "TLSA-2005-4",
        "trust": 0.8,
        "url": "http://www.turbolinux.com/security/2005/tlsa-2005-4.txt"
      },
      {
        "title": "RHSA-2005:021",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2005-021j.html"
      },
      {
        "title": "RHSA-2005:354",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2005-354j.html"
      },
      {
        "title": "RHSA-2004:577",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2004-577j.html"
      },
      {
        "title": "TLSA-2005-4",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2005/tlsa-2005-4j.txt"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000445"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-0886"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 4.9,
        "url": "http://secunia.com/advisories/15227/"
      },
      {
        "trust": 4.1,
        "url": "http://docs.info.apple.com/article.html?artnum=301528"
      },
      {
        "trust": 2.7,
        "url": "http://www.ciac.org/ciac/bulletins/p-015.shtml"
      },
      {
        "trust": 2.4,
        "url": "http://securitytracker.com/alerts/2004/dec/1012651.html"
      },
      {
        "trust": 2.4,
        "url": "http://www.idefense.com/application/poi/display?id=173\u0026type=vulnerabilities"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/12818/"
      },
      {
        "trust": 1.9,
        "url": "http://www.securityfocus.com/bid/11406"
      },
      {
        "trust": 1.9,
        "url": "http://www.kb.cert.org/vuls/id/687568"
      },
      {
        "trust": 1.9,
        "url": "http://securitytracker.com/id?1011674"
      },
      {
        "trust": 1.6,
        "url": "http://securitytracker.com/alerts/2004/oct/1011674.html"
      },
      {
        "trust": 1.6,
        "url": "http://seclists.org/lists/bugtraq/2004/oct/0135.html"
      },
      {
        "trust": 1.6,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2004-0886"
      },
      {
        "trust": 1.6,
        "url": "http://www.osvdb.org/displayvuln.php?osvdb_id=10751"
      },
      {
        "trust": 1.4,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1"
      },
      {
        "trust": 1.1,
        "url": "http://www.kde.org/info/security/advisory-20041209-2.txt"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2004/dsa-567"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2004:109"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2005:052"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a100116"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9907"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2004-577.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2005-021.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2005-354.html"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/12818"
      },
      {
        "trust": 1.1,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1"
      },
      {
        "trust": 1.1,
        "url": "http://www.novell.com/linux/security/advisories/2004_38_libtiff.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.trustix.org/errata/2004/0054/"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17715"
      },
      {
        "trust": 1.0,
        "url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000888"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=109779465621929\u0026w=2"
      },
      {
        "trust": 0.9,
        "url": "http://remahl.se/david/vuln/011/"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/13607/"
      },
      {
        "trust": 0.8,
        "url": "http://www.idefense.com/application/poi/display?id=239"
      },
      {
        "trust": 0.8,
        "url": "http://www.digitalmunition.com/dma%5b2005-0502a%5d.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/13502/"
      },
      {
        "trust": 0.8,
        "url": "http://www.osvdb.org/displayvuln.php?osvdb_id=16084"
      },
      {
        "trust": 0.8,
        "url": "http://www.idefense.com/application/poi/display?id=240\u0026type=vulnerabilities"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.org/bid/13488"
      },
      {
        "trust": 0.8,
        "url": "http://www.securitytracker.com/alerts/2005/may/1013887.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.osvdb.org/displayvuln.php?osvdb_id=16085"
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/20376"
      },
      {
        "trust": 0.8,
        "url": "http://www.apple.com/server/macosx/"
      },
      {
        "trust": 0.8,
        "url": "http://www.osvdb.org/16075"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-0886"
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/17715"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23687568"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-0886"
      },
      {
        "trust": 0.6,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/17819"
      },
      {
        "trust": 0.6,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/11501"
      },
      {
        "trust": 0.6,
        "url": "http://www.mandriva.com/security/advisories?name=mdksa-2004:113"
      },
      {
        "trust": 0.6,
        "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=109880927526773\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57769-1"
      },
      {
        "trust": 0.3,
        "url": "http://www.libtiff.org/"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2004-577.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2005-021.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2005-354.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1\u0026searchclause="
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2005-002_rhsa-2004-577.pdf"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/378421"
      },
      {
        "trust": 0.1,
        "url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026amp;anuncio=000888"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=109779465621929\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/securityupdate2005005server.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.digitalmunition.com/dma[2005-0502a].txt"
      },
      {
        "trust": 0.1,
        "url": "http://remahl.se/david/vuln/010/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://remahl.se/david/vuln/012/"
      },
      {
        "trust": 0.1,
        "url": "http://remahl.se/david/vuln/004/"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/securityupdate2005005client.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_vacancies/"
      },
      {
        "trust": 0.1,
        "url": "http://www.idefense.com/application/poi/display?id=239\u0026type=vulnerabilities"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/14188/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/12549/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/96/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/13199/"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_s390.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_alpha.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_hppa.deb"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_hppa.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_alpha.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_mipsel.deb"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0803"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_hppa.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-6woody1.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_arm.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_mips.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_mipsel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_s390.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_mips.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_mipsel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_mips.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_m68k.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-6woody1.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_arm.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0804"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5.orig.tar.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://packages.debian.org/\u003cpkg\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_s390.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0886"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_m68k.deb"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_alpha.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_arm.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_m68k.deb"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#354486"
      },
      {
        "db": "CERT/CC",
        "id": "VU#258390"
      },
      {
        "db": "CERT/CC",
        "id": "VU#356070"
      },
      {
        "db": "CERT/CC",
        "id": "VU#539110"
      },
      {
        "db": "CERT/CC",
        "id": "VU#706838"
      },
      {
        "db": "CERT/CC",
        "id": "VU#331694"
      },
      {
        "db": "CERT/CC",
        "id": "VU#687568"
      },
      {
        "db": "CERT/CC",
        "id": "VU#687568"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9316"
      },
      {
        "db": "BID",
        "id": "11406"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000445"
      },
      {
        "db": "PACKETSTORM",
        "id": "37530"
      },
      {
        "db": "PACKETSTORM",
        "id": "34737"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200501-308"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0886"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#354486"
      },
      {
        "db": "CERT/CC",
        "id": "VU#258390"
      },
      {
        "db": "CERT/CC",
        "id": "VU#356070"
      },
      {
        "db": "CERT/CC",
        "id": "VU#539110"
      },
      {
        "db": "CERT/CC",
        "id": "VU#706838"
      },
      {
        "db": "CERT/CC",
        "id": "VU#331694"
      },
      {
        "db": "CERT/CC",
        "id": "VU#687568"
      },
      {
        "db": "CERT/CC",
        "id": "VU#687568"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9316"
      },
      {
        "db": "BID",
        "id": "11406"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000445"
      },
      {
        "db": "PACKETSTORM",
        "id": "37530"
      },
      {
        "db": "PACKETSTORM",
        "id": "34737"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200501-308"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-0886"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2005-05-16T00:00:00",
        "db": "CERT/CC",
        "id": "VU#354486"
      },
      {
        "date": "2005-05-09T00:00:00",
        "db": "CERT/CC",
        "id": "VU#258390"
      },
      {
        "date": "2005-05-06T00:00:00",
        "db": "CERT/CC",
        "id": "VU#356070"
      },
      {
        "date": "2005-01-20T00:00:00",
        "db": "CERT/CC",
        "id": "VU#539110"
      },
      {
        "date": "2005-05-16T00:00:00",
        "db": "CERT/CC",
        "id": "VU#706838"
      },
      {
        "date": "2005-05-16T00:00:00",
        "db": "CERT/CC",
        "id": "VU#331694"
      },
      {
        "date": "2004-12-01T00:00:00",
        "db": "CERT/CC",
        "id": "VU#687568"
      },
      {
        "date": "2004-12-01T00:00:00",
        "db": "CERT/CC",
        "id": "VU#687568"
      },
      {
        "date": "2005-01-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-9316"
      },
      {
        "date": "2004-10-13T00:00:00",
        "db": "BID",
        "id": "11406"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2004-000445"
      },
      {
        "date": "2005-05-29T20:22:44",
        "db": "PACKETSTORM",
        "id": "37530"
      },
      {
        "date": "2004-10-26T02:30:56",
        "db": "PACKETSTORM",
        "id": "34737"
      },
      {
        "date": "2004-10-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200501-308"
      },
      {
        "date": "2005-01-27T05:00:00",
        "db": "NVD",
        "id": "CVE-2004-0886"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2005-05-17T00:00:00",
        "db": "CERT/CC",
        "id": "VU#354486"
      },
      {
        "date": "2005-05-16T00:00:00",
        "db": "CERT/CC",
        "id": "VU#258390"
      },
      {
        "date": "2005-05-16T00:00:00",
        "db": "CERT/CC",
        "id": "VU#356070"
      },
      {
        "date": "2005-08-23T00:00:00",
        "db": "CERT/CC",
        "id": "VU#539110"
      },
      {
        "date": "2005-05-24T00:00:00",
        "db": "CERT/CC",
        "id": "VU#706838"
      },
      {
        "date": "2005-05-25T00:00:00",
        "db": "CERT/CC",
        "id": "VU#331694"
      },
      {
        "date": "2005-01-25T00:00:00",
        "db": "CERT/CC",
        "id": "VU#687568"
      },
      {
        "date": "2005-01-25T00:00:00",
        "db": "CERT/CC",
        "id": "VU#687568"
      },
      {
        "date": "2017-10-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-9316"
      },
      {
        "date": "2009-05-05T15:46:00",
        "db": "BID",
        "id": "11406"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2004-000445"
      },
      {
        "date": "2009-02-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200501-308"
      },
      {
        "date": "2017-10-11T01:29:36.420000",
        "db": "NVD",
        "id": "CVE-2004-0886"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200501-308"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "LibTIFF contains multiple integer overflows",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#687568"
      },
      {
        "db": "CERT/CC",
        "id": "VU#687568"
      }
    ],
    "trust": 1.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200501-308"
      }
    ],
    "trust": 0.6
  }
}

var-201006-1232
Vulnerability from variot

Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file that triggers a heap-based buffer overflow. LibTIFF is prone to a remote integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary malicious code in the context of a user running an application that uses the affected library. Failed exploit attempts will likely crash the application. LibTIFF versions prior to 3.9.3 are vulnerable. Apple Mac OS X is the operating system used by Apple family computers, and Font Book is a font management tool included in Mac OS X.

For the stable distribution (lenny), this problem has been fixed in version 3.8.2-11.3.

For the unstable distribution (sid), this problem has been fixed in version 3.9.4-1.

We recommend that you upgrade your tiff packages.

Upgrade instructions


wget url will fetch the file for you dpkg -i file.deb will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update will update the internal database apt-get upgrade will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny


Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2-11.3.tar.gz Size/MD5 checksum: 1376361 bfbc775f3ea2d698f6c4e57a66a6bc62 http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2-11.3.dsc Size/MD5 checksum: 965 289fde796cd4d75c185fd380e4ef2611

Architecture independent packages:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-doc_3.8.2-11.3_all.deb Size/MD5 checksum: 368936 4fa6c87469e6d2a4ab8b9b609e1cd2b0

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_alpha.deb Size/MD5 checksum: 184038 718aa158afb8b08924079e4c8990f303 http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_alpha.deb Size/MD5 checksum: 339202 b4d67d4e554d4e681e54a9951bc6ab88 http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_alpha.deb Size/MD5 checksum: 49078 2c6b9d3ee81d1f1ea306d395b51c1731 http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_alpha.deb Size/MD5 checksum: 55100 ef3532a300357164438524ca256853fb http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_alpha.deb Size/MD5 checksum: 253438 6e72c7d573238d09bdc43a20472b2b29

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_amd64.deb Size/MD5 checksum: 230540 93a89276bd4fe5be5a9d50b040002a70 http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_amd64.deb Size/MD5 checksum: 169962 037d13ec48515773798dfc51af404eef http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_amd64.deb Size/MD5 checksum: 54210 d4e1911e9e5f07980e0d71bde8bfc732 http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_amd64.deb Size/MD5 checksum: 48846 334988c78cfc87a6a3f9f9a18254f450 http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_amd64.deb Size/MD5 checksum: 293176 4aa38a5f29db663094e6af1039b5a32b

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_armel.deb Size/MD5 checksum: 162044 2b4e8648f64119e0ab8e8ab6246270a9 http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_armel.deb Size/MD5 checksum: 234150 7481d9317f18ce662f3b8997ce924df8 http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_armel.deb Size/MD5 checksum: 55996 26fbcbaccac9a1ee56b681699ff035e3 http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_armel.deb Size/MD5 checksum: 48532 30d10222b5e240af5823a2a1cf1b1e26 http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_armel.deb Size/MD5 checksum: 278612 97026ca2288156a7c08057afedede29e

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_hppa.deb Size/MD5 checksum: 309128 bf85956e72869e294f893c3f27b6ad37 http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_hppa.deb Size/MD5 checksum: 176834 e0f39c8995ba2d40ae444257bf9b5943 http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_hppa.deb Size/MD5 checksum: 49746 04935c2e72b8696ccfcd1c303fb83327 http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_hppa.deb Size/MD5 checksum: 54552 d4af13d4eb9022e20ce2312d951ba34b http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_hppa.deb Size/MD5 checksum: 241610 97b8a14e8b2cc24197e2b82d01f51775

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_i386.deb Size/MD5 checksum: 275666 b8fb9e1f47d1e29ba82e9ab9c2c5695e http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_i386.deb Size/MD5 checksum: 48830 734c77873fd7f566e2473470b1db31aa http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_i386.deb Size/MD5 checksum: 161636 665df63c672569d63281727a7ac499b0 http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_i386.deb Size/MD5 checksum: 53632 5d75e0f199918c8c250b0a48d4b2fd4f http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_i386.deb Size/MD5 checksum: 219164 b3b8468f9a518093440b74fc573a6ee1

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_ia64.deb Size/MD5 checksum: 368628 57e577e4e2a590f89b96204598e14d04 http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_ia64.deb Size/MD5 checksum: 56790 4072f1d33f13b2bd419cdd984947a4ce http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_ia64.deb Size/MD5 checksum: 50600 fd59fabeaae51f1b5cf6a675abd2733e http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_ia64.deb Size/MD5 checksum: 230320 54f9d6a2004efac771cdf2856c238032 http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_ia64.deb Size/MD5 checksum: 294884 e6b5df4ea911fc1cc788b8ec7302180a

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_mips.deb Size/MD5 checksum: 228404 3980fe301b7f21ef4a651d970791deb4 http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_mips.deb Size/MD5 checksum: 54648 c1e21d56c6c3caca4fa5cd3088e0131e http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_mips.deb Size/MD5 checksum: 164076 5d3ebd670bb207890c8b01446d9b5286 http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_mips.deb Size/MD5 checksum: 49246 6b55de1c9cc0588311d490393588fef8 http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_mips.deb Size/MD5 checksum: 308736 ff1fd350e5516cd2b01fdf63e7038571

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_mipsel.deb Size/MD5 checksum: 54422 561140c51e40c2c87d7c38e47ec1ce0f http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_mipsel.deb Size/MD5 checksum: 49108 0eed63837509815d380a8ede4617a2c0 http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_mipsel.deb Size/MD5 checksum: 307868 f0b97d0b90054a568241766cd5e8ac0e http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_mipsel.deb Size/MD5 checksum: 164694 69ae3b75909d3fbcf4a748a3f17c4a2e http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_mipsel.deb Size/MD5 checksum: 228910 75d5940ed31a0a78f7a5a07cca1c90b9

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_powerpc.deb Size/MD5 checksum: 299072 cf872d693b7d6d04caab6395c807a49d http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_powerpc.deb Size/MD5 checksum: 51290 4b3b6043a320e3b0efede959db2c993f http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_powerpc.deb Size/MD5 checksum: 173516 7fb5e356c35b8161dea064a927f8f524 http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_powerpc.deb Size/MD5 checksum: 270346 ff150ce3bea37067983a7ea8bdc8ce4f http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_powerpc.deb Size/MD5 checksum: 57156 d57b33ff85a8c4775c519bf6868e5dda

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_s390.deb Size/MD5 checksum: 49846 f0d66694ef6247958c18b753690d6cf6 http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_s390.deb Size/MD5 checksum: 293844 3f30774b20aada6f011ffeaaf0913ce9 http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_s390.deb Size/MD5 checksum: 177474 884dc57fdc438a4a735e123911bcb8dd http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_s390.deb Size/MD5 checksum: 231424 620b24d7eafbb4851b1fd43c96a4445c http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_s390.deb Size/MD5 checksum: 55402 35f4548f8da35b1e25de3bc650fe65c4

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_sparc.deb Size/MD5 checksum: 280198 63347485f32c91c6b449ec33041cf343 http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_sparc.deb Size/MD5 checksum: 55224 e64c5173ddd48b8a80f37a8a92a4b8ef http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_sparc.deb Size/MD5 checksum: 160138 a01d761068e08a849cf0aba5f8bf8115 http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_sparc.deb Size/MD5 checksum: 49380 07dfbcef878e3d014e55bf7c070f722b http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_sparc.deb Size/MD5 checksum: 224292 c31548079cc7b5aec519f66411cd0eeb

These files will probably be moved into the stable distribution on its next update.

Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201209-02


                                        http://security.gentoo.org/

Severity: Normal Title: libTIFF: Multiple vulnerabilities Date: September 23, 2012 Bugs: #307001, #324885, #357271, #359871, #371308, #410931, #422673, #427166 ID: 201209-02


Synopsis

Multiple vulnerabilities in libTIFF could result in execution of arbitrary code or Denial of Service.

Background

libTIFF provides support for reading and manipulating TIFF (Tagged Image File Format) images.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 media-libs/tiff < 4.0.2-r1 *>= 3.9.5-r2 >= 4.0.2-r1

Description

Multiple vulnerabilities have been discovered in libTIFF. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All libTIFF 4.0 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/tiff-4.0.2-r1"

All libTIFF 3.9 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/tiff-3.9.5-r2"

References

[ 1 ] CVE-2009-2347 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2347 [ 2 ] CVE-2009-5022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5022 [ 3 ] CVE-2010-1411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1411 [ 4 ] CVE-2010-2065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2065 [ 5 ] CVE-2010-2067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2067 [ 6 ] CVE-2010-2233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2233 [ 7 ] CVE-2010-2443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2443 [ 8 ] CVE-2010-2481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2481 [ 9 ] CVE-2010-2482 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2482 [ 10 ] CVE-2010-2483 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2483 [ 11 ] CVE-2010-2595 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2595 [ 12 ] CVE-2010-2596 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2596 [ 13 ] CVE-2010-2597 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2597 [ 14 ] CVE-2010-2630 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2630 [ 15 ] CVE-2010-2631 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2631 [ 16 ] CVE-2010-3087 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3087 [ 17 ] CVE-2010-4665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4665 [ 18 ] CVE-2011-0192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0192 [ 19 ] CVE-2011-0192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0192 [ 20 ] CVE-2011-1167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1167 [ 21 ] CVE-2011-1167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1167 [ 22 ] CVE-2012-1173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1173 [ 23 ] CVE-2012-2088 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2088 [ 24 ] CVE-2012-2113 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2113 [ 25 ] CVE-2012-3401 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3401

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201209-02.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1


Mandriva Linux Security Advisory MDVSA-2010:146 http://www.mandriva.com/security/


Package : libtiff Date : August 6, 2010 Affected: 2010.0, 2010.1


Problem Description:

Multiple vulnerabilities has been discovered and corrected in libtiff:

The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to downsampled OJPEG input. (CVE-2010-2233).

The updated packages have been patched to correct these issues.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2595 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1411 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2065 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2483 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2597 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2481 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2067 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2233 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2482


Updated Packages:

Mandriva Linux 2010.0: ceb7febb41b948977f6196b5bf31d538 2010.0/i586/libtiff3-3.9.1-4.1mdv2010.0.i586.rpm d38ee02dca1666e8d8f7c628e9debcbe 2010.0/i586/libtiff-devel-3.9.1-4.1mdv2010.0.i586.rpm e022bf3d3badddd3c480b4143a8cc2ec 2010.0/i586/libtiff-progs-3.9.1-4.1mdv2010.0.i586.rpm 6f18f9ce3d9582ea3f6f9ddd7b1680d8 2010.0/i586/libtiff-static-devel-3.9.1-4.1mdv2010.0.i586.rpm 69aa854e6935c2d111e44e84225f6f69 2010.0/SRPMS/libtiff-3.9.1-4.1mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64: 3965284cc51603cfdc0d9420104b8fd3 2010.0/x86_64/lib64tiff3-3.9.1-4.1mdv2010.0.x86_64.rpm 2768094532f4d1941ef66bae6da6ea15 2010.0/x86_64/lib64tiff-devel-3.9.1-4.1mdv2010.0.x86_64.rpm 2e08c6517abcf34dab75040fbee15212 2010.0/x86_64/lib64tiff-static-devel-3.9.1-4.1mdv2010.0.x86_64.rpm 3c81e78d3c389abcc370add6af857d12 2010.0/x86_64/libtiff-progs-3.9.1-4.1mdv2010.0.x86_64.rpm 69aa854e6935c2d111e44e84225f6f69 2010.0/SRPMS/libtiff-3.9.1-4.1mdv2010.0.src.rpm

Mandriva Linux 2010.1: 0ddf3e069a91387a7d85ad5aacd1dd81 2010.1/i586/libtiff3-3.9.2-2.1mdv2010.1.i586.rpm 53d5d64cb3bb34a78d52776d42e0ed16 2010.1/i586/libtiff-devel-3.9.2-2.1mdv2010.1.i586.rpm e549b78e6658cb9a408454bf698e2ead 2010.1/i586/libtiff-progs-3.9.2-2.1mdv2010.1.i586.rpm 821179322f86ba6dcc96dd6afc48fd0f 2010.1/i586/libtiff-static-devel-3.9.2-2.1mdv2010.1.i586.rpm 31563b8124d1953b9c8849e0a63f5422 2010.1/SRPMS/libtiff-3.9.2-2.1mdv2010.1.src.rpm

Mandriva Linux 2010.1/X86_64: e858e4c72c5191395d4db7f994ffd7c4 2010.1/x86_64/lib64tiff3-3.9.2-2.1mdv2010.1.x86_64.rpm 6bdce5697bc818f57cb56d22ce989b30 2010.1/x86_64/lib64tiff-devel-3.9.2-2.1mdv2010.1.x86_64.rpm daaf9562d71e8076e87578f25b8dbebe 2010.1/x86_64/lib64tiff-static-devel-3.9.2-2.1mdv2010.1.x86_64.rpm 36d9eef4dd2739944f05fe7edd4e76f8 2010.1/x86_64/libtiff-progs-3.9.2-2.1mdv2010.1.x86_64.rpm 31563b8124d1953b9c8849e0a63f5422 2010.1/SRPMS/libtiff-3.9.2-2.1mdv2010.1.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMXDLBmqjQ0CJFipgRAsxuAJ9WAKaIXwvgmXJzs8W+fgn2/2+E/gCg9RT9 1DtIJJ4PJJj+9xrl7Yhsyw8= =Ov4p -----END PGP SIGNATURE-----


Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . =========================================================== Ubuntu Security Notice USN-954-1 June 21, 2010 tiff vulnerabilities CVE-2010-1411, CVE-2010-2065, CVE-2010-2067 ===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: libtiff4 3.7.4-1ubuntu3.8

Ubuntu 8.04 LTS: libtiff4 3.8.2-7ubuntu3.6

Ubuntu 9.04: libtiff4 3.8.2-11ubuntu0.9.04.6

Ubuntu 9.10: libtiff4 3.8.2-13ubuntu0.3

Ubuntu 10.04 LTS: libtiff4 3.9.2-2ubuntu0.3

After a standard system update you need to restart your session to make all the necessary changes.

Details follow:

Kevin Finisterre discovered that the TIFF library did not correctly handle certain image structures. (CVE-2010-1411)

Dan Rosenberg and Sauli Pahlman discovered multiple flaws in the TIFF library. (Only Ubuntu 10.04 LTS was affected.) (CVE-2010-2065, CVE-2010-2067)

Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.8.diff.gz
  Size/MD5:    23040 b840c801a3d7fc4d0a1053d6fabbe707
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.8.dsc
  Size/MD5:      803 d68889478f2962e9b31033bebc892e89
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4.orig.tar.gz
  Size/MD5:  1280113 02cf5c3820bda83b35bb35b45ae27005

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.8_amd64.deb
  Size/MD5:   221050 4d3f5ef363350aa5ade8af964f8cb3ab
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.8_amd64.deb
  Size/MD5:   282864 3ab150b16046d29337ba739f09ffee98
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.8_amd64.deb
  Size/MD5:   476068 717cb178af7ec2759268c50fd9257300
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.8_amd64.deb
  Size/MD5:    44808 e94b7ae7d8c4ed4125db7276f84df640
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.8_amd64.deb
  Size/MD5:    49990 ad2f88b3d31e6ce02cc727f834f67fa6

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.8_i386.deb
  Size/MD5:   206022 713177b3875929efae2c3ff8089067a4
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.8_i386.deb
  Size/MD5:   259564 da2b2a54a49072deb1099928d4d21e4f
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.8_i386.deb
  Size/MD5:   462376 7672d9dab7dfb1c1f80465aedb91c68e
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.8_i386.deb
  Size/MD5:    44808 6b927f6f57aa78861af48514ddac5918
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.8_i386.deb
  Size/MD5:    49330 5206a97516a0b6f76e423c2f90b8cfee

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.8_powerpc.deb
  Size/MD5:   239948 68f3cdaac63717128344589f976ae975
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.8_powerpc.deb
  Size/MD5:   288748 96e81fafcef3b4245c80ced08cc5752a
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.8_powerpc.deb
  Size/MD5:   476678 9ee3902c1570f7b9cb458e6ed844abb1
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.8_powerpc.deb
  Size/MD5:    47040 399804bdbcfbd3d38b976957ffec738b
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.8_powerpc.deb
  Size/MD5:    51672 ba92c41d9105bb80729ff263f7955e63

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.8_sparc.deb
  Size/MD5:   208940 c67ceaa5d1c09987d580c438874c17f6
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.8_sparc.deb
  Size/MD5:   270628 7df1a1ad75e42a84af970eab83163089
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.8_sparc.deb
  Size/MD5:   467240 2b85c23af3d8b6c9a82e65736949c131
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.8_sparc.deb
  Size/MD5:    44742 e69373d50bf9c942cbf6d8825bca352b
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.8_sparc.deb
  Size/MD5:    49878 e8d0bef67675fdb392e77625f435d219

Updated packages for Ubuntu 8.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu3.6.diff.gz
  Size/MD5:    21457 7abcb4908ccce79993653514228664a7
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu3.6.dsc
  Size/MD5:      899 0a7f751ae5fd3a5cb4dbbef7ab8beba1
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2.orig.tar.gz
  Size/MD5:  1333780 e6ec4ab957ef49d5aabc38b7a376910b

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.6_amd64.deb
  Size/MD5:   186468 23fd6541a3233e1bb4cda603aaa78284
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.6_amd64.deb
  Size/MD5:   571232 95be000d64194a48d01273015edde173
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.6_amd64.deb
  Size/MD5:   131246 c272d2494f48d401a6390ef591770e2a
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.6_amd64.deb
  Size/MD5:     5074 aab0bfd607ea51554611263913f5de9a
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.6_amd64.deb
  Size/MD5:    10498 6ca030143c795181a60c4839614ab325

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.6_i386.deb
  Size/MD5:   175322 65ce19d8e649dd9213fdd45dfa10c090
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.6_i386.deb
  Size/MD5:   552732 64759cd5ab6f5f9b4afbc32dbbff901d
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.6_i386.deb
  Size/MD5:   123000 f58e75e4d5e334b476fd100ba33edf72
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.6_i386.deb
  Size/MD5:     5042 586e14ed6fef1ce1eda11624b297f97f
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.6_i386.deb
  Size/MD5:     9940 65217cbdc3ed7c176ab115834d34030e

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.6_lpia.deb
  Size/MD5:   177018 da50f84cda9ef32d65a5f28ac7e04d8c
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.6_lpia.deb
  Size/MD5:   555182 e7e9c90796c183e66bf34d72837e49c3
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.6_lpia.deb
  Size/MD5:   124212 e8439778d4c95a5ad750b9d69a6eb309
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.6_lpia.deb
  Size/MD5:     4916 09d01db63f70bd66c3a92720ad888281
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.6_lpia.deb
  Size/MD5:     9980 4bd91c80378208cd35678ead71081ab6

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.6_powerpc.deb
  Size/MD5:   223478 71bdc0445e1e63b91ecd6d5cdb3d362c
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.6_powerpc.deb
  Size/MD5:   577308 c893f853e3d834379fe34e6d98541500
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.6_powerpc.deb
  Size/MD5:   134610 5ca1d77cac23b098008d3079e3d462a4
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.6_powerpc.deb
  Size/MD5:     7510 d920d8082d30de0499af5038556fbaa7
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.6_powerpc.deb
  Size/MD5:    13286 2cf13645039e3ef9ae085f33b709ec60

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.6_sparc.deb
  Size/MD5:   178868 16fd5d7a68d5c119f1cfcfbc7d0f720b
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.6_sparc.deb
  Size/MD5:   558590 cef1b1501e6b71beb717da7f110a9829
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.6_sparc.deb
  Size/MD5:   122704 1f07fe414230660e0608a4753f5fa456
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.6_sparc.deb
  Size/MD5:     4804 836d935afee73d163417e77eae1b5eba
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.6_sparc.deb
  Size/MD5:    10700 0ff671fb6a490f6bbf318bc566b9b68e

Updated packages for Ubuntu 9.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-11ubuntu0.9.04.6.diff.gz
  Size/MD5:    41278 b5e24df5393ac8d3f0c4ea3f065ae4b3
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-11ubuntu0.9.04.6.dsc
  Size/MD5:     1367 fd03c6190254db93870f7ccd575272d1
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2.orig.tar.gz
  Size/MD5:  1333780 e6ec4ab957ef49d5aabc38b7a376910b

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.8.2-11ubuntu0.9.04.6_all.deb
  Size/MD5:   334870 026f8704147696147176f69e92682c28

