Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.
Max CVSS
7.5
EPSS Score
4.81%
Published
2004-12-21
Updated
2018-10-30
Multiple extfs backend scripts for GNOME virtual file system (VFS) before 1.0.1 may allow remote attackers to perform certain unauthorized actions via a gnome-vfs URI.
Max CVSS
7.5
EPSS Score
1.24%
Published
2004-11-23
Updated
2017-10-11
script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.
Max CVSS
5.5
EPSS Score
0.04%
Published
2001-12-31
Updated
2024-01-26
3 vulnerabilities found