Mathias Svensson

#11165de 53,633
24.7CVSS total
Vulnerabilidades · 3
Média
1
Alta
1
Crítica
1
PT-2017-8934
9.1
2016-10-20
Libtiff · Libtiff · CVE-2016-6223
**Name of the Vulnerable Software and Affected Versions** libtiff versions prior to 4.0.7 **Description** The issue allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a negative index in a file-content buffer. This is due to a problem in the TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif read.c. **Recommendations** For versions prior to 4.0.7, update to version 4.0.7 or later to resolve the issue. As a temporary workaround, consider restricting access to files that could be used to exploit this issue until the update is applied.
PT-2016-6362
8.8
2016-06-15
Libtiff · Libtiff · CVE-2016-5314
**Name of the Vulnerable Software and Affected Versions** LibTIFF versions 4.0.6 and earlier **Description** The issue is related to a buffer overflow in the `PixarLogDecode` function, located in the tif pixarlog.c file. This buffer overflow can be triggered by a crafted TIFF image, potentially allowing remote attackers to cause a denial of service, such as an application crash. It may also have other unspecified impacts, including the possibility of overwriting function pointers, for example, the `vgetparent` function pointer with `rgb2ycbcr`. **Recommendations** For LibTIFF versions 4.0.6 and earlier, update to a version later than 4.0.6 to resolve the issue.
PT-2011-1051
6.8
2011-03-25
Debian · Tex-Common · CVE-2011-1400
**Name of the Vulnerable Software and Affected Versions** tex-common versions prior to 2.08.1 **Description** The issue concerns multiple vulnerabilities in the tex-common package of Debian GNU/Linux, potentially leading to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, the default configuration of the `shell escape commands` directive in certain versions of the tex-common package may allow remote attackers to execute arbitrary code via a crafted TeX document. **Recommendations** For versions prior to 2.08.1, update to version 2.08.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `shell escape commands` directive to minimize the risk of exploitation.