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-11ubuntu0.9.04.6_amd64.deb
  Size/MD5:   191638 c93bc89ad72f5c63476d9fe3ecf5ca0d
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-11ubuntu0.9.04.6_amd64.deb
  Size/MD5:   250894 d997f30871a19214988da6cd251328b9
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-11ubuntu0.9.04.6_amd64.deb
  Size/MD5:   134574 80146acc32c9391baf2ce1c3a8e519c8
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-11ubuntu0.9.04.6_amd64.deb
  Size/MD5:     6284 bd1c39ad7746d911e30871c8939d3988
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-11ubuntu0.9.04.6_amd64.deb
  Size/MD5:    11902 d12ea8aabdc9a7e67d998115c49e902f

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-11ubuntu0.9.04.6_i386.deb
  Size/MD5:   176254 38eef2617f8e1fc8b8fbfce314e0d3e9
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-11ubuntu0.9.04.6_i386.deb
  Size/MD5:   233732 1d104561bc6950d1b7cadbab771f353c
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-11ubuntu0.9.04.6_i386.deb
  Size/MD5:   126548 22359cfdca9c56ff2fb01853315f2639
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-11ubuntu0.9.04.6_i386.deb
  Size/MD5:     6274 de4dccef0ce17f4a698aba609b33e73c
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-11ubuntu0.9.04.6_i386.deb
  Size/MD5:    11244 2297033448604abce36ceed918685799

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-11ubuntu0.9.04.6_lpia.deb
  Size/MD5:   178544 7895fa9f7ed7e6310953384cf14b44ac
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-11ubuntu0.9.04.6_lpia.deb
  Size/MD5:   236174 a49ffa36dcd626470f6406945f2a9b07
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-11ubuntu0.9.04.6_lpia.deb
  Size/MD5:   128182 c15737bbdb79e4ad6747ff1122c9010a
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-11ubuntu0.9.04.6_lpia.deb
  Size/MD5:     6132 6c41518edbf30a79fa5c619da6345a2c
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-11ubuntu0.9.04.6_lpia.deb
  Size/MD5:    11280 45e30b64c92200cc30ff35c076734f7c

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-11ubuntu0.9.04.6_powerpc.deb
  Size/MD5:   221288 3592d9842997a658007ac326caaed2a7
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-11ubuntu0.9.04.6_powerpc.deb
  Size/MD5:   256768 834993c1049aca8c12420b92c92f28fb
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-11ubuntu0.9.04.6_powerpc.deb
  Size/MD5:   137538 49b4a1e944f909ca495b525c2633a735
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-11ubuntu0.9.04.6_powerpc.deb
  Size/MD5:     8730 01803cafeea784dbc818a5e0b280722f
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-11ubuntu0.9.04.6_powerpc.deb
  Size/MD5:    14234 2ba3cc6f57abce5c990eef8d7c6fbceb

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-11ubuntu0.9.04.6_sparc.deb
  Size/MD5:   183806 f2a9bbe1f571d06e74fc955ac8f59b72
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-11ubuntu0.9.04.6_sparc.deb
  Size/MD5:   238044 12858b8bde77b383f1089e8989394b38
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-11ubuntu0.9.04.6_sparc.deb
  Size/MD5:   124424 bf09c05c0bc3ec5c21ebdefbb095faa6
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-11ubuntu0.9.04.6_sparc.deb
  Size/MD5:     5978 952a5bf270a59b0f873dd1c6a1f67175
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-11ubuntu0.9.04.6_sparc.deb
  Size/MD5:    12022 629b0b70778ecd8fe824f3254cf27b90

Updated packages for Ubuntu 9.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-13ubuntu0.3.diff.gz
  Size/MD5:    41121 c0ab3072d29ea0360ba47217778d4901
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-13ubuntu0.3.dsc
  Size/MD5:     1343 03d22a022fc88888d9d8935e0df737bf
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2.orig.tar.gz
  Size/MD5:  1333780 e6ec4ab957ef49d5aabc38b7a376910b

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.8.2-13ubuntu0.3_all.deb
  Size/MD5:   334670 5cc39d1960ed0eaa84b0cef574f9019a

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.3_amd64.deb
  Size/MD5:   193172 904b26a40f81337d896afb4dc99b6dac
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.3_amd64.deb
  Size/MD5:   251358 a2c45975bc8789e05a1fac873c54afdb
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.3_amd64.deb
  Size/MD5:   135204 747b17ea960047cfe980951780e16343
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.3_amd64.deb
  Size/MD5:     6330 1784c3b86fe6a9a68f8411b7ad816d4a
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.3_amd64.deb
  Size/MD5:    12006 24240bf743cd23ce670b4b486a7408a6

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.3_i386.deb
  Size/MD5:   175842 008409a183baa37db8c1c45a8f094a44
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.3_i386.deb
  Size/MD5:   231870 56bb188c4596af1b901be03032d9a617
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.3_i386.deb
  Size/MD5:   124248 3708797ed53d0d0b58769ff729ff18c0
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.3_i386.deb
  Size/MD5:     6446 cb3263d1be21404f7cb72866fdf6ad2a
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.3_i386.deb
  Size/MD5:    11302 628741204ad187f2d66f724c49ee47f7

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.3_lpia.deb
  Size/MD5:   177048 64a59e0441238751d0e74e47e414d27e
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.3_lpia.deb
  Size/MD5:   234210 73343fb5872ff0d51c90ffc1cc841c9f
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.3_lpia.deb
  Size/MD5:   125892 2f7f51f21359bec31fdb219176d46517
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.3_lpia.deb
  Size/MD5:     6314 5bd86ff35a7592a8cb6cc4fe5a19073f
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.3_lpia.deb
  Size/MD5:    11342 36a53ad5737a7381f123f9ba65efb694

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.3_powerpc.deb
  Size/MD5:   191502 c6b963c4009baaa04afe123c7ec99f9c
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.3_powerpc.deb
  Size/MD5:   256282 8110d1fade42b772fbc2072ea209eb97
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.3_powerpc.deb
  Size/MD5:   136778 dbba3ac2c70dbf380fe242bd68c53fa3
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.3_powerpc.deb
  Size/MD5:     6736 1f111239548e12c69db166e59a190b3c
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.3_powerpc.deb
  Size/MD5:    12086 0d49955b527ff8a6ff4943120ba553c5

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.3_sparc.deb
  Size/MD5:   184286 06388a8d95b34d4bfb7247c47c07906c
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.3_sparc.deb
  Size/MD5:   236968 4208eb62edba48bbd6d280eedda2a0a4
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.3_sparc.deb
  Size/MD5:   124514 a6446a90d3e9d5629f8105603c9474dd
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.3_sparc.deb
  Size/MD5:     6100 76a69eccc98c82be32b0481df58d3de9
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.3_sparc.deb
  Size/MD5:    12026 c23e8ab257390fe565ebf103a8edaeb9

Updated packages for Ubuntu 10.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2-2ubuntu0.3.diff.gz
  Size/MD5:    17310 779fdd57e79090bedcec10b26eaf08ec
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2-2ubuntu0.3.dsc
  Size/MD5:     1339 7d001b20ea0677cb63bbb4becf8ff69f
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2.orig.tar.gz
  Size/MD5:  1419742 93e56e421679c591de7552db13384cb8

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.9.2-2ubuntu0.3_all.deb
  Size/MD5:   342306 e17c62cb61768cd0885bd5c71caa7f67

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.3_amd64.deb
  Size/MD5:   252274 0b359ab56d43865968c690765ef96a23
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.3_amd64.deb
  Size/MD5:   269444 364252fef2d31f9a59be006a60c6794e
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.3_amd64.deb
  Size/MD5:   148610 19d95336d35bffd635787ac1174c6716
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.3_amd64.deb
  Size/MD5:     6390 7236b5c267df2ae7fbb805768c4d6314
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.3_amd64.deb
  Size/MD5:    12034 ad15f0ac0f19016a4498c3f22f90de43

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.3_i386.deb
  Size/MD5:   232412 def529fa30067e222a10ce03fb4651e2
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.3_i386.deb
  Size/MD5:   246484 3f78b62e3e411a05fcf9f97a9f77f21c
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.3_i386.deb
  Size/MD5:   136176 0fae675d248b4ab7cf77018d860a55ce
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.3_i386.deb
  Size/MD5:     6492 fb5a44eaef7ee218d83a4482bd331c69
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.3_i386.deb
  Size/MD5:    11290 c9ee0da107d51715c41bc5513a302532

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.3_powerpc.deb
  Size/MD5:   253470 7fbf59b850974984a419f752830da31b
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.3_powerpc.deb
  Size/MD5:   275072 a174c0a69bbe402b3d17a0085e69952d
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.3_powerpc.deb
  Size/MD5:   150222 e460e28329d5754c4670647d08a2c9fb
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.3_powerpc.deb
  Size/MD5:     6774 f5f491424e932a100199e8274d7b8eef
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.3_powerpc.deb
  Size/MD5:    12098 c18d01ecf566a05ef689b2224bf0c343

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.3_sparc.deb
  Size/MD5:   248748 fc6cc955db82161bffe7ebf0dd5a4aea
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.3_sparc.deb
  Size/MD5:   257150 ccb51b6b25aa92dc09140d0fda8ef2b5
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.3_sparc.deb
  Size/MD5:   142870 5644962072cf924c15a559f9a0f00ddc
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.3_sparc.deb
  Size/MD5:     6238 d11701e3eb25d8201e363314c5ea4bbb
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.3_sparc.deb
  Size/MD5:    11922 be82dd608f5e01be8117b48eaa567ca0

