Filtered by vendor Libtiff
Subscribe
Total
261 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9403 | 3 Canonical, Debian, Libtiff | 3 Ubuntu Linux, Debian Linux, Libtiff | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.
|
|||||
| CVE-2016-10371 | 1 Libtiff | 1 Libtiff | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file.
|
|||||
| CVE-2017-17942 | 1 Libtiff | 1 Libtiff | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c.
|
|||||
| CVE-2016-10267 | 1 Libtiff | 1 Libtiff | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8.
|
|||||
| CVE-2016-9532 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file.
|
|||||
| CVE-2016-10268 | 1 Libtiff | 1 Libtiff | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 78490" and libtiff/tif_unix.c:115:23.
|
|||||
| CVE-2016-3945 | 2 Libtiff, Oracle | 2 Libtiff, Vm Server | 2025-04-12 | 6.8 MEDIUM | 7.8 HIGH |
|
Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write.
|
|||||
| CVE-2016-3632 | 2 Libtiff, Oracle | 2 Libtiff, Vm Server | 2025-04-12 | 6.8 MEDIUM | 7.8 HIGH |
|
The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image.
|
|||||
| CVE-2015-8782 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
|
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781.
|
|||||
| CVE-2015-8668 | 3 Libtiff, Oracle, Redhat | 6 Libtiff, Linux, Vm Server and 3 more | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image.
|
|||||
| CVE-2016-3990 | 2 Libtiff, Oracle | 2 Libtiff, Vm Server | 2025-04-12 | 6.8 MEDIUM | 7.8 HIGH |
|
Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp.
|
|||||
| CVE-2015-8683 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image.
|
|||||
| CVE-2016-9537 | 1 Libtiff | 1 Libtiff | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096, and MSVR 35097.
|
|||||
| CVE-2016-3186 | 2 Libtiff, Opensuse | 2 Libtiff, Opensuse | 2025-04-12 | 5.0 MEDIUM | 6.2 MEDIUM |
|
Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file.
|
|||||
| CVE-2016-3622 | 1 Libtiff | 1 Libtiff | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image.
|
|||||
| CVE-2016-3624 | 1 Libtiff | 1 Libtiff | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the "-v" option to -1.
|
|||||
| CVE-2016-3633 | 1 Libtiff | 1 Libtiff | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the src variable.
|
|||||
| CVE-2016-9536 | 1 Libtiff | 1 Libtiff | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka "t2p_process_jpeg_strip heap-buffer-overflow."
|
|||||
| CVE-2015-8665 | 1 Libtiff | 1 Libtiff | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
|
tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image.
|
|||||
| CVE-2016-9538 | 1 Libtiff | 1 Libtiff | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100.
|
|||||
| CVE-2016-3658 | 1 Libtiff | 1 Libtiff | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving the ma variable.
|
|||||
| CVE-2015-8783 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
|
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image.
|
|||||
| CVE-2016-3623 | 2 Libtiff, Opensuse | 2 Libtiff, Opensuse | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0.
|
|||||
| CVE-2016-9535 | 1 Libtiff | 1 Libtiff | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."
|
|||||
| CVE-2016-9539 | 1 Libtiff | 1 Libtiff | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092.
|
|||||
| CVE-2016-3631 | 1 Libtiff | 1 Libtiff | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the bytecounts[] array variable.
|
|||||
| CVE-2015-8870 | 1 Libtiff | 1 Libtiff | 2025-04-12 | 5.8 MEDIUM | 7.4 HIGH |
|
Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file.
|
|||||
| CVE-2015-8784 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif.
|
|||||
| CVE-2016-3625 | 1 Libtiff | 1 Libtiff | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
|
tif_read.c in the tiff2bw tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.
|
|||||
| CVE-2016-3621 | 1 Libtiff | 1 Libtiff | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
|
The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c lzw" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.
|
|||||
| CVE-2014-9330 | 1 Libtiff | 1 Libtiff | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) via crafted BMP image, related to dimensions, which triggers an out-of-bounds read.
|
|||||
| CVE-2016-9540 | 1 Libtiff | 1 Libtiff | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow."
|
|||||
| CVE-2016-3634 | 1 Libtiff | 1 Libtiff | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
The tagCompare function in tif_dirinfo.c in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to field_tag matching.
|
|||||
| CVE-2015-8781 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
|
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782.
|
|||||
| CVE-2016-9534 | 1 Libtiff | 1 Libtiff | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow."
|
|||||
| CVE-2016-9533 | 1 Libtiff | 1 Libtiff | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka "PixarLog horizontalDifference heap-buffer-overflow."
|
|||||
| CVE-2016-3620 | 1 Libtiff | 1 Libtiff | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c zip" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.
|
|||||
| CVE-2015-1547 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif.
|
|||||
| CVE-2016-3991 | 2 Libtiff, Oracle | 2 Libtiff, Vm Server | 2025-04-12 | 6.8 MEDIUM | 7.8 HIGH |
|
Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles.
|
|||||
| CVE-2015-7554 | 1 Libtiff | 1 Libtiff | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image.
|
|||||