Even Rouault

29 exploits Active since Nov 2016
CVE-2026-6192 WRITEUP LOW WRITEUP
uclouvain openjpeg pi.c opj_pi_initialise_encode integer overflow
A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is 839936aa33eb8899bbbd80fda02796bb65068951. It is suggested to install a patch to address this issue.
CVSS 3.3
CVE-2022-0908 WRITEUP HIGH WRITEUP
Libtiff < 4.3.0 - NULL Pointer Dereference
Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.
CVSS 7.7
CVE-2022-1354 WRITEUP MEDIUM WRITEUP
Libtiff < 4.4.0 - Out-of-Bounds Write
A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service.
CVSS 5.5
CVE-2022-1622 WRITEUP MEDIUM WRITEUP
Libtiff < 16.0 - Out-of-Bounds Read
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.
CVSS 5.5
CVE-2022-1623 WRITEUP MEDIUM WRITEUP
Libtiff - Out-of-Bounds Read
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.
CVSS 5.5
CVE-2022-3970 WRITEUP MEDIUM WRITEUP
Libtiff < 4.5.0 - Numeric Error
A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability.
CVSS 6.3
CVE-2016-9533 WRITEUP CRITICAL WRITEUP
Libtiff - Out-of-Bounds Write
tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka "PixarLog horizontalDifference heap-buffer-overflow."
CVSS 9.8
CVE-2016-9534 WRITEUP CRITICAL WRITEUP
Libtiff - Memory Corruption
tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow."
CVSS 9.8
CVE-2016-9535 WRITEUP CRITICAL WRITEUP
Libtiff - Memory Corruption
tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."
CVSS 9.8
CVE-2016-9536 WRITEUP CRITICAL WRITEUP
Libtiff - Out-of-Bounds Write
tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka "t2p_process_jpeg_strip heap-buffer-overflow."
CVSS 9.8
CVE-2016-9537 WRITEUP CRITICAL WRITEUP
Libtiff - Out-of-Bounds Write
tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096, and MSVR 35097.
CVSS 9.8
CVE-2016-9538 WRITEUP CRITICAL WRITEUP
Libtiff - Integer Overflow
tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100.
CVSS 9.8
CVE-2016-9539 WRITEUP CRITICAL WRITEUP
Libtiff - Memory Corruption
tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092.
CVSS 9.8
CVE-2016-9540 WRITEUP CRITICAL WRITEUP
Libtiff - Out-of-Bounds Write
tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow."
CVSS 9.8
CVE-2017-12982 WRITEUP MEDIUM WRITEUP
Uclouvain Openjpeg < 2.3.0 - Memory Corruption
The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c.
CVSS 5.5
CVE-2017-14039 WRITEUP HIGH WRITEUP
OpenJPEG 2.2.0 - Buffer Overflow
A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.
CVSS 8.8
CVE-2017-14040 WRITEUP HIGH WRITEUP
OpenJPEG 2.2.0 - DoS
An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact.
CVSS 8.8
CVE-2017-14041 WRITEUP HIGH WRITEUP
OpenJPEG 2.2.0 - Buffer Overflow
A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
CVSS 8.8
CVE-2017-14151 WRITEUP HIGH WRITEUP
OpenJPEG 2.2.0 - Buffer Overflow
An off-by-one error was discovered in opj_tcd_code_block_enc_allocate_data in lib/openjp2/tcd.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_mqc_flush in lib/openjp2/mqc.c and opj_t1_encode_cblk in lib/openjp2/t1.c) or possibly remote code execution.
CVSS 8.8
CVE-2017-14152 WRITEUP HIGH WRITEUP
OpenJPEG 2.2.0 - Buffer Overflow
A mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c and opj_j2k_write_sot in lib/openjp2/j2k.c) or possibly remote code execution.
CVSS 8.8
CVE-2017-14164 WRITEUP HIGH WRITEUP
OpenJPEG 2.2.0 - Heap-Based Buffer Overflow
A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c) or possibly remote code execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14152.
CVSS 8.8
CVE-2018-21010 WRITEUP HIGH WRITEUP
Uclouvain Openjpeg < 2.3.1 - Out-of-Bounds Write
OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.
CVSS 8.8
CVE-2019-17545 WRITEUP CRITICAL WRITEUP
Osgeo Gdal < 3.0.1 - Double Free
GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.
CVSS 9.8
CVE-2019-17546 WRITEUP HIGH WRITEUP
Libtiff < 4.1.0 - Integer Overflow
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.
CVSS 8.8
CVE-2019-25050 WRITEUP HIGH WRITEUP
GDAL 2.4.2-3.0.4 - Buffer Overflow
netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and netCDFDataset::~netCDFDataset).
CVSS 7.8