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201006-1232",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.6.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.6.2"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.6.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.6.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.5.8"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.6.3"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.6.1"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.5.8"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.6.0"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.6.0"
      },
      {
        "model": "libtiff",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "libtiff",
        "version": "3.9.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5.8"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.6 to  v10.6.3"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5.8"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.6 to  v10.6.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "5"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "3 (x86)"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "3 (x86-64)"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "3.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "3.0 (x86-64)"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0 (x86-64)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4.8 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4.8 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "5 (server)"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "5.0 (client)"
      },
      {
        "model": "rhel desktop workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "5 (client)"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.10"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.10"
      },
      {
        "model": "linux lpia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.10"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.10"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.10"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.04"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.04"
      },
      {
        "model": "linux lpia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.04"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.04"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.04"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux lts lpia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "linux enterprise sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "10.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "9.0"
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "12.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "12.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "12.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "11.0"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.2"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.1"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "2"
      },
      {
        "model": "appliance platform linux service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "2"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "enterprise linux desktop workstation client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "enterprise linux desktop client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "enterprise linux desktop version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pardus",
        "version": "20090"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.1"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.1"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.0"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.0"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2009.1"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2009.1"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2009.0"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2009.0"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2008.0"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2008.0"
      },
      {
        "model": "enterprise server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.8.2"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.8.1"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.8"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.7.4"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.7.3"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.7.2"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.7.1"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.7"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.6.1"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.6.0"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.5.7"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.5.5"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.5.4"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.5.3"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.5.2"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.5.1"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.4"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.9"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.7.2-7"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux armel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1.2"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1.1"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "messaging storage server mm3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "messaging storage server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "messaging storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "messaging storage server",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "message networking mn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.1"
      },
      {
        "model": "message networking",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.1"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5"
      },
      {
        "model": "intuity audix lx r1.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "intuity audix lx sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "intuity audix lx sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "intuity audix lx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "intuity audix lx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "aura system platform sp1.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.1.8"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.2.20"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0"
      },
      {
        "model": "libtiff",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.9.3"
      },
      {
        "model": "mac os server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.4"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.4"
      },
      {
        "model": "itunes",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "40823"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001651"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201006-294"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1411"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-1411"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Kevin Finisterre",
    "sources": [
      {
        "db": "BID",
        "id": "40823"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201006-294"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2010-1411",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2010-1411",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-44016",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2010-1411",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201006-294",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-44016",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2010-1411",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-44016"
      },
      {
        "db": "VULMON",
        "id": "CVE-2010-1411"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001651"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201006-294"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1411"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file that triggers a heap-based buffer overflow. LibTIFF is prone to a remote integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. \nAn attacker can exploit this issue to execute arbitrary malicious code in the context of a user running an application that uses the affected library. Failed exploit attempts will likely crash the application. \nLibTIFF versions prior to 3.9.3 are vulnerable. Apple Mac OS X is the operating system used by Apple family computers, and Font Book is a font management tool included in Mac OS X. \n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 3.8.2-11.3. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.9.4-1. \n\nWe recommend that you upgrade your tiff packages. \n\nUpgrade instructions\n- --------------------\n\nwget url\n        will fetch the file for you\ndpkg -i file.deb\n        will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n        will update the internal database\napt-get upgrade\n        will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. \n\nSource archives:\n\n  http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2-11.3.tar.gz\n    Size/MD5 checksum:  1376361 bfbc775f3ea2d698f6c4e57a66a6bc62\n  http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2-11.3.dsc\n    Size/MD5 checksum:      965 289fde796cd4d75c185fd380e4ef2611\n\nArchitecture independent packages:\n\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff-doc_3.8.2-11.3_all.deb\n    Size/MD5 checksum:   368936 4fa6c87469e6d2a4ab8b9b609e1cd2b0\n\nalpha architecture (DEC Alpha)\n\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_alpha.deb\n    Size/MD5 checksum:   184038 718aa158afb8b08924079e4c8990f303\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_alpha.deb\n    Size/MD5 checksum:   339202 b4d67d4e554d4e681e54a9951bc6ab88\n  http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_alpha.deb\n    Size/MD5 checksum:    49078 2c6b9d3ee81d1f1ea306d395b51c1731\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_alpha.deb\n    Size/MD5 checksum:    55100 ef3532a300357164438524ca256853fb\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_alpha.deb\n    Size/MD5 checksum:   253438 6e72c7d573238d09bdc43a20472b2b29\n\namd64 architecture (AMD x86_64 (AMD64))\n\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_amd64.deb\n    Size/MD5 checksum:   230540 93a89276bd4fe5be5a9d50b040002a70\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_amd64.deb\n    Size/MD5 checksum:   169962 037d13ec48515773798dfc51af404eef\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_amd64.deb\n    Size/MD5 checksum:    54210 d4e1911e9e5f07980e0d71bde8bfc732\n  http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_amd64.deb\n    Size/MD5 checksum:    48846 334988c78cfc87a6a3f9f9a18254f450\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_amd64.deb\n    Size/MD5 checksum:   293176 4aa38a5f29db663094e6af1039b5a32b\n\narmel architecture (ARM EABI)\n\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_armel.deb\n    Size/MD5 checksum:   162044 2b4e8648f64119e0ab8e8ab6246270a9\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_armel.deb\n    Size/MD5 checksum:   234150 7481d9317f18ce662f3b8997ce924df8\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_armel.deb\n    Size/MD5 checksum:    55996 26fbcbaccac9a1ee56b681699ff035e3\n  http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_armel.deb\n    Size/MD5 checksum:    48532 30d10222b5e240af5823a2a1cf1b1e26\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_armel.deb\n    Size/MD5 checksum:   278612 97026ca2288156a7c08057afedede29e\n\nhppa architecture (HP PA RISC)\n\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_hppa.deb\n    Size/MD5 checksum:   309128 bf85956e72869e294f893c3f27b6ad37\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_hppa.deb\n    Size/MD5 checksum:   176834 e0f39c8995ba2d40ae444257bf9b5943\n  http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_hppa.deb\n    Size/MD5 checksum:    49746 04935c2e72b8696ccfcd1c303fb83327\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_hppa.deb\n    Size/MD5 checksum:    54552 d4af13d4eb9022e20ce2312d951ba34b\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_hppa.deb\n    Size/MD5 checksum:   241610 97b8a14e8b2cc24197e2b82d01f51775\n\ni386 architecture (Intel ia32)\n\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_i386.deb\n    Size/MD5 checksum:   275666 b8fb9e1f47d1e29ba82e9ab9c2c5695e\n  http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_i386.deb\n    Size/MD5 checksum:    48830 734c77873fd7f566e2473470b1db31aa\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_i386.deb\n    Size/MD5 checksum:   161636 665df63c672569d63281727a7ac499b0\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_i386.deb\n    Size/MD5 checksum:    53632 5d75e0f199918c8c250b0a48d4b2fd4f\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_i386.deb\n    Size/MD5 checksum:   219164 b3b8468f9a518093440b74fc573a6ee1\n\nia64 architecture (Intel ia64)\n\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_ia64.deb\n    Size/MD5 checksum:   368628 57e577e4e2a590f89b96204598e14d04\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_ia64.deb\n    Size/MD5 checksum:    56790 4072f1d33f13b2bd419cdd984947a4ce\n  http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_ia64.deb\n    Size/MD5 checksum:    50600 fd59fabeaae51f1b5cf6a675abd2733e\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_ia64.deb\n    Size/MD5 checksum:   230320 54f9d6a2004efac771cdf2856c238032\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_ia64.deb\n    Size/MD5 checksum:   294884 e6b5df4ea911fc1cc788b8ec7302180a\n\nmips architecture (MIPS (Big Endian))\n\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_mips.deb\n    Size/MD5 checksum:   228404 3980fe301b7f21ef4a651d970791deb4\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_mips.deb\n    Size/MD5 checksum:    54648 c1e21d56c6c3caca4fa5cd3088e0131e\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_mips.deb\n    Size/MD5 checksum:   164076 5d3ebd670bb207890c8b01446d9b5286\n  http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_mips.deb\n    Size/MD5 checksum:    49246 6b55de1c9cc0588311d490393588fef8\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_mips.deb\n    Size/MD5 checksum:   308736 ff1fd350e5516cd2b01fdf63e7038571\n\nmipsel architecture (MIPS (Little Endian))\n\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_mipsel.deb\n    Size/MD5 checksum:    54422 561140c51e40c2c87d7c38e47ec1ce0f\n  http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_mipsel.deb\n    Size/MD5 checksum:    49108 0eed63837509815d380a8ede4617a2c0\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_mipsel.deb\n    Size/MD5 checksum:   307868 f0b97d0b90054a568241766cd5e8ac0e\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_mipsel.deb\n    Size/MD5 checksum:   164694 69ae3b75909d3fbcf4a748a3f17c4a2e\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_mipsel.deb\n    Size/MD5 checksum:   228910 75d5940ed31a0a78f7a5a07cca1c90b9\n\npowerpc architecture (PowerPC)\n\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_powerpc.deb\n    Size/MD5 checksum:   299072 cf872d693b7d6d04caab6395c807a49d\n  http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_powerpc.deb\n    Size/MD5 checksum:    51290 4b3b6043a320e3b0efede959db2c993f\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_powerpc.deb\n    Size/MD5 checksum:   173516 7fb5e356c35b8161dea064a927f8f524\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_powerpc.deb\n    Size/MD5 checksum:   270346 ff150ce3bea37067983a7ea8bdc8ce4f\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_powerpc.deb\n    Size/MD5 checksum:    57156 d57b33ff85a8c4775c519bf6868e5dda\n\ns390 architecture (IBM S/390)\n\n  http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_s390.deb\n    Size/MD5 checksum:    49846 f0d66694ef6247958c18b753690d6cf6\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_s390.deb\n    Size/MD5 checksum:   293844 3f30774b20aada6f011ffeaaf0913ce9\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_s390.deb\n    Size/MD5 checksum:   177474 884dc57fdc438a4a735e123911bcb8dd\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_s390.deb\n    Size/MD5 checksum:   231424 620b24d7eafbb4851b1fd43c96a4445c\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_s390.deb\n    Size/MD5 checksum:    55402 35f4548f8da35b1e25de3bc650fe65c4\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_sparc.deb\n    Size/MD5 checksum:   280198 63347485f32c91c6b449ec33041cf343\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_sparc.deb\n    Size/MD5 checksum:    55224 e64c5173ddd48b8a80f37a8a92a4b8ef\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_sparc.deb\n    Size/MD5 checksum:   160138 a01d761068e08a849cf0aba5f8bf8115\n  http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_sparc.deb\n    Size/MD5 checksum:    49380 07dfbcef878e3d014e55bf7c070f722b\n  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_sparc.deb\n    Size/MD5 checksum:   224292 c31548079cc7b5aec519f66411cd0eeb\n\n\n  These files will probably be moved into the stable distribution on\n  its next update. \n \n Packages for 2008.0 and 2009.0 are provided as of the Extended\n Maintenance Program. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201209-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: libTIFF: Multiple vulnerabilities\n     Date: September 23, 2012\n     Bugs: #307001, #324885, #357271, #359871, #371308, #410931,\n           #422673, #427166\n       ID: 201209-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities in libTIFF could result in execution of\narbitrary code or Denial of Service. \n\nBackground\n==========\n\nlibTIFF provides support for reading and manipulating TIFF (Tagged\nImage File Format) images. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  media-libs/tiff             \u003c 4.0.2-r1              *\u003e= 3.9.5-r2\n                                                          \u003e= 4.0.2-r1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in libTIFF. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll libTIFF 4.0 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=media-libs/tiff-4.0.2-r1\"\n\nAll libTIFF 3.9 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=media-libs/tiff-3.9.5-r2\"\n\nReferences\n==========\n\n[  1 ] CVE-2009-2347\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2347\n[  2 ] CVE-2009-5022\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5022\n[  3 ] CVE-2010-1411\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1411\n[  4 ] CVE-2010-2065\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2065\n[  5 ] CVE-2010-2067\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2067\n[  6 ] CVE-2010-2233\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2233\n[  7 ] CVE-2010-2443\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2443\n[  8 ] CVE-2010-2481\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2481\n[  9 ] CVE-2010-2482\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2482\n[ 10 ] CVE-2010-2483\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2483\n[ 11 ] CVE-2010-2595\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2595\n[ 12 ] CVE-2010-2596\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2596\n[ 13 ] CVE-2010-2597\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2597\n[ 14 ] CVE-2010-2630\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2630\n[ 15 ] CVE-2010-2631\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2631\n[ 16 ] CVE-2010-3087\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3087\n[ 17 ] CVE-2010-4665\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4665\n[ 18 ] CVE-2011-0192\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0192\n[ 19 ] CVE-2011-0192\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0192\n[ 20 ] CVE-2011-1167\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1167\n[ 21 ] CVE-2011-1167\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1167\n[ 22 ] CVE-2012-1173\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1173\n[ 23 ] CVE-2012-2088\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2088\n[ 24 ] CVE-2012-2113\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2113\n[ 25 ] CVE-2012-3401\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3401\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201209-02.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory                         MDVSA-2010:146\n http://www.mandriva.com/security/\n _______________________________________________________________________\n\n Package : libtiff\n Date    : August 6, 2010\n Affected: 2010.0, 2010.1\n _______________________________________________________________________\n\n Problem Description:\n\n Multiple vulnerabilities has been discovered and corrected in libtiff:\n \n The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in\n ImageMagick, does not properly handle invalid ReferenceBlackWhite\n values, which allows remote attackers to cause a denial of service\n (application crash) via a crafted TIFF image that triggers an array\n index error, related to downsampled OJPEG input. (CVE-2010-2233). \n \n The updated packages have been patched to correct these issues. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2595\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1411\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2065\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2483\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2597\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2481\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2067\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2233\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2482\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2010.0:\n ceb7febb41b948977f6196b5bf31d538  2010.0/i586/libtiff3-3.9.1-4.1mdv2010.0.i586.rpm\n d38ee02dca1666e8d8f7c628e9debcbe  2010.0/i586/libtiff-devel-3.9.1-4.1mdv2010.0.i586.rpm\n e022bf3d3badddd3c480b4143a8cc2ec  2010.0/i586/libtiff-progs-3.9.1-4.1mdv2010.0.i586.rpm\n 6f18f9ce3d9582ea3f6f9ddd7b1680d8  2010.0/i586/libtiff-static-devel-3.9.1-4.1mdv2010.0.i586.rpm \n 69aa854e6935c2d111e44e84225f6f69  2010.0/SRPMS/libtiff-3.9.1-4.1mdv2010.0.src.rpm\n\n Mandriva Linux 2010.0/X86_64:\n 3965284cc51603cfdc0d9420104b8fd3  2010.0/x86_64/lib64tiff3-3.9.1-4.1mdv2010.0.x86_64.rpm\n 2768094532f4d1941ef66bae6da6ea15  2010.0/x86_64/lib64tiff-devel-3.9.1-4.1mdv2010.0.x86_64.rpm\n 2e08c6517abcf34dab75040fbee15212  2010.0/x86_64/lib64tiff-static-devel-3.9.1-4.1mdv2010.0.x86_64.rpm\n 3c81e78d3c389abcc370add6af857d12  2010.0/x86_64/libtiff-progs-3.9.1-4.1mdv2010.0.x86_64.rpm \n 69aa854e6935c2d111e44e84225f6f69  2010.0/SRPMS/libtiff-3.9.1-4.1mdv2010.0.src.rpm\n\n Mandriva Linux 2010.1:\n 0ddf3e069a91387a7d85ad5aacd1dd81  2010.1/i586/libtiff3-3.9.2-2.1mdv2010.1.i586.rpm\n 53d5d64cb3bb34a78d52776d42e0ed16  2010.1/i586/libtiff-devel-3.9.2-2.1mdv2010.1.i586.rpm\n e549b78e6658cb9a408454bf698e2ead  2010.1/i586/libtiff-progs-3.9.2-2.1mdv2010.1.i586.rpm\n 821179322f86ba6dcc96dd6afc48fd0f  2010.1/i586/libtiff-static-devel-3.9.2-2.1mdv2010.1.i586.rpm \n 31563b8124d1953b9c8849e0a63f5422  2010.1/SRPMS/libtiff-3.9.2-2.1mdv2010.1.src.rpm\n\n Mandriva Linux 2010.1/X86_64:\n e858e4c72c5191395d4db7f994ffd7c4  2010.1/x86_64/lib64tiff3-3.9.2-2.1mdv2010.1.x86_64.rpm\n 6bdce5697bc818f57cb56d22ce989b30  2010.1/x86_64/lib64tiff-devel-3.9.2-2.1mdv2010.1.x86_64.rpm\n daaf9562d71e8076e87578f25b8dbebe  2010.1/x86_64/lib64tiff-static-devel-3.9.2-2.1mdv2010.1.x86_64.rpm\n 36d9eef4dd2739944f05fe7edd4e76f8  2010.1/x86_64/libtiff-progs-3.9.2-2.1mdv2010.1.x86_64.rpm \n 31563b8124d1953b9c8849e0a63f5422  2010.1/SRPMS/libtiff-3.9.2-2.1mdv2010.1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFMXDLBmqjQ0CJFipgRAsxuAJ9WAKaIXwvgmXJzs8W+fgn2/2+E/gCg9RT9\n1DtIJJ4PJJj+9xrl7Yhsyw8=\n=Ov4p\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. ===========================================================\nUbuntu Security Notice USN-954-1              June 21, 2010\ntiff vulnerabilities\nCVE-2010-1411, CVE-2010-2065, CVE-2010-2067\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 8.04 LTS\nUbuntu 9.04\nUbuntu 9.10\nUbuntu 10.04 LTS\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n  libtiff4                        3.7.4-1ubuntu3.8\n\nUbuntu 8.04 LTS:\n  libtiff4                        3.8.2-7ubuntu3.6\n\nUbuntu 9.04:\n  libtiff4                        3.8.2-11ubuntu0.9.04.6\n\nUbuntu 9.10:\n  libtiff4                        3.8.2-13ubuntu0.3\n\nUbuntu 10.04 LTS:\n  libtiff4                        3.9.2-2ubuntu0.3\n\nAfter a standard system update you need to restart your session to make\nall the necessary changes. \n\nDetails follow:\n\nKevin Finisterre discovered that the TIFF library did not correctly handle\ncertain image structures. (CVE-2010-1411)\n\nDan Rosenberg and Sauli Pahlman discovered multiple flaws in the TIFF\nlibrary. (Only Ubuntu 10.04 LTS was affected.) (CVE-2010-2065,\nCVE-2010-2067)\n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n  Source archives:\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.8.diff.gz\n      Size/MD5:    23040 b840c801a3d7fc4d0a1053d6fabbe707\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.8.dsc\n      Size/MD5:      803 d68889478f2962e9b31033bebc892e89\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4.orig.tar.gz\n      Size/MD5:  1280113 02cf5c3820bda83b35bb35b45ae27005\n\n  amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.8_amd64.deb\n      Size/MD5:   221050 4d3f5ef363350aa5ade8af964f8cb3ab\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.8_amd64.deb\n      Size/MD5:   282864 3ab150b16046d29337ba739f09ffee98\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.8_amd64.deb\n      Size/MD5:   476068 717cb178af7ec2759268c50fd9257300\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.8_amd64.deb\n      Size/MD5:    44808 e94b7ae7d8c4ed4125db7276f84df640\n    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.8_amd64.deb\n      Size/MD5:    49990 ad2f88b3d31e6ce02cc727f834f67fa6\n\n  i386 architecture (x86 compatible Intel/AMD):\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.8_i386.deb\n      Size/MD5:   206022 713177b3875929efae2c3ff8089067a4\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.8_i386.deb\n      Size/MD5:   259564 da2b2a54a49072deb1099928d4d21e4f\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.8_i386.deb\n      Size/MD5:   462376 7672d9dab7dfb1c1f80465aedb91c68e\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.8_i386.deb\n      Size/MD5:    44808 6b927f6f57aa78861af48514ddac5918\n    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.8_i386.deb\n      Size/MD5:    49330 5206a97516a0b6f76e423c2f90b8cfee\n\n  powerpc architecture (Apple Macintosh G3/G4/G5):\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.8_powerpc.deb\n      Size/MD5:   239948 68f3cdaac63717128344589f976ae975\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.8_powerpc.deb\n      Size/MD5:   288748 96e81fafcef3b4245c80ced08cc5752a\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.8_powerpc.deb\n      Size/MD5:   476678 9ee3902c1570f7b9cb458e6ed844abb1\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.8_powerpc.deb\n      Size/MD5:    47040 399804bdbcfbd3d38b976957ffec738b\n    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.8_powerpc.deb\n      Size/MD5:    51672 ba92c41d9105bb80729ff263f7955e63\n\n  sparc architecture (Sun SPARC/UltraSPARC):\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.8_sparc.deb\n      Size/MD5:   208940 c67ceaa5d1c09987d580c438874c17f6\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.8_sparc.deb\n      Size/MD5:   270628 7df1a1ad75e42a84af970eab83163089\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.8_sparc.deb\n      Size/MD5:   467240 2b85c23af3d8b6c9a82e65736949c131\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.8_sparc.deb\n      Size/MD5:    44742 e69373d50bf9c942cbf6d8825bca352b\n    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.8_sparc.deb\n      Size/MD5:    49878 e8d0bef67675fdb392e77625f435d219\n\nUpdated packages for Ubuntu 8.04 LTS:\n\n  Source archives:\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu3.6.diff.gz\n      Size/MD5:    21457 7abcb4908ccce79993653514228664a7\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu3.6.dsc\n      Size/MD5:      899 0a7f751ae5fd3a5cb4dbbef7ab8beba1\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2.orig.tar.gz\n      Size/MD5:  1333780 e6ec4ab957ef49d5aabc38b7a376910b\n\n  amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.6_amd64.deb\n      Size/MD5:   186468 23fd6541a3233e1bb4cda603aaa78284\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.6_amd64.deb\n      Size/MD5:   571232 95be000d64194a48d01273015edde173\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.6_amd64.deb\n      Size/MD5:   131246 c272d2494f48d401a6390ef591770e2a\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.6_amd64.deb\n      Size/MD5:     5074 aab0bfd607ea51554611263913f5de9a\n    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.6_amd64.deb\n      Size/MD5:    10498 6ca030143c795181a60c4839614ab325\n\n  i386 architecture (x86 compatible Intel/AMD):\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.6_i386.deb\n      Size/MD5:   175322 65ce19d8e649dd9213fdd45dfa10c090\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.6_i386.deb\n      Size/MD5:   552732 64759cd5ab6f5f9b4afbc32dbbff901d\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.6_i386.deb\n      Size/MD5:   123000 f58e75e4d5e334b476fd100ba33edf72\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.6_i386.deb\n      Size/MD5:     5042 586e14ed6fef1ce1eda11624b297f97f\n    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.6_i386.deb\n      Size/MD5:     9940 65217cbdc3ed7c176ab115834d34030e\n\n  lpia architecture (Low Power Intel Architecture):\n\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.6_lpia.deb\n      Size/MD5:   177018 da50f84cda9ef32d65a5f28ac7e04d8c\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.6_lpia.deb\n      Size/MD5:   555182 e7e9c90796c183e66bf34d72837e49c3\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.6_lpia.deb\n      Size/MD5:   124212 e8439778d4c95a5ad750b9d69a6eb309\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.6_lpia.deb\n      Size/MD5:     4916 09d01db63f70bd66c3a92720ad888281\n    http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.6_lpia.deb\n      Size/MD5:     9980 4bd91c80378208cd35678ead71081ab6\n\n  powerpc architecture (Apple Macintosh G3/G4/G5):\n\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.6_powerpc.deb\n      Size/MD5:   223478 71bdc0445e1e63b91ecd6d5cdb3d362c\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.6_powerpc.deb\n      Size/MD5:   577308 c893f853e3d834379fe34e6d98541500\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.6_powerpc.deb\n      Size/MD5:   134610 5ca1d77cac23b098008d3079e3d462a4\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.6_powerpc.deb\n      Size/MD5:     7510 d920d8082d30de0499af5038556fbaa7\n    http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.6_powerpc.deb\n      Size/MD5:    13286 2cf13645039e3ef9ae085f33b709ec60\n\n  sparc architecture (Sun SPARC/UltraSPARC):\n\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.6_sparc.deb\n      Size/MD5:   178868 16fd5d7a68d5c119f1cfcfbc7d0f720b\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.6_sparc.deb\n      Size/MD5:   558590 cef1b1501e6b71beb717da7f110a9829\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.6_sparc.deb\n      Size/MD5:   122704 1f07fe414230660e0608a4753f5fa456\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.6_sparc.deb\n      Size/MD5:     4804 836d935afee73d163417e77eae1b5eba\n    http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.6_sparc.deb\n      Size/MD5:    10700 0ff671fb6a490f6bbf318bc566b9b68e\n\nUpdated packages for Ubuntu 9.04:\n\n  Source archives:\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-11ubuntu0.9.04.6.diff.gz\n      Size/MD5:    41278 b5e24df5393ac8d3f0c4ea3f065ae4b3\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-11ubuntu0.9.04.6.dsc\n      Size/MD5:     1367 fd03c6190254db93870f7ccd575272d1\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2.orig.tar.gz\n      Size/MD5:  1333780 e6ec4ab957ef49d5aabc38b7a376910b\n\n  Architecture independent packages:\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.8.2-11ubuntu0.9.04.6_all.deb\n      Size/MD5:   334870 026f8704147696147176f69e92682c28\n\n  amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-11ubuntu0.9.04.6_amd64.deb\n      Size/MD5:   191638 c93bc89ad72f5c63476d9fe3ecf5ca0d\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-11ubuntu0.9.04.6_amd64.deb\n      Size/MD5:   250894 d997f30871a19214988da6cd251328b9\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-11ubuntu0.9.04.6_amd64.deb\n      Size/MD5:   134574 80146acc32c9391baf2ce1c3a8e519c8\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-11ubuntu0.9.04.6_amd64.deb\n      Size/MD5:     6284 bd1c39ad7746d911e30871c8939d3988\n    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-11ubuntu0.9.04.6_amd64.deb\n      Size/MD5:    11902 d12ea8aabdc9a7e67d998115c49e902f\n\n  i386 architecture (x86 compatible Intel/AMD):\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-11ubuntu0.9.04.6_i386.deb\n      Size/MD5:   176254 38eef2617f8e1fc8b8fbfce314e0d3e9\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-11ubuntu0.9.04.6_i386.deb\n      Size/MD5:   233732 1d104561bc6950d1b7cadbab771f353c\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-11ubuntu0.9.04.6_i386.deb\n      Size/MD5:   126548 22359cfdca9c56ff2fb01853315f2639\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-11ubuntu0.9.04.6_i386.deb\n      Size/MD5:     6274 de4dccef0ce17f4a698aba609b33e73c\n    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-11ubuntu0.9.04.6_i386.deb\n      Size/MD5:    11244 2297033448604abce36ceed918685799\n\n  lpia architecture (Low Power Intel Architecture):\n\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-11ubuntu0.9.04.6_lpia.deb\n      Size/MD5:   178544 7895fa9f7ed7e6310953384cf14b44ac\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-11ubuntu0.9.04.6_lpia.deb\n      Size/MD5:   236174 a49ffa36dcd626470f6406945f2a9b07\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-11ubuntu0.9.04.6_lpia.deb\n      Size/MD5:   128182 c15737bbdb79e4ad6747ff1122c9010a\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-11ubuntu0.9.04.6_lpia.deb\n      Size/MD5:     6132 6c41518edbf30a79fa5c619da6345a2c\n    http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-11ubuntu0.9.04.6_lpia.deb\n      Size/MD5:    11280 45e30b64c92200cc30ff35c076734f7c\n\n  powerpc architecture (Apple Macintosh G3/G4/G5):\n\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-11ubuntu0.9.04.6_powerpc.deb\n      Size/MD5:   221288 3592d9842997a658007ac326caaed2a7\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-11ubuntu0.9.04.6_powerpc.deb\n      Size/MD5:   256768 834993c1049aca8c12420b92c92f28fb\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-11ubuntu0.9.04.6_powerpc.deb\n      Size/MD5:   137538 49b4a1e944f909ca495b525c2633a735\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-11ubuntu0.9.04.6_powerpc.deb\n      Size/MD5:     8730 01803cafeea784dbc818a5e0b280722f\n    