Search criteria
4 vulnerabilities found for tinytiff by tinytiff_project
CVE-2023-26733 (GCVE-0-2023-26733)
Vulnerability from nvd – Published: 2023-04-04 00:00 – Updated: 2025-02-13 15:45
VLAI
Summary
Buffer Overflow vulnerability found in tinyTIFF v.3.0 allows a local attacker to cause a denial of service via the TinyTiffReader_readNextFrame function in tinytiffreader.c file.
Severity
7.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:54.332Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/10cksYiqiyinHangzhouTechnology/Security-Issue-Report-of-TinyTIFF/blob/main/README.md"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jkriege2/TinyTIFF/issues/19"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-26733",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-13T15:44:25.823311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T15:45:58.958Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability found in tinyTIFF v.3.0 allows a local attacker to cause a denial of service via the TinyTiffReader_readNextFrame function in tinytiffreader.c file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-04T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/10cksYiqiyinHangzhouTechnology/Security-Issue-Report-of-TinyTIFF/blob/main/README.md"
},
{
"url": "https://github.com/jkriege2/TinyTIFF/issues/19"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-26733",
"datePublished": "2023-04-04T00:00:00.000Z",
"dateReserved": "2023-02-27T00:00:00.000Z",
"dateUpdated": "2025-02-13T15:45:58.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1560 (GCVE-0-2023-1560)
Vulnerability from nvd – Published: 2023-03-22 11:31 – Updated: 2024-11-22 17:51
VLAI
Title
TinyTIFF File tinytiffreader.c buffer overflow
Summary
A vulnerability, which was classified as problematic, has been found in TinyTIFF 3.0.0.0. This issue affects some unknown processing of the file tinytiffreader.c of the component File Handler. The manipulation leads to buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-223553 was assigned to this vulnerability.
Severity
CWE
- CWE-120 - Buffer Overflow
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.223553 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.223553 | signaturepermissions-required |
| https://github.com/10cksYiqiyinHangzhouTechnology… | related |
| https://github.com/10cksYiqiyinHangzhouTechnology… | exploit |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:11.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.223553"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.223553"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://github.com/10cksYiqiyinHangzhouTechnology/Security-Issue-Report-of-TinyTIFF"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/10cksYiqiyinHangzhouTechnology/Security-Issue-Report-of-TinyTIFF/blob/main/id8"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1560",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-22T17:09:06.469759Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T17:51:20.095Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"File Handler"
],
"product": "TinyTIFF",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.0.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "10cksYiqiyinHangzhouTechnology (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in TinyTIFF 3.0.0.0. This issue affects some unknown processing of the file tinytiffreader.c of the component File Handler. The manipulation leads to buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-223553 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in TinyTIFF 3.0.0.0 entdeckt. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei tinytiffreader.c der Komponente File Handler. Dank der Manipulation mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-21T10:39:23.307Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.223553"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.223553"
},
{
"tags": [
"related"
],
"url": "https://github.com/10cksYiqiyinHangzhouTechnology/Security-Issue-Report-of-TinyTIFF"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/10cksYiqiyinHangzhouTechnology/Security-Issue-Report-of-TinyTIFF/blob/main/id8"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-03-22T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-03-22T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-03-22T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-04-12T18:20:19.000Z",
"value": "VulDB entry last update"
}
],
"title": "TinyTIFF File tinytiffreader.c buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-1560",
"datePublished": "2023-03-22T11:31:04.983Z",
"dateReserved": "2023-03-22T10:05:28.529Z",
"dateUpdated": "2024-11-22T17:51:20.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26733 (GCVE-0-2023-26733)
Vulnerability from cvelistv5 – Published: 2023-04-04 00:00 – Updated: 2025-02-13 15:45
VLAI
Summary
Buffer Overflow vulnerability found in tinyTIFF v.3.0 allows a local attacker to cause a denial of service via the TinyTiffReader_readNextFrame function in tinytiffreader.c file.
Severity
7.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:54.332Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/10cksYiqiyinHangzhouTechnology/Security-Issue-Report-of-TinyTIFF/blob/main/README.md"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jkriege2/TinyTIFF/issues/19"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-26733",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-13T15:44:25.823311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T15:45:58.958Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability found in tinyTIFF v.3.0 allows a local attacker to cause a denial of service via the TinyTiffReader_readNextFrame function in tinytiffreader.c file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-04T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/10cksYiqiyinHangzhouTechnology/Security-Issue-Report-of-TinyTIFF/blob/main/README.md"
},
{
"url": "https://github.com/jkriege2/TinyTIFF/issues/19"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-26733",
"datePublished": "2023-04-04T00:00:00.000Z",
"dateReserved": "2023-02-27T00:00:00.000Z",
"dateUpdated": "2025-02-13T15:45:58.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1560 (GCVE-0-2023-1560)
Vulnerability from cvelistv5 – Published: 2023-03-22 11:31 – Updated: 2024-11-22 17:51
VLAI
Title
TinyTIFF File tinytiffreader.c buffer overflow
Summary
A vulnerability, which was classified as problematic, has been found in TinyTIFF 3.0.0.0. This issue affects some unknown processing of the file tinytiffreader.c of the component File Handler. The manipulation leads to buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-223553 was assigned to this vulnerability.
Severity
CWE
- CWE-120 - Buffer Overflow
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.223553 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.223553 | signaturepermissions-required |
| https://github.com/10cksYiqiyinHangzhouTechnology… | related |
| https://github.com/10cksYiqiyinHangzhouTechnology… | exploit |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:11.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.223553"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.223553"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://github.com/10cksYiqiyinHangzhouTechnology/Security-Issue-Report-of-TinyTIFF"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/10cksYiqiyinHangzhouTechnology/Security-Issue-Report-of-TinyTIFF/blob/main/id8"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1560",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-22T17:09:06.469759Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T17:51:20.095Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"File Handler"
],
"product": "TinyTIFF",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.0.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "10cksYiqiyinHangzhouTechnology (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in TinyTIFF 3.0.0.0. This issue affects some unknown processing of the file tinytiffreader.c of the component File Handler. The manipulation leads to buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-223553 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in TinyTIFF 3.0.0.0 entdeckt. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei tinytiffreader.c der Komponente File Handler. Dank der Manipulation mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-21T10:39:23.307Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.223553"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.223553"
},
{
"tags": [
"related"
],
"url": "https://github.com/10cksYiqiyinHangzhouTechnology/Security-Issue-Report-of-TinyTIFF"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/10cksYiqiyinHangzhouTechnology/Security-Issue-Report-of-TinyTIFF/blob/main/id8"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-03-22T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-03-22T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-03-22T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-04-12T18:20:19.000Z",
"value": "VulDB entry last update"
}
],
"title": "TinyTIFF File tinytiffreader.c buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-1560",
"datePublished": "2023-03-22T11:31:04.983Z",
"dateReserved": "2023-03-22T10:05:28.529Z",
"dateUpdated": "2024-11-22T17:51:20.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}