MidnightBSD

Advisories for remotesensing

CVE-2013-1960 HIGH

Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
remotesensing libtiff 4.0.2
remotesensing libtiff 3.5.3
remotesensing libtiff 3.5.1
remotesensing libtiff 3.7.1
remotesensing libtiff 3.9.2
remotesensing libtiff 3.5.7
remotesensing libtiff 3.9.3
remotesensing libtiff 3.5.2
remotesensing libtiff 4.0.1
remotesensing libtiff 3.5.6
remotesensing libtiff 3.7.3
remotesensing libtiff 3.8.1
remotesensing libtiff 3.8.2
remotesensing libtiff 3.6.1
remotesensing libtiff 3.7.0
remotesensing libtiff 3.9.0
remotesensing libtiff 3.9.1
remotesensing libtiff 3.9.4
remotesensing libtiff 3.5.5
remotesensing libtiff 3.8.0
remotesensing libtiff 3.7.2
remotesensing libtiff 3.4
remotesensing libtiff 3.5.4
remotesensing libtiff 3.6.0
remotesensing libtiff 3.7.4
remotesensing libtiff *
remotesensing libtiff 4.0.0
CVE-2013-1961 HIGH

Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
remotesensing libtiff 4.0.2
remotesensing libtiff 3.5.3
remotesensing libtiff 3.5.1
remotesensing libtiff 3.7.1
remotesensing libtiff 3.9.2
remotesensing libtiff 3.5.7
remotesensing libtiff 3.9.3
remotesensing libtiff 3.5.2
remotesensing libtiff 4.0.1
remotesensing libtiff 3.5.6
remotesensing libtiff 3.7.3
remotesensing libtiff 3.8.1
remotesensing libtiff 3.8.2
remotesensing libtiff 3.6.1
remotesensing libtiff 3.7.0
remotesensing libtiff 3.9.0
remotesensing libtiff 3.9.1
remotesensing libtiff 3.9.4
remotesensing libtiff 3.5.5
remotesensing libtiff 3.8.0
remotesensing libtiff 3.7.2
remotesensing libtiff 3.4
remotesensing libtiff 3.5.4
remotesensing libtiff 3.6.0
remotesensing libtiff 3.7.4
remotesensing libtiff *
remotesensing libtiff 4.0.0
CVE-2014-9655 MEDIUM

The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
debian debian_linux 7.0
debian debian_linux 8.0
remotesensing libtiff *