http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-11ubuntu0.9.04.6_powerpc.deb\n      Size/MD5:    14234 2ba3cc6f57abce5c990eef8d7c6fbceb\n\n  sparc architecture (Sun SPARC/UltraSPARC):\n\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-11ubuntu0.9.04.6_sparc.deb\n      Size/MD5:   183806 f2a9bbe1f571d06e74fc955ac8f59b72\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-11ubuntu0.9.04.6_sparc.deb\n      Size/MD5:   238044 12858b8bde77b383f1089e8989394b38\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-11ubuntu0.9.04.6_sparc.deb\n      Size/MD5:   124424 bf09c05c0bc3ec5c21ebdefbb095faa6\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-11ubuntu0.9.04.6_sparc.deb\n      Size/MD5:     5978 952a5bf270a59b0f873dd1c6a1f67175\n    http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-11ubuntu0.9.04.6_sparc.deb\n      Size/MD5:    12022 629b0b70778ecd8fe824f3254cf27b90\n\nUpdated packages for Ubuntu 9.10:\n\n  Source archives:\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-13ubuntu0.3.diff.gz\n      Size/MD5:    41121 c0ab3072d29ea0360ba47217778d4901\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-13ubuntu0.3.dsc\n      Size/MD5:     1343 03d22a022fc88888d9d8935e0df737bf\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2.orig.tar.gz\n      Size/MD5:  1333780 e6ec4ab957ef49d5aabc38b7a376910b\n\n  Architecture independent packages:\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.8.2-13ubuntu0.3_all.deb\n      Size/MD5:   334670 5cc39d1960ed0eaa84b0cef574f9019a\n\n  amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.3_amd64.deb\n      Size/MD5:   193172 904b26a40f81337d896afb4dc99b6dac\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.3_amd64.deb\n      Size/MD5:   251358 a2c45975bc8789e05a1fac873c54afdb\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.3_amd64.deb\n      Size/MD5:   135204 747b17ea960047cfe980951780e16343\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.3_amd64.deb\n      Size/MD5:     6330 1784c3b86fe6a9a68f8411b7ad816d4a\n    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.3_amd64.deb\n      Size/MD5:    12006 24240bf743cd23ce670b4b486a7408a6\n\n  i386 architecture (x86 compatible Intel/AMD):\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.3_i386.deb\n      Size/MD5:   175842 008409a183baa37db8c1c45a8f094a44\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.3_i386.deb\n      Size/MD5:   231870 56bb188c4596af1b901be03032d9a617\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.3_i386.deb\n      Size/MD5:   124248 3708797ed53d0d0b58769ff729ff18c0\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.3_i386.deb\n      Size/MD5:     6446 cb3263d1be21404f7cb72866fdf6ad2a\n    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.3_i386.deb\n      Size/MD5:    11302 628741204ad187f2d66f724c49ee47f7\n\n  lpia architecture (Low Power Intel Architecture):\n\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.3_lpia.deb\n      Size/MD5:   177048 64a59e0441238751d0e74e47e414d27e\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.3_lpia.deb\n      Size/MD5:   234210 73343fb5872ff0d51c90ffc1cc841c9f\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.3_lpia.deb\n      Size/MD5:   125892 2f7f51f21359bec31fdb219176d46517\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.3_lpia.deb\n      Size/MD5:     6314 5bd86ff35a7592a8cb6cc4fe5a19073f\n    http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.3_lpia.deb\n      Size/MD5:    11342 36a53ad5737a7381f123f9ba65efb694\n\n  powerpc architecture (Apple Macintosh G3/G4/G5):\n\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.3_powerpc.deb\n      Size/MD5:   191502 c6b963c4009baaa04afe123c7ec99f9c\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.3_powerpc.deb\n      Size/MD5:   256282 8110d1fade42b772fbc2072ea209eb97\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.3_powerpc.deb\n      Size/MD5:   136778 dbba3ac2c70dbf380fe242bd68c53fa3\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.3_powerpc.deb\n      Size/MD5:     6736 1f111239548e12c69db166e59a190b3c\n    http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.3_powerpc.deb\n      Size/MD5:    12086 0d49955b527ff8a6ff4943120ba553c5\n\n  sparc architecture (Sun SPARC/UltraSPARC):\n\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.3_sparc.deb\n      Size/MD5:   184286 06388a8d95b34d4bfb7247c47c07906c\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.3_sparc.deb\n      Size/MD5:   236968 4208eb62edba48bbd6d280eedda2a0a4\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.3_sparc.deb\n      Size/MD5:   124514 a6446a90d3e9d5629f8105603c9474dd\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.3_sparc.deb\n      Size/MD5:     6100 76a69eccc98c82be32b0481df58d3de9\n    http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.3_sparc.deb\n      Size/MD5:    12026 c23e8ab257390fe565ebf103a8edaeb9\n\nUpdated packages for Ubuntu 10.04:\n\n  Source archives:\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2-2ubuntu0.3.diff.gz\n      Size/MD5:    17310 779fdd57e79090bedcec10b26eaf08ec\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2-2ubuntu0.3.dsc\n      Size/MD5:     1339 7d001b20ea0677cb63bbb4becf8ff69f\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2.orig.tar.gz\n      Size/MD5:  1419742 93e56e421679c591de7552db13384cb8\n\n  Architecture independent packages:\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.9.2-2ubuntu0.3_all.deb\n      Size/MD5:   342306 e17c62cb61768cd0885bd5c71caa7f67\n\n  amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.3_amd64.deb\n      Size/MD5:   252274 0b359ab56d43865968c690765ef96a23\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.3_amd64.deb\n      Size/MD5:   269444 364252fef2d31f9a59be006a60c6794e\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.3_amd64.deb\n      Size/MD5:   148610 19d95336d35bffd635787ac1174c6716\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.3_amd64.deb\n      Size/MD5:     6390 7236b5c267df2ae7fbb805768c4d6314\n    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.3_amd64.deb\n      Size/MD5:    12034 ad15f0ac0f19016a4498c3f22f90de43\n\n  i386 architecture (x86 compatible Intel/AMD):\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.3_i386.deb\n      Size/MD5:   232412 def529fa30067e222a10ce03fb4651e2\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.3_i386.deb\n      Size/MD5:   246484 3f78b62e3e411a05fcf9f97a9f77f21c\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.3_i386.deb\n      Size/MD5:   136176 0fae675d248b4ab7cf77018d860a55ce\n    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.3_i386.deb\n      Size/MD5:     6492 fb5a44eaef7ee218d83a4482bd331c69\n    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.3_i386.deb\n      Size/MD5:    11290 c9ee0da107d51715c41bc5513a302532\n\n  powerpc architecture (Apple Macintosh G3/G4/G5):\n\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.3_powerpc.deb\n      Size/MD5:   253470 7fbf59b850974984a419f752830da31b\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.3_powerpc.deb\n      Size/MD5:   275072 a174c0a69bbe402b3d17a0085e69952d\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.3_powerpc.deb\n      Size/MD5:   150222 e460e28329d5754c4670647d08a2c9fb\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.3_powerpc.deb\n      Size/MD5:     6774 f5f491424e932a100199e8274d7b8eef\n    http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.3_powerpc.deb\n      Size/MD5:    12098 c18d01ecf566a05ef689b2224bf0c343\n\n  sparc architecture (Sun SPARC/UltraSPARC):\n\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.3_sparc.deb\n      Size/MD5:   248748 fc6cc955db82161bffe7ebf0dd5a4aea\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.3_sparc.deb\n      Size/MD5:   257150 ccb51b6b25aa92dc09140d0fda8ef2b5\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.3_sparc.deb\n      Size/MD5:   142870 5644962072cf924c15a559f9a0f00ddc\n    http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.3_sparc.deb\n      Size/MD5:     6238 d11701e3eb25d8201e363314c5ea4bbb\n    http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.3_sparc.deb\n      Size/MD5:    11922 be82dd608f5e01be8117b48eaa567ca0\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-1411"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001651"
      },
      {
        "db": "BID",
        "id": "40823"
      },
      {
        "db": "VULHUB",
        "id": "VHN-44016"
      },
      {
        "db": "VULMON",
        "id": "CVE-2010-1411"
      },
      {
        "db": "PACKETSTORM",
        "id": "92361"
      },
      {
        "db": "PACKETSTORM",
        "id": "92522"
      },
      {
        "db": "PACKETSTORM",
        "id": "116799"
      },
      {
        "db": "PACKETSTORM",
        "id": "92523"
      },
      {
        "db": "PACKETSTORM",
        "id": "90903"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2010-1411",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "40823",
        "trust": 2.3
      },
      {
        "db": "SECUNIA",
        "id": "40181",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "40220",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "40196",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1024103",
        "trust": 2.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-1435",
        "trust": 2.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-1512",
        "trust": 2.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-1481",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "50726",
        "trust": 1.2
      },
      {
        "db": "SECUNIA",
        "id": "40536",
        "trust": 1.2
      },
      {
        "db": "SECUNIA",
        "id": "40527",
        "trust": 1.2
      },
      {
        "db": "SECUNIA",
        "id": "40381",
        "trust": 1.2
      },
      {
        "db": "SECUNIA",
        "id": "40478",
        "trust": 1.2
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-1761",
        "trust": 1.2
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-1731",
        "trust": 1.2
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-1638",
        "trust": 1.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001651",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201006-294",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2340",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "92361",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "90903",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-44016",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2010-1411",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "92522",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "116799",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "92523",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-44016"
      },
      {
        "db": "VULMON",
        "id": "CVE-2010-1411"
      },
      {
        "db": "BID",
        "id": "40823"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001651"
      },
      {
        "db": "PACKETSTORM",
        "id": "92361"
      },
      {
        "db": "PACKETSTORM",
        "id": "92522"
      },
      {
        "db": "PACKETSTORM",
        "id": "116799"
      },
      {
        "db": "PACKETSTORM",
        "id": "92523"
      },
      {
        "db": "PACKETSTORM",
        "id": "90903"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201006-294"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1411"
      }
    ]
  },
  "id": "VAR-201006-1232",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-44016"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T19:34:47.203000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT4188",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4188"
      },
      {
        "title": "HT4196",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4196"
      },
      {
        "title": "HT4220",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4220"
      },
      {
        "title": "HT4188",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4188?viewlocale=ja_jp"
      },
      {
        "title": "HT4196",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4196?viewlocale=ja_jp"
      },
      {
        "title": "HT4220",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4220?viewlocale=ja_jp"
      },
      {
        "title": "libtiff-3.8.2-7.5.0.1.AXS3",
        "trust": 0.8,
        "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=1208"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.remotesensing.org/libtiff"
      },
      {
        "title": "2077",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=2077"
      },
      {
        "title": "2107",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=2107"
      },
      {
        "title": "RHSA-2010:0520",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2010-0520.html"
      },
      {
        "title": "RHSA-2010:0519",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2010-0519.html"
      },
      {
        "title": "Security Update 2010-004 (Leopard-Server)",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=3702"
      },
      {
        "title": "Mac OS X v10.6.4 Update Mac mini (Mid 2010)",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=3706"
      },
      {
        "title": "Mac OS X v10.6.4 Update (Combo)",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=3705"
      },
      {
        "title": "Mac OS X Server v10.6.4 Update Mac mini (Mid 2010)",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=3709"
      },
      {
        "title": "Mac OS X v10.6.4 Update",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=3704"
      },
      {
        "title": "Mac OS X Server v10.6.4 Update (Combo)",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=3708"
      },
      {
        "title": "Security Update 2010-004 (Leopard-Client)",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=3703"
      },
      {
        "title": "Mac OS X Server v10.6.4 Update",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=3707"
      },
      {
        "title": "Debian Security Advisories: DSA-2084-1 tiff -- integer overflows",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=cb629b16ae5c0ef923a9bd4a1d632e9a"
      },
      {
        "title": "Ubuntu Security Notice: tiff vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-954-1"
      },
      {
        "title": "httpfuzz-robomiller",
        "trust": 0.1,
        "url": "https://github.com/mavproxyuser/httpfuzz-robomiller "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/khulnasoft-labs/awesome-security "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2010-1411"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001651"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201006-294"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-189",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-44016"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001651"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1411"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://www.securityfocus.com/bid/40823"
      },
      {
        "trust": 2.0,
        "url": "http://securitytracker.com/id?1024103"
      },
      {
        "trust": 2.0,
        "url": "http://secunia.com/advisories/40181"
      },
      {
        "trust": 2.0,
        "url": "http://secunia.com/advisories/40196"
      },
      {
        "trust": 2.0,
        "url": "http://secunia.com/advisories/40220"
      },
      {
        "trust": 2.0,
        "url": "http://www.vupen.com/english/advisories/2010/1435"
      },
      {
        "trust": 2.0,
        "url": "http://www.vupen.com/english/advisories/2010/1481"
      },
      {
        "trust": 2.0,
        "url": "http://www.vupen.com/english/advisories/2010/1512"
      },
      {
        "trust": 1.5,
        "url": "http://www.remotesensing.org/libtiff/v3.9.3.html"
      },
      {
        "trust": 1.3,
        "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
      },
      {
        "trust": 1.2,
        "url": "http://lists.apple.com/archives/security-announce/2010//jun/msg00001.html"
      },
      {
        "trust": 1.2,
        "url": "http://lists.apple.com/archives/security-announce/2010//jun/msg00002.html"
      },
      {
        "trust": 1.2,
        "url": "http://support.apple.com/kb/ht4188"
      },
      {
        "trust": 1.2,
        "url": "http://support.apple.com/kb/ht4196"
      },
      {
        "trust": 1.2,
        "url": "http://support.apple.com/kb/ht4220"
      },
      {
        "trust": 1.2,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=592361"
      },
      {
        "trust": 1.2,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-july/043769.html"
      },
      {
        "trust": 1.2,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-july/043835.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.redhat.com/support/errata/rhsa-2010-0519.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.redhat.com/support/errata/rhsa-2010-0520.html"
      },
      {
        "trust": 1.2,
        "url": "http://secunia.com/advisories/40381"
      },
      {
        "trust": 1.2,
        "url": "http://secunia.com/advisories/40478"
      },
      {
        "trust": 1.2,
        "url": "http://secunia.com/advisories/40527"
      },
      {
        "trust": 1.2,
        "url": "http://secunia.com/advisories/40536"
      },
      {
        "trust": 1.2,
        "url": "http://secunia.com/advisories/50726"
      },
      {
        "trust": 1.2,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.ubuntu.com/usn/usn-954-1"
      },
      {
        "trust": 1.2,
        "url": "http://www.vupen.com/english/advisories/2010/1638"
      },
      {
        "trust": 1.2,
        "url": "http://www.vupen.com/english/advisories/2010/1731"
      },
      {
        "trust": 1.2,
        "url": "http://www.vupen.com/english/advisories/2010/1761"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=oss-security\u0026m=127731610612908\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.596424"
      },
      {
        "trust": 1.0,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1411"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1411"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2340/"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1411"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2065"
      },
      {
        "trust": 0.3,
        "url": "http://www.libtiff.org/"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/css/p8/documents/100093705"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2597"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2595"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2483"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2481"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2067"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.2,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2595"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2597"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2483"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2481"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2065"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2482"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2233"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=oss-security\u0026amp;m=127731610612908\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026amp;y=2010\u0026amp;m=slackware-security.596424"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/189.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/mavproxyuser/httpfuzz-robomiller"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/./dsa-2084"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/954-1/"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_alpha.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_mipsel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2-11.3.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_hppa.deb"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_mips.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_mipsel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_hppa.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_s390.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_alpha.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_mips.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_mips.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_mipsel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_s390.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_mips.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_mips.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_mipsel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_s390.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_mipsel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_alpha.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_hppa.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_alpha.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_hppa.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_s390.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_hppa.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://packages.debian.org/\u003cpkg\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_alpha.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_s390.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2-11.3.tar.gz"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-doc_3.8.2-11.3_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://store.mandriva.com/product_info.php?cpath=149\u0026products_id=490"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2443"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-5022"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2347"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1167"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3401"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1167"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2113"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2482"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2597"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3401"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2596"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2595"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3087"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2631"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1173"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2347"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2088"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2233"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4665"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0192"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2483"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2088"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2065"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-5022"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2630"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2443"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2113"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2067"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2481"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4665"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1173"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2631"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2596"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2630"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1411"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3087"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0192"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2482"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2067"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2233"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu3.6.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2.orig.tar.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.8_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.8_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.3_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.8_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.3_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.8_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.3_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.3_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-11ubuntu0.9.04.6_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.8_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.3_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.3_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.3_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.6_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.6_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.9.2-2ubuntu0.3_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.3_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.6_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-11ubuntu0.9.04.6_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.3_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.6_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.3_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.3_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-11ubuntu0.9.04.6_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.6_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-11ubuntu0.9.04.6_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-11ubuntu0.9.04.6_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-11ubuntu0.9.04.6_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4.orig.tar.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.8_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.3_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.3_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.3_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.6_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-11ubuntu0.9.04.6_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-11ubuntu0.9.04.6_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.8_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-11ubuntu0.9.04.6_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-11ubuntu0.9.04.6_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.3_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.8_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.8_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.6_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.3_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.3_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-11ubuntu0.9.04.6_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.8_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-11ubuntu0.9.04.6_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.8_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.8_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.3_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.3_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-11ubuntu0.9.04.6.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.3_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.3_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-13ubuntu0.3.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.6_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.3_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.8.2-11ubuntu0.9.04.6_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu3.6.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.3_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.3_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-11ubuntu0.9.04.6_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.6_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-11ubuntu0.9.04.6_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.3_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.8.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-11ubuntu0.9.04.6_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-11ubuntu0.9.04.6_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.6_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-11ubuntu0.9.04.6_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.3_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.8.2-13ubuntu0.3_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.3_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.6_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-11ubuntu0.9.04.6_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.6_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.8_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.6_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.8_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.6_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.6_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.3_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.3_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.8_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-11ubuntu0.9.04.6_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2-2ubuntu0.3.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.3_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.8_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.3_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.8_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.3_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.6_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.6_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.6_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.3_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.6_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-11ubuntu0.9.04.6_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.3_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.3_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.3_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.3_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.3_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-11ubuntu0.9.04.6_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.6_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.6_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-11ubuntu0.9.04.6_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.8_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.3_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2.orig.tar.gz"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.3_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-11ubuntu0.9.04.6_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.6_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-11ubuntu0.9.04.6.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.8.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.6_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.6_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.8_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.3_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.3_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.3_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.6_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.3_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.8_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2-2ubuntu0.3.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-11ubuntu0.9.04.6_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-13ubuntu0.3.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.3_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-11ubuntu0.9.04.6_lpia.deb"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-44016"
      },
      {
        "db": "VULMON",
        "id": "CVE-2010-1411"
      },
      {
        "db": "BID",
        "id": "40823"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001651"
      },
      {
        "db": "PACKETSTORM",
        "id": "92361"
      },
      {
        "db": "PACKETSTORM",
        "id": "92522"
      },
      {
        "db": "PACKETSTORM",
        "id": "116799"
      },
      {
        "db": "PACKETSTORM",
        "id": "92523"
      },
      {
        "db": "PACKETSTORM",
        "id": "90903"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201006-294"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1411"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-44016"
      },
      {
        "db": "VULMON",
        "id": "CVE-2010-1411"
      },
      {
        "db": "BID",
        "id": "40823"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001651"
      },
      {
        "db": "PACKETSTORM",
        "id": "92361"
      },
      {
        "db": "PACKETSTORM",
        "id": "92522"
      },
      {
        "db": "PACKETSTORM",
        "id": "116799"
      },
      {
        "db": "PACKETSTORM",
        "id": "92523"
      },
      {
        "db": "PACKETSTORM",
        "id": "90903"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201006-294"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1411"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-06-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-44016"
      },
      {
        "date": "2010-06-17T00:00:00",
        "db": "VULMON",
        "id": "CVE-2010-1411"
      },
      {
        "date": "2010-06-11T00:00:00",
        "db": "BID",
        "id": "40823"
      },
      {
        "date": "2010-07-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-001651"
      },
      {
        "date": "2010-08-03T14:30:41",
        "db": "PACKETSTORM",
        "id": "92361"
      },
      {
        "date": "2010-08-06T19:37:01",
        "db": "PACKETSTORM",
        "id": "92522"
      },
      {
        "date": "2012-09-24T15:01:54",
        "db": "PACKETSTORM",
        "id": "116799"
      },
      {
        "date": "2010-08-06T19:38:19",
        "db": "PACKETSTORM",
        "id": "92523"
      },
      {
        "date": "2010-06-23T05:46:05",
        "db": "PACKETSTORM",
        "id": "90903"
      },
      {
        "date": "2010-06-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201006-294"
      },
      {
        "date": "2010-06-17T16:30:01.810000",
        "db": "NVD",
        "id": "CVE-2010-1411"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-05-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-44016"
      },
      {
        "date": "2013-05-15T00:00:00",
        "db": "VULMON",
        "id": "CVE-2010-1411"
      },
      {
        "date": "2015-04-13T21:41:00",
        "db": "BID",
        "id": "40823"
      },
      {
        "date": "2010-08-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-001651"
      },
      {
        "date": "2020-07-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201006-294"
      },
      {
        "date": "2013-05-15T03:08:28.183000",
        "db": "NVD",
        "id": "CVE-2010-1411"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "92522"
      },
      {
        "db": "PACKETSTORM",
        "id": "92523"
      },
      {
        "db": "PACKETSTORM",
        "id": "90903"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201006-294"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "LibTIFF of  FAX3 Decoder  Fax3SetupState Integer overflow vulnerability in functions",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001651"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "digital error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201006-294"
      }
    ],
    "trust": 0.6
  }
}

