Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:libtiff:libtiff:3.4:beta31:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2006-3463 |
The EstimateStripByteCounts function in TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, which allows context-dependent attackers to cause a denial of service via a large td_nstrips value, which triggers an infinite loop. Published: August 02, 2006; 9:04:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2006-3464 |
TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecified vectors involving "unchecked arithmetic operations". Published: August 02, 2006; 9:04:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2006-3465 |
Unspecified vulnerability in the custom tag support for the TIFF library (libtiff) before 3.8.2 allows remote attackers to cause a denial of service (instability or crash) and execute arbitrary code via unknown vectors. Published: August 02, 2006; 9:04:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2006-2193 |
Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character is sign extended to an integer that produces more digits than expected in an sprintf call. Published: June 08, 2006; 3:06:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2006-2656 |
Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE. Published: May 30, 2006; 2:02:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2006-2024 |
Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c. Published: April 25, 2006; 7:02:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2006-2025 |
Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image. Published: April 25, 2006; 7:02:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2006-2026 |
Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers errors related to "setfield/getfield methods in cleanup functions." Published: April 25, 2006; 7:02:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2005-1544 |
Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag. Published: May 14, 2005; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2004-0886 |
Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls. Published: January 27, 2005; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2004-1308 |
Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow. Published: January 10, 2005; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2004-1183 |
Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF file. Published: January 06, 2005; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.1 MEDIUM |
CVE-2004-0803 |
Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files. Published: December 23, 2004; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2004-1307 |
Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow. Published: December 21, 2004; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2004-0804 |
Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a denial of service (application crash) via a TIFF image that causes a divide-by-zero error when the number of row bytes is zero, a different vulnerability than CVE-2005-2452. Published: November 03, 2004; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |