exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 100 RSS Feed

Files

LibTIFF 4.0.7 _TIFFVGetField (tiffsplit) Out-Of-Bounds Read
Posted Jul 6, 2017
Authored by zhangtan

LibTIFF version 4.0.7 suffers from a _TIFFVGetField (tiffsplit) out-of-bounds read vulnerability.

tags | exploit
advisories | CVE-2017-9147
SHA-256 | 5d4e42b44d706946d69bc7503e51abb36b8953e7b1033ff9d0d190155d246500

Related Files

Secunia Security Advisory 43593
Posted Mar 23, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in LibTIFF, which can be exploited by malicious people to potentially compromise an application using the library.

tags | advisory, vulnerability
SHA-256 | 63b064e442a6cc9f3016bd26b6f4b47c9a9e1425bf3611e59a1440117661bac8
Zero Day Initiative Advisory 11-107
Posted Mar 22, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-107 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of libtiff. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the ThunderDecode codec. While decoding a particular code within a row, the decoder will fail to accommodate for the total expanded size of the row. This can cause a heap-based buffer overflow which can lead to code execution under the context of the application utilizing the library.

tags | advisory, remote, overflow, arbitrary, code execution
advisories | CVE-2011-1167
SHA-256 | f1d4d8acff820dcd02f8053911e1e22474dd7f125e7c445b1092b25c62735990
Imagemagick 6.6.8-5 Stack Overflow
Posted Mar 21, 2011
Authored by zgmzgm

Imagemagick version 6.6.8-5 with Libtiff version 6.9.4 appears to suffer from a buffer overflow vulnerability. Proof of concept .tif enclosed.

tags | exploit, overflow, proof of concept
systems | linux
SHA-256 | 89d1bd335b330f97e026b62da3a2f55786503c0641f0c62ef60030e8fce38301
Secunia Security Advisory 43810
Posted Mar 19, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for libtiff. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
systems | linux, suse
SHA-256 | 2d266f58e1300680d68ba75ea49004356d6537b64272607b82d0de03befc4a99
Secunia Security Advisory 43664
Posted Mar 9, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for libtiff. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library.

tags | advisory
systems | linux, fedora
SHA-256 | a837326c4a5d47fb39a265f9595414cef0dd43da3ed3a9a1170c85fe79440a69
Mandriva Linux Security Advisory 2011-043
Posted Mar 8, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-043 - A buffer overflow was discovered in libtiff which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted TIFF image with CCITT Group 4 encoding.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2011-0192, CVE-2009-2347, CVE-2010-2065
SHA-256 | a30c069b2a4cc6efb9588b6a66dfd73bfd71758866bd0849dc058e1257a3f581
Adobe Flash Player "Button" Remote Code Execution
Posted Nov 3, 2010
Authored by Haifei Li, jduck | Site metasploit.com

This Metasploit module exploits a vulnerability in the handling of certain SWF movies within versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat are also vulnerable, as are any other applications that may embed Flash player. Arbitrary code execution is achieved by embedding a specially crafted Flash movie into a PDF document. An AcroJS heap spray is used in order to ensure that the memory used by the invalid pointer issue is controlled. NOTE: This Metasploit module uses a similar DEP bypass method to that used within the adobe_libtiff module. This method is unlikely to work across various Windows versions due a the hardcoded syscall number.

tags | exploit, arbitrary, code execution
systems | windows
advisories | CVE-2010-3654
SHA-256 | adf90d0fda6f2de7394643377e0f4d300f5445c02e7d2a421ba4dc2768385036
Mandriva Linux Security Advisory 2010-190
Posted Sep 30, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-190 - libtiff allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF image. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2010-3087
SHA-256 | cc534c77c37d6a0d4869d969ac19c118a8a3fe84d2691705b7aefc53901cc8a5
Mandriva Linux Security Advisory 2010-146
Posted Aug 6, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-146 - The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service via a crafted TIFF image that triggers an array index error, related to downsampled OJPEG input. Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3 allow remote attackers to execute arbitrary code or cause a denial of service via a crafted TIFF file that triggers a heap-based buffer overflow. Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF file that triggers a buffer overflow. The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values. The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to downsampled OJPEG input and possibly related to a compiler optimization that triggers a divide-by-zero error. The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file. Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file. tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to downsampled OJPEG input. LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service via a crafted TIFF file, a different vulnerability than CVE-2010-2443. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2010-2595, CVE-2010-1411, CVE-2010-2065, CVE-2010-2483, CVE-2010-2597, CVE-2010-2481, CVE-2010-2067, CVE-2010-2233, CVE-2010-2482
SHA-256 | 97281473d38a1c17020486c8ef8d34328b374f039467458966916cddef933680
Mandriva Linux Security Advisory 2010-145
Posted Aug 6, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-145 - The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service via a crafted TIFF image that triggers an array index error, related to downsampled OJPEG input. Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3 allow remote attackers to execute arbitrary code or cause a denial of service via a crafted TIFF file that triggers a heap-based buffer overflow. Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF file that triggers a buffer overflow. The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values. The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to downsampled OJPEG input and possibly related to a compiler optimization that triggers a divide-by-zero error. The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2010-2595, CVE-2010-1411, CVE-2010-2065, CVE-2010-2483, CVE-2010-2597, CVE-2010-2481
SHA-256 | 25f14ded470d4ea2318841b1889fdb846d07a7f1783d57bb25b0010d9d997aa0
Secunia Security Advisory 40527
Posted Jul 9, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for libtiff. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
SHA-256 | 776b76af98bfd7568e4ab4e4915d470ea60d54d0476efab2ec5ea8d8bfbad666
Secunia Security Advisory 40536
Posted Jul 9, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for libtiff. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
SHA-256 | 0a1f976fbe6118dd6d168388cae6bcaeb4d7487f505713fcd37853cddbb06e96
Secunia Security Advisory 40478
Posted Jul 7, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for mingw32-libtiff. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise an application using the library.