var-201803-0061
Vulnerability from variot

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5314. Reason: This candidate is a reservation duplicate of CVE-2016-5314. Notes: All CVE users should reference CVE-2016-5314 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. libTIFF is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of an application using the affected library. Failed exploit attempts will result in a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: libtiff security update Advisory ID: RHSA-2016:1546-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1546.html Issue date: 2016-08-02 CVE Names: CVE-2014-8127 CVE-2014-8129 CVE-2014-8130 CVE-2014-9330 CVE-2014-9655 CVE-2015-1547 CVE-2015-7554 CVE-2015-8665 CVE-2015-8668 CVE-2015-8683 CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2015-8784 CVE-2016-3632 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5320 =====================================================================

  1. Summary:

An update for libtiff is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

Security Fix(es):

  • Multiple flaws have been discovered in libtiff. (CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320)

  • Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991)

  • Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running applications linked against libtiff must be restarted for this update to take effect.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1177893 - CVE-2014-9330 libtiff: Out-of-bounds reads followed by a crash in bmp2tiff 1185805 - CVE-2014-8127 libtiff: out-of-bounds read with malformed TIFF image in multiple tools 1185815 - CVE-2014-8129 libtiff: out-of-bounds read/write with malformed TIFF image in tiff2pdf 1185817 - CVE-2014-8130 libtiff: divide by zero in the tiffdither tool 1190703 - CVE-2014-9655 libtiff: use of uninitialized memory in putcontig8bitYCbCr21tile and NeXTDecode 1190709 - CVE-2015-1547 libtiff: use of uninitialized memory in NeXTDecode 1294417 - CVE-2015-7554 libtiff: Invalid-write in _TIFFVGetField() when parsing some extension tags 1294425 - CVE-2015-8668 libtiff: OOB read in bmp2tiff 1294427 - CVE-2015-8683 libtiff: Out-of-bounds when reading CIE Lab image format files 1294444 - CVE-2015-8665 libtiff: Out-of-bounds read in tif_getimage.c 1301649 - CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 libtiff: invalid assertion 1301652 - CVE-2015-8784 libtiff: out-of-bound write in NeXTDecode() 1325093 - CVE-2016-3945 libtiff: out-of-bounds write in the tiff2rgba tool 1325095 - CVE-2016-3632 libtiff: out-of-bounds write in _TIFFVGetField function 1326246 - CVE-2016-3990 libtiff: out-of-bounds write in horizontalDifference8() 1326249 - CVE-2016-3991 libtiff: out-of-bounds write in loadImage() function 1346687 - CVE-2016-5320 libtiff: Out-of-bounds write in PixarLogDecode() function in tif_pixarlog.c

