Download
| Alert*
|
oval:org.secpod.oval:def:2101458
The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c none" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image. oval:org.secpod.oval:def:39629 The host is installed with Apple Mac OS X or Server 10.12.3 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle maliciously crafted image. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:89002537 This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tif_lzw.c . - CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf . - CVE-2017-9147: Fixed invalid read in the _ ... oval:org.secpod.oval:def:39718 The host is missing a security update according to Apple advisory, APPLE-SA-2017-03-27-3. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary ... |