tags | advisory
systems | linux, fedora
SHA-256 | de1b8811e5756ce2ddf31c2f33cb6d8560907e4f1c135c87aceca2a68492f507
Secunia Security Advisory 40406
Posted Jul 2, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for libtiff. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise an application using the library.

tags | advisory, vulnerability
systems | linux, fedora
SHA-256 | a7c0adefcc1288a31b5fc83b96b6021437bed53f50e24fb045d5e4488911ef88
Secunia Security Advisory 40422
Posted Jul 2, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in LibTIFF, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
SHA-256 | 00bc8ebc9365c3885f39015831ab8a46fbb1cc241911a1c229ec0a724f3442bd
Secunia Security Advisory 40381
Posted Jun 30, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Slackware has issued an update for libtiff. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
systems | linux, slackware
SHA-256 | b876be3143a0c52e7620f274c6b9ed0fe8ff9220af5979fd0634247b81643ece
iDEFENSE Security Advisory 2010-06-21.1
Posted Jun 29, 2010
Authored by iDefense Labs, Dan Rosenberg | Site idefense.com

iDefense Security Advisory 06.21.10 - Remote exploitation of a stack buffer overflow vulnerability in version 3.9.2 of LibTIFF, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability is due to insufficient bounds checking when copying data into a stack allocated buffer. During the processing of a certain EXIF tag a fixed sized stack buffer is used as a destination location for a memory copy. This memory copy can cause the bounds of a stack buffer to be overflown and this condition may lead to arbitrary code execution. iDefense has confirmed the existence of this vulnerability in version 3.9.2 of libTIFF. Previous versions are not affected.

tags | advisory, remote, overflow, arbitrary, code execution
advisories | CVE-2010-2067
SHA-256 | 014d43587d44901b7350126457fa46e3ddd7be36fcae7a02d6977373e2a71713
Secunia Security Advisory 40241
Posted Jun 28, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in LibTIFF, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | e2e95ff66a0696a01824f7599ff5affeb2fa4e465a4e0607fba4bf849e465fe6
Secunia Security Advisory 40366
Posted Jun 25, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for libtiff. This fixes some vulnerabilities, which can be exploited by malicious people to compromise an application using the library.

tags | advisory, vulnerability
systems | linux, fedora
SHA-256 | a8ecc34b9cc0cf8f61738d579e9f0532b8005c79f9a644a0e0200f13bda60e82
Secunia Security Advisory 40181
Posted Jun 24, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in LibTIFF, which can potentially be exploited by malicious people to compromise an application using the library.

tags | advisory, vulnerability
SHA-256 | 218a47642b40a465e9d8915724b420da80c6ef532060cc4a7f85664a24130a2f
Adobe Flash Player newfunction Invalid Pointer Use
Posted Jun 15, 2010
Site metasploit.com

This Metasploit module exploits a vulnerability in the DoABC tag handling within versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat are also vulnerable, as are any other applications that may embed Flash player. Arbitrary code execution is achieved by embedding a specially crafted Flash movie into a PDF document. An AcroJS heap spray is used in order to ensure that the memory used by the invalid pointer issue is controlled. NOTE: This Metasploit module uses a similar DEP bypass method to that used within the adobe_libtiff module. This method is unlikely to work across various Windows versions due a the hardcoded syscall number.

tags | exploit, arbitrary, code execution
systems | windows
advisories | CVE-2010-1297
SHA-256 | 71ccaf27795a2d55817a54366b9579a0f716c0eac2bba96dd2737900840223ae
Adobe Flash Player newfucntion Invalid Pointer Use
Posted Jun 15, 2010
Site metasploit.com

This Metasploit module exploits a vulnerability in the DoABC tag handling within versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat are also vulnerable, as are any other applications that may embed Flash player. Arbitrary code execution is achieved by embedding a specially crafted Flash movie into a PDF document. An AcroJS heap spray is used in order to ensure that the memory used by the invalid pointer issue is controlled. NOTE: This Metasploit module uses a similar DEP bypass method to that used within the adobe_libtiff module. This method is unlikely to work across various Windows versions due a the hardcoded syscall number.

tags | exploit, arbitrary, code execution
systems | windows
advisories | CVE-2010-1297
SHA-256 | e02f5ac92e82f00a79b8fe5ef61a301064717212d5c369c5e7ac2e797ab4e3bd
Adobe PDF LibTiff Integer Overflow
Posted Mar 13, 2010
Authored by villy

Adobe PDF LibTiff integer overflow code execution exploit that affects versions 8.3.0 and below and 9.3.0 and below.

tags | exploit, overflow, code execution
advisories | CVE-2010-0188
SHA-256 | 076c3cc941c8d0cafbb3478028a2e0b84834a5f95d7095704791d4b35d1d31f5
Mandriva Linux Security Advisory 2009-169
Posted Dec 4, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-169 - Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327. Fix several places in tiff2rgba and rgb2ycbcr that were being careless about possible integer overflow in calculation of buffer sizes. This update provides fixes for these vulnerabilities. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, mandriva
advisories | CVE-2009-2285, CVE-2009-2347
SHA-256 | 45d95127402793a3fd0da4d97ff4af68efb1a762e184604e26b562f4cf3e42a6
Secunia Security Advisory 36831
Posted Sep 23, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sun has acknowledged a vulnerability in Sun Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise an application using the libtiff library.

tags | advisory, denial of service
systems | solaris
SHA-256 | ce2698b7f7792c8224b332b614f0241655f0ff95b6a801de3fb01bc09c9afb43
Page 2 of 4
Back1234Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close