  1. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source: libtiff-4.0.3-25.el7_2.src.rpm

x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: libtiff-4.0.3-25.el7_2.src.rpm

x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: libtiff-4.0.3-25.el7_2.src.rpm

ppc64: libtiff-4.0.3-25.el7_2.ppc.rpm libtiff-4.0.3-25.el7_2.ppc64.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc64.rpm libtiff-devel-4.0.3-25.el7_2.ppc.rpm libtiff-devel-4.0.3-25.el7_2.ppc64.rpm

ppc64le: libtiff-4.0.3-25.el7_2.ppc64le.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc64le.rpm libtiff-devel-4.0.3-25.el7_2.ppc64le.rpm

s390x: libtiff-4.0.3-25.el7_2.s390.rpm libtiff-4.0.3-25.el7_2.s390x.rpm libtiff-debuginfo-4.0.3-25.el7_2.s390.rpm libtiff-debuginfo-4.0.3-25.el7_2.s390x.rpm libtiff-devel-4.0.3-25.el7_2.s390.rpm libtiff-devel-4.0.3-25.el7_2.s390x.rpm

x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: libtiff-debuginfo-4.0.3-25.el7_2.ppc.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc64.rpm libtiff-static-4.0.3-25.el7_2.ppc.rpm libtiff-static-4.0.3-25.el7_2.ppc64.rpm libtiff-tools-4.0.3-25.el7_2.ppc64.rpm

ppc64le: libtiff-debuginfo-4.0.3-25.el7_2.ppc64le.rpm libtiff-static-4.0.3-25.el7_2.ppc64le.rpm libtiff-tools-4.0.3-25.el7_2.ppc64le.rpm

s390x: libtiff-debuginfo-4.0.3-25.el7_2.s390.rpm libtiff-debuginfo-4.0.3-25.el7_2.s390x.rpm libtiff-static-4.0.3-25.el7_2.s390.rpm libtiff-static-4.0.3-25.el7_2.s390x.rpm libtiff-tools-4.0.3-25.el7_2.s390x.rpm

x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: libtiff-4.0.3-25.el7_2.src.rpm

x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2014-8127 https://access.redhat.com/security/cve/CVE-2014-8129 https://access.redhat.com/security/cve/CVE-2014-8130 https://access.redhat.com/security/cve/CVE-2014-9330 https://access.redhat.com/security/cve/CVE-2014-9655 https://access.redhat.com/security/cve/CVE-2015-1547 https://access.redhat.com/security/cve/CVE-2015-7554 https://access.redhat.com/security/cve/CVE-2015-8665 https://access.redhat.com/security/cve/CVE-2015-8668 https://access.redhat.com/security/cve/CVE-2015-8683 https://access.redhat.com/security/cve/CVE-2015-8781 https://access.redhat.com/security/cve/CVE-2015-8782 https://access.redhat.com/security/cve/CVE-2015-8783 https://access.redhat.com/security/cve/CVE-2015-8784 https://access.redhat.com/security/cve/CVE-2016-3632 https://access.redhat.com/security/cve/CVE-2016-3945 https://access.redhat.com/security/cve/CVE-2016-3990 https://access.redhat.com/security/cve/CVE-2016-3991 https://access.redhat.com/security/cve/CVE-2016-5320 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFXoNKIXlSAg2UNWIIRAn0mAJ49V9uRtJCn4vAWPIfVZ3ptCa4NDQCbBuTb H5YX3gD3gJu8C4EadiP+wtg= =Z4gh -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-3212-1 February 27, 2017

tiff vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary:

LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.10: libtiff-tools 4.0.6-2ubuntu0.1 libtiff5 4.0.6-2ubuntu0.1

Ubuntu 16.04 LTS: libtiff-tools 4.0.6-1ubuntu0.1 libtiff5 4.0.6-1ubuntu0.1

Ubuntu 14.04 LTS: libtiff-tools 4.0.3-7ubuntu0.6 libtiff5 4.0.3-7ubuntu0.6

In general, a standard system update will make all the necessary changes.


Gentoo Linux Security Advisory GLSA 201701-16


                                       https://security.gentoo.org/

Severity: Normal Title: libTIFF: Multiple vulnerabilities Date: January 09, 2017 Bugs: #484542, #534108, #538318, #561880, #572876, #585274, #585508, #599746 ID: 201701-16


Synopsis

Multiple vulnerabilities have been found in libTIFF, the worst of which may allow execution of arbitrary code. It is called by numerous programs, including GNOME and KDE applications, to interpret TIFF images. Please review the CVE identifier and bug reports referenced for details.

Workaround

There is no known workaround at this time.

Resolution

All libTIFF users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/tiff-4.0.7"

References

[ 1 ] CVE-2013-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4243 [ 2 ] CVE-2014-8127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8127 [ 3 ] CVE-2014-8128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8128 [ 4 ] CVE-2014-8129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8129 [ 5 ] CVE-2014-8130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8130 [ 6 ] CVE-2014-9330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9330 [ 7 ] CVE-2014-9655 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9655 [ 8 ] CVE-2015-1547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1547 [ 9 ] CVE-2015-7313 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7313 [ 10 ] CVE-2015-7554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7554 [ 11 ] CVE-2015-8665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8665 [ 12 ] CVE-2015-8668 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8668 [ 13 ] CVE-2015-8683 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8683 [ 14 ] CVE-2015-8781 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8781 [ 15 ] CVE-2015-8782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8782 [ 16 ] CVE-2015-8783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8783 [ 17 ] CVE-2015-8784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8784 [ 18 ] CVE-2016-3186 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3186 [ 19 ] CVE-2016-3619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3619 [ 20 ] CVE-2016-3620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3620 [ 21 ] CVE-2016-3621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3621 [ 22 ] CVE-2016-3622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3622 [ 23 ] CVE-2016-3623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3623 [ 24 ] CVE-2016-3624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3624 [ 25 ] CVE-2016-3625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3625 [ 26 ] CVE-2016-3631 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3631 [ 27 ] CVE-2016-3632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3632 [ 28 ] CVE-2016-3633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3633 [ 29 ] CVE-2016-3634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3634 [ 30 ] CVE-2016-3658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3658 [ 31 ] CVE-2016-3945 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3945 [ 32 ] CVE-2016-3990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3990 [ 33 ] CVE-2016-3991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3991 [ 34 ] CVE-2016-5102 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5102 [ 35 ] CVE-2016-5314 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5314 [ 36 ] CVE-2016-5315 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5315 [ 37 ] CVE-2016-5316 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5316 [ 38 ] CVE-2016-5317 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5317 [ 39 ] CVE-2016-5318 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5318 [ 40 ] CVE-2016-5319 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5319 [ 41 ] CVE-2016-5320 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5320 [ 42 ] CVE-2016-5321 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5321 [ 43 ] CVE-2016-5322 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5322 [ 44 ] CVE-2016-5323 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5323 [ 45 ] CVE-2016-5652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5652 [ 46 ] CVE-2016-5875 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5875 [ 47 ] CVE-2016-6223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6223 [ 48 ] CVE-2016-8331 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8331 [ 49 ] CVE-2016-9273 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9273 [ 50 ] CVE-2016-9297 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9297 [ 51 ] CVE-2016-9318 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9318 [ 52 ] CVE-2016-9448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9448 [ 53 ] CVE-2016-9453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9453 [ 54 ] CVE-2016-9532 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9532

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201701-16

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

--WUa5dgL7FmU1aSF31hCrUKc2JiSevbqka--

. 6) - i386, x86_64

3

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201803-0061",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "big-ip aam build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.66.204.442"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.0"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.7"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "big-ip aam hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.5.1"
      },
      {
        "model": "big-ip aam hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip aam build 685-hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "big-ip aam build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.40.1.256"
      },
      {
        "model": "vm server for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x863.4"
      },
      {
        "model": "big-ip aam hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1"
      },
      {
        "model": "big-ip aam build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.110.104.180"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "4.0.3"
      },
      {
        "model": "big-ip aam hf6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip aam hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.5.5"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.9.1"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.4"
      },
      {
        "model": "big-ip aam hf7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "4.0.6"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.24"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.6"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.9.2"
      },
      {
        "model": "big-ip aam hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.2"
      },
      {
        "model": "big-ip aam hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.0"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.4"
      },
      {
        "model": "big-ip aam hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "big-ip aam hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "4.0.1"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.9.3"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.8"
      },
      {
        "model": "big-ip aam hf11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "4.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.22"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.5.7"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.7.4"
      },
      {
        "model": "big-ip aam hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip aam hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip aam hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip aam hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.5.4"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.36"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.7.2"
      },
      {
        "model": "big-ip aam hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "4.0.2"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.6.1"
      },
      {
        "model": "big-ip aam hf9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.9.5"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.5.6"
      },
      {
        "model": "big-ip aam hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip aam hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.8.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0"
      },
      {
        "model": "big-ip aam hf8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.34"
      },
      {
        "model": "big-ip aam build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.01.14.628"
      },
      {
        "model": "big-ip aam hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.5.2"
      },
      {
        "model": "big-ip aam hf2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.26"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.4"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.7.3"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.4"
      },
      {
        "model": "big-ip aam hf3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.5.3"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "4.0.4"
      },
      {
        "model": "big-ip aam hf9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.8.2"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.21"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip aam hf1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.7.1"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "vm server for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x863.3"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.31"
      },
      {
        "model": "big-ip aam hf10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.9"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0.4"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip aam hf6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.4"
      },
      {
        "model": "big-ip aam hf5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.3"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "3.9.4"
      },
      {
        "model": "libtiff",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libtiff",
        "version": "4.0.5"
      },
      {
        "model": "big-ip aam hf4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.6.0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.3"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "91195"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Kaixiang Zhang of the Cloud Security Team, Qihoo 360",
    "sources": [
      {
        "db": "BID",
        "id": "91195"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-374"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2016-5320",
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2016-5314.  Reason: This candidate is a reservation duplicate of CVE-2016-5314.  Notes: All CVE users should reference CVE-2016-5314 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage. libTIFF is prone to a remote code-execution  vulnerability. \nAn attacker can exploit this issue to execute arbitrary code within the context of an application using the affected library. Failed exploit attempts will result in a denial-of-service condition. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: libtiff security update\nAdvisory ID:       RHSA-2016:1546-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-1546.html\nIssue date:        2016-08-02\nCVE Names:         CVE-2014-8127 CVE-2014-8129 CVE-2014-8130 \n                   CVE-2014-9330 CVE-2014-9655 CVE-2015-1547 \n                   CVE-2015-7554 CVE-2015-8665 CVE-2015-8668 \n                   CVE-2015-8683 CVE-2015-8781 CVE-2015-8782 \n                   CVE-2015-8783 CVE-2015-8784 CVE-2016-3632 \n                   CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 \n                   CVE-2016-5320 \n=====================================================================\n\n1. Summary:\n\nAn update for libtiff is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe libtiff packages contain a library of functions for manipulating Tagged\nImage File Format (TIFF) files. \n\nSecurity Fix(es):\n\n* Multiple flaws have been discovered in libtiff. (CVE-2014-9655, CVE-2015-1547,\nCVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782,\nCVE-2015-8783, CVE-2016-3990, CVE-2016-5320)\n\n* Multiple flaws have been discovered in various libtiff tools (bmp2tiff,\npal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit,\ntiff2rgba). By tricking a user into processing a specially crafted file, a\nremote attacker could exploit these flaws to cause a crash or memory\ncorruption and, possibly, execute arbitrary code with the privileges of the\nuser running the libtiff tool. (CVE-2014-8127, CVE-2014-8129,\nCVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632,\nCVE-2016-3945, CVE-2016-3991)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running applications linked against libtiff must be restarted for this\nupdate to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1177893 - CVE-2014-9330 libtiff: Out-of-bounds reads followed by a crash in bmp2tiff\n1185805 - CVE-2014-8127 libtiff: out-of-bounds read with malformed TIFF image in multiple tools\n1185815 - CVE-2014-8129 libtiff: out-of-bounds read/write with malformed TIFF image in tiff2pdf\n1185817 - CVE-2014-8130 libtiff: divide by zero in the tiffdither tool\n1190703 - CVE-2014-9655 libtiff: use of uninitialized memory in putcontig8bitYCbCr21tile and NeXTDecode\n1190709 - CVE-2015-1547 libtiff: use of uninitialized memory in NeXTDecode\n1294417 - CVE-2015-7554 libtiff: Invalid-write in _TIFFVGetField() when parsing some extension tags\n1294425 - CVE-2015-8668 libtiff: OOB read in bmp2tiff\n1294427 - CVE-2015-8683 libtiff: Out-of-bounds when reading CIE Lab image format files\n1294444 - CVE-2015-8665 libtiff: Out-of-bounds read in tif_getimage.c\n1301649 - CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 libtiff: invalid assertion\n1301652 - CVE-2015-8784 libtiff: out-of-bound write in NeXTDecode()\n1325093 - CVE-2016-3945 libtiff: out-of-bounds write in the tiff2rgba tool\n1325095 - CVE-2016-3632 libtiff: out-of-bounds write in _TIFFVGetField function\n1326246 - CVE-2016-3990 libtiff: out-of-bounds write in horizontalDifference8()\n1326249 - CVE-2016-3991 libtiff: out-of-bounds write in loadImage() function\n1346687 - CVE-2016-5320 libtiff: Out-of-bounds write in PixarLogDecode() function in tif_pixarlog.c\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nlibtiff-4.0.3-25.el7_2.src.rpm\n\nx86_64:\nlibtiff-4.0.3-25.el7_2.i686.rpm\nlibtiff-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-devel-4.0.3-25.el7_2.i686.rpm\nlibtiff-devel-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-static-4.0.3-25.el7_2.i686.rpm\nlibtiff-static-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-tools-4.0.3-25.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nlibtiff-4.0.3-25.el7_2.src.rpm\n\nx86_64:\nlibtiff-4.0.3-25.el7_2.i686.rpm\nlibtiff-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-devel-4.0.3-25.el7_2.i686.rpm\nlibtiff-devel-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-static-4.0.3-25.el7_2.i686.rpm\nlibtiff-static-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-tools-4.0.3-25.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nlibtiff-4.0.3-25.el7_2.src.rpm\n\nppc64:\nlibtiff-4.0.3-25.el7_2.ppc.rpm\nlibtiff-4.0.3-25.el7_2.ppc64.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.ppc.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.ppc64.rpm\nlibtiff-devel-4.0.3-25.el7_2.ppc.rpm\nlibtiff-devel-4.0.3-25.el7_2.ppc64.rpm\n\nppc64le:\nlibtiff-4.0.3-25.el7_2.ppc64le.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.ppc64le.rpm\nlibtiff-devel-4.0.3-25.el7_2.ppc64le.rpm\n\ns390x:\nlibtiff-4.0.3-25.el7_2.s390.rpm\nlibtiff-4.0.3-25.el7_2.s390x.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.s390.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.s390x.rpm\nlibtiff-devel-4.0.3-25.el7_2.s390.rpm\nlibtiff-devel-4.0.3-25.el7_2.s390x.rpm\n\nx86_64:\nlibtiff-4.0.3-25.el7_2.i686.rpm\nlibtiff-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-devel-4.0.3-25.el7_2.i686.rpm\nlibtiff-devel-4.0.3-25.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nlibtiff-debuginfo-4.0.3-25.el7_2.ppc.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.ppc64.rpm\nlibtiff-static-4.0.3-25.el7_2.ppc.rpm\nlibtiff-static-4.0.3-25.el7_2.ppc64.rpm\nlibtiff-tools-4.0.3-25.el7_2.ppc64.rpm\n\nppc64le:\nlibtiff-debuginfo-4.0.3-25.el7_2.ppc64le.rpm\nlibtiff-static-4.0.3-25.el7_2.ppc64le.rpm\nlibtiff-tools-4.0.3-25.el7_2.ppc64le.rpm\n\ns390x:\nlibtiff-debuginfo-4.0.3-25.el7_2.s390.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.s390x.rpm\nlibtiff-static-4.0.3-25.el7_2.s390.rpm\nlibtiff-static-4.0.3-25.el7_2.s390x.rpm\nlibtiff-tools-4.0.3-25.el7_2.s390x.rpm\n\nx86_64:\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-static-4.0.3-25.el7_2.i686.rpm\nlibtiff-static-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-tools-4.0.3-25.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nlibtiff-4.0.3-25.el7_2.src.rpm\n\nx86_64:\nlibtiff-4.0.3-25.el7_2.i686.rpm\nlibtiff-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-devel-4.0.3-25.el7_2.i686.rpm\nlibtiff-devel-4.0.3-25.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-static-4.0.3-25.el7_2.i686.rpm\nlibtiff-static-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-tools-4.0.3-25.el7_2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-8127\nhttps://access.redhat.com/security/cve/CVE-2014-8129\nhttps://access.redhat.com/security/cve/CVE-2014-8130\nhttps://access.redhat.com/security/cve/CVE-2014-9330\nhttps://access.redhat.com/security/cve/CVE-2014-9655\nhttps://access.redhat.com/security/cve/CVE-2015-1547\nhttps://access.redhat.com/security/cve/CVE-2015-7554\nhttps://access.redhat.com/security/cve/CVE-2015-8665\nhttps://access.redhat.com/security/cve/CVE-2015-8668\nhttps://access.redhat.com/security/cve/CVE-2015-8683\nhttps://access.redhat.com/security/cve/CVE-2015-8781\nhttps://access.redhat.com/security/cve/CVE-2015-8782\nhttps://access.redhat.com/security/cve/CVE-2015-8783\nhttps://access.redhat.com/security/cve/CVE-2015-8784\nhttps://access.redhat.com/security/cve/CVE-2016-3632\nhttps://access.redhat.com/security/cve/CVE-2016-3945\nhttps://access.redhat.com/security/cve/CVE-2016-3990\nhttps://access.redhat.com/security/cve/CVE-2016-3991\nhttps://access.redhat.com/security/cve/CVE-2016-5320\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXoNKIXlSAg2UNWIIRAn0mAJ49V9uRtJCn4vAWPIfVZ3ptCa4NDQCbBuTb\nH5YX3gD3gJu8C4EadiP+wtg=\n=Z4gh\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ==========================================================================\nUbuntu Security Notice USN-3212-1\nFebruary 27, 2017\n\ntiff vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.10\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nLibTIFF could be made to crash or run programs as your login if it opened a\nspecially crafted file. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.10:\n  libtiff-tools                   4.0.6-2ubuntu0.1\n  libtiff5                        4.0.6-2ubuntu0.1\n\nUbuntu 16.04 LTS:\n  libtiff-tools                   4.0.6-1ubuntu0.1\n  libtiff5                        4.0.6-1ubuntu0.1\n\nUbuntu 14.04 LTS:\n  libtiff-tools                   4.0.3-7ubuntu0.6\n  libtiff5                        4.0.3-7ubuntu0.6\n\nIn general, a standard system update will make all the necessary changes. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201701-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: libTIFF: Multiple vulnerabilities\n     Date: January 09, 2017\n     Bugs: #484542, #534108, #538318, #561880, #572876, #585274,\n           #585508, #599746\n       ID: 201701-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in libTIFF, the worst of which\nmay allow execution of arbitrary code. It is called by numerous programs, including GNOME\nand KDE applications, to interpret TIFF images. Please review\nthe CVE identifier and bug reports referenced for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll libTIFF users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=media-libs/tiff-4.0.7\"\n\nReferences\n==========\n\n[  1 ] CVE-2013-4243\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4243\n[  2 ] CVE-2014-8127\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8127\n[  3 ] CVE-2014-8128\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8128\n[  4 ] CVE-2014-8129\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8129\n[  5 ] CVE-2014-8130\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8130\n[  6 ] CVE-2014-9330\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9330\n[  7 ] CVE-2014-9655\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9655\n[  8 ] CVE-2015-1547\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1547\n[  9 ] CVE-2015-7313\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7313\n[ 10 ] CVE-2015-7554\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7554\n[ 11 ] CVE-2015-8665\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8665\n[ 12 ] CVE-2015-8668\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8668\n[ 13 ] CVE-2015-8683\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8683\n[ 14 ] CVE-2015-8781\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8781\n[ 15 ] CVE-2015-8782\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8782\n[ 16 ] CVE-2015-8783\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8783\n[ 17 ] CVE-2015-8784\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8784\n[ 18 ] CVE-2016-3186\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3186\n[ 19 ] CVE-2016-3619\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3619\n[ 20 ] CVE-2016-3620\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3620\n[ 21 ] CVE-2016-3621\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3621\n[ 22 ] CVE-2016-3622\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3622\n[ 23 ] CVE-2016-3623\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3623\n[ 24 ] CVE-2016-3624\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3624\n[ 25 ] CVE-2016-3625\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3625\n[ 26 ] CVE-2016-3631\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3631\n[ 27 ] CVE-2016-3632\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3632\n[ 28 ] CVE-2016-3633\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3633\n[ 29 ] CVE-2016-3634\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3634\n[ 30 ] CVE-2016-3658\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3658\n[ 31 ] CVE-2016-3945\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3945\n[ 32 ] CVE-2016-3990\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3990\n[ 33 ] CVE-2016-3991\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3991\n[ 34 ] CVE-2016-5102\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5102\n[ 35 ] CVE-2016-5314\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5314\n[ 36 ] CVE-2016-5315\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5315\n[ 37 ] CVE-2016-5316\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5316\n[ 38 ] CVE-2016-5317\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5317\n[ 39 ] CVE-2016-5318\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5318\n[ 40 ] CVE-2016-5319\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5319\n[ 41 ] CVE-2016-5320\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5320\n[ 42 ] CVE-2016-5321\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5321\n[ 43 ] CVE-2016-5322\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5322\n[ 44 ] CVE-2016-5323\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5323\n[ 45 ] CVE-2016-5652\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5652\n[ 46 ] CVE-2016-5875\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5875\n[ 47 ] CVE-2016-6223\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6223\n[ 48 ] CVE-2016-8331\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8331\n[ 49 ] CVE-2016-9273\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9273\n[ 50 ] CVE-2016-9297\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9297\n[ 51 ] CVE-2016-9318\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9318\n[ 52 ] CVE-2016-9448\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9448\n[ 53 ] CVE-2016-9453\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9453\n[ 54 ] CVE-2016-9532\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9532\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201701-16\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n--WUa5dgL7FmU1aSF31hCrUKc2JiSevbqka--\n\n. 6) - i386, x86_64\n\n3",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-5320"
      },
      {
        "db": "BID",
        "id": "91195"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-5320"
      },
      {
        "db": "PACKETSTORM",
        "id": "138137"
      },
      {
        "db": "PACKETSTORM",
        "id": "141348"
      },
      {
        "db": "PACKETSTORM",
        "id": "140402"
      },
      {
        "db": "PACKETSTORM",
        "id": "138138"
      }
    ],
    "trust": 1.62
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-5320",
        "trust": 2.4
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2016/06/15/9",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-374",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "91195",
        "trust": 0.4
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-5320",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138137",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "141348",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140402",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138138",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-5320"
      },
      {
        "db": "BID",
        "id": "91195"
      },
      {
        "db": "PACKETSTORM",
        "id": "138137"
      },
      {
        "db": "PACKETSTORM",
        "id": "141348"
      },
      {
        "db": "PACKETSTORM",
        "id": "140402"
      },
      {
        "db": "PACKETSTORM",
        "id": "138138"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5320"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-374"
      }
    ]
  },
  "id": "VAR-201803-0061",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.44532526
  },
  "last_update_date": "2023-12-18T11:50:09.194000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Red Hat: CVE-2016-5320",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-5320"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2016-5320"
      },
      {
        "title": "Debian CVElist Bug Report Logs: CVE-2016-5314: tiff: PixarLogDecode() heap-based buffer overflow",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=6b131cabef5a609317c68ae5090c9c65"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2016-734",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-734"
      },
      {
        "title": "Ubuntu Security Notice: tiff vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3212-1"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2016-733",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-733"
      },
      {
        "title": "Debian CVElist Bug Report Logs: tiff: CVE-2016-3619: Memory corruption in DumpModeEncode triggered by crafted bmp file",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=5848aa6178ee206ac15af311fe3c32ce"
      },
      {
        "title": "Debian CVElist Bug Report Logs: CVE-2016-6223: information leak in libtiff/tif_read.c",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=636392e40beab9e64452a26653ca4339"
      },
      {
        "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=6c15273f6bf4a785175f27073b98a1ce"
      },
      {
        "title": "Debian CVElist Bug Report Logs: CVE-2016-5652: heap based buffer overflow in tiff2pdf",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=bd300194f82d5d9010b5e6506d9d2a99"
      },
      {
        "title": "Debian CVElist Bug Report Logs: tiff: CVE-2016-3621: Out-of-bounds Read in the bmp2tiff tool",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=43d4031c9054c34276817ed76be02c53"
      },
      {
        "title": "Debian CVElist Bug Report Logs: Multiple CVE: Remove tools dropped by upstream",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=01865b7537a1fa0ed7712a023592cae3"
      },
      {
        "title": "Debian CVElist Bug Report Logs: tiff: CVE-2016-3631: Illegal read in the cpStrips and cpTiles function",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=27b20164e6e418cc71f42ae44c132bbf"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=0bd8c924b56aac98dda0f5b45f425f38"
      },
      {
        "title": "Debian CVElist Bug Report Logs: tiff: CVE-2016-3186: buffer overflow in gif2tiff",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=2979c5f6ffcc96a108a83e9f3466cceb"
      },
      {
        "title": "Debian CVElist Bug Report Logs: tiff: CVE-2016-3620: Out-of-bound read in ZIPEncode",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=d17d65eec907ae5f8040bebc6fe53347"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201611-26] libtiff: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201611-26"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201611-27] lib32-libtiff: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201611-27"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6283337cd31f81f24d445925f2138c0e"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-5320"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 0.6,
        "url": "http://www.openwall.com/lists/oss-security/2016/06/15/9"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3632"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8668"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7554"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-5320"
      },
      {
        "trust": 0.3,
        "url": "http://www.libtiff.org/"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346687"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/oss-sec/2016/q2/551"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024132"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024193"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
      },
      {
        "trust": 0.3,
        "url": "https://support.f5.com/kb/en-us/solutions/public/k/89/sol89096577.html?sr=59127075"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8783"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8127"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8130"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9655"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8665"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3945"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8782"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8129"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5320"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9330"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3990"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1547"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3991"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8781"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8784"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8683"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-8129"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-9330"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-3991"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-8665"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-8683"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-3632"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-3945"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-8782"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-8127"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-8784"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-8781"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-9655"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-8783"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-8130"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-1547"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-3990"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-7554"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-8668"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3624"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3623"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3622"
      },
      {
        "trust": 0.1,
        "url": "https://www.securityfocus.com/bid/91195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/3212-1/"
      },
      {
        "trust": 0.1,
        "url": "https://security.archlinux.org/cve-2016-5320"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2016-1546.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9297"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10093"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10094"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/tiff/4.0.3-7ubuntu0.6"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5314"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5323"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9448"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5317"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/tiff/4.0.6-2ubuntu0.1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5316"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5322"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5321"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6223"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10092"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3658"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-3212-1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5652"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5875"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9273"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5315"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/tiff/4.0.6-1ubuntu0.1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8331"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3625"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6223"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7313"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3990"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5319"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8127"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3619"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8128"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3634"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5321"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8783"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9655"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3633"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8782"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3632"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7554"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/glsa/201701-16"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5875"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9318"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3631"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8784"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3623"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5314"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-8331"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3624"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4243"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1547"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5317"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3621"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3631"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9330"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9297"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3620"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9453"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3620"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9273"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8129"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8128"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5316"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5652"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3991"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3621"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8781"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3186"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9448"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5315"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3186"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3622"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5102"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3658"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5323"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8130"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5322"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3625"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8665"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5318"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3945"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3619"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3633"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8668"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5320"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8683"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7313"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9532"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4243"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2016-1547.html"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-5320"
      },
      {
        "db": "BID",
        "id": "91195"
      },
      {
        "db": "PACKETSTORM",
        "id": "138137"
      },
      {
        "db": "PACKETSTORM",
        "id": "141348"
      },
      {
        "db": "PACKETSTORM",
        "id": "140402"
      },
      {
        "db": "PACKETSTORM",
        "id": "138138"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-374"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2016-5320"
      },
      {
        "db": "BID",
        "id": "91195"
      },
      {
        "db": "PACKETSTORM",
        "id": "138137"
      },
      {
        "db": "PACKETSTORM",
        "id": "141348"
      },
      {
        "db": "PACKETSTORM",
        "id": "140402"
      },
      {
        "db": "PACKETSTORM",
        "id": "138138"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5320"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-374"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-03-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-5320"
      },
      {
        "date": "2016-06-15T00:00:00",
        "db": "BID",
        "id": "91195"
      },
      {
        "date": "2016-08-02T23:00:03",
        "db": "PACKETSTORM",
        "id": "138137"
      },
      {
        "date": "2017-02-27T16:55:00",
        "db": "PACKETSTORM",
        "id": "141348"
      },
      {
        "date": "2017-01-09T19:12:35",
        "db": "PACKETSTORM",
        "id": "140402"
      },
      {
        "date": "2016-08-02T23:00:12",
        "db": "PACKETSTORM",
        "id": "138138"
      },
      {
        "date": "2018-03-12T02:29:00.493000",
        "db": "NVD",
        "id": "CVE-2016-5320"
      },
      {
        "date": "2016-06-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201606-374"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-03-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-5320"
      },
      {
        "date": "2017-01-23T04:06:00",
        "db": "BID",
        "id": "91195"
      },
      {
        "date": "2023-11-07T02:33:37.393000",
        "db": "NVD",
        "id": "CVE-2016-5320"
      },
      {
        "date": "2016-06-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201606-374"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "91195"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Silicon Graphics LibTiff Security hole",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-374"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-374"
      }
    ],
    "trust": 0.6
  }
}