Filtered by vendor Libtiff
Subscribe
Total
261 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8331 | 1 Libtiff | 1 Libtiff | 2025-04-12 | 6.8 MEDIUM | 8.1 HIGH |
|
An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the application using LibTIFF's tag extension functionality.
|
|||||
| CVE-2016-3619 | 1 Libtiff | 1 Libtiff | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c none" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.
|
|||||
| CVE-2011-1167 | 1 Libtiff | 1 Libtiff | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.
|
|||||
| CVE-2012-5581 | 1 Libtiff | 1 Libtiff | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image.
|
|||||
| CVE-2010-4665 | 1 Libtiff | 1 Libtiff | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Integer overflow in the ReadDirectory function in tiffdump.c in tiffdump in LibTIFF before 3.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF file containing a directory data structure with many directory entries.
|
|||||
| CVE-2010-2630 | 1 Libtiff | 1 Libtiff | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.
|
|||||
| CVE-2009-5022 | 1 Libtiff | 1 Libtiff | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file.
|
|||||
| CVE-2010-2481 | 1 Libtiff | 1 Libtiff | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file.
|
|||||
| CVE-2010-2482 | 1 Libtiff | 1 Libtiff | 2025-04-11 | 4.3 MEDIUM | N/A |
|
LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443.
|
|||||
| CVE-2013-4244 | 1 Libtiff | 1 Libtiff | 2025-04-11 | 6.8 MEDIUM | N/A |
|
The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image.
|
|||||
| CVE-2010-2483 | 1 Libtiff | 1 Libtiff | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values.
|
|||||
| CVE-2010-2631 | 1 Libtiff | 1 Libtiff | 2025-04-11 | 4.3 MEDIUM | N/A |
|
LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during the second stage, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.
|
|||||
| CVE-2013-4232 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted TIFF image.
|
|||||
| CVE-2010-2065 | 1 Libtiff | 1 Libtiff | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF file that triggers a buffer overflow.
|
|||||
| CVE-2013-4231 | 1 Libtiff | 1 Libtiff | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size.
|
|||||
| CVE-2012-3401 | 1 Libtiff | 1 Libtiff | 2025-04-11 | 6.8 MEDIUM | N/A |
|
The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow.
|
|||||
| CVE-2010-2443 | 1 Libtiff | 1 Libtiff | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an OJPEG image with undefined strip offsets, related to the TIFFVGetField function.
|
|||||
| CVE-2012-1173 | 1 Libtiff | 1 Libtiff | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow.
|
|||||
| CVE-2012-4564 | 5 Canonical, Debian, Libtiff and 2 more | 8 Ubuntu Linux, Debian Linux, Libtiff and 5 more | 2025-04-11 | 6.8 MEDIUM | N/A |
|
ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow.
|
|||||
| CVE-2010-2595 | 1 Libtiff | 1 Libtiff | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to "downsampled OJPEG input."
|
|||||
| CVE-2013-4243 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image.
|
|||||
| CVE-2010-2233 | 1 Libtiff | 1 Libtiff | 2025-04-11 | 7.5 HIGH | N/A |
|
tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to "downsampled OJPEG input."
|
|||||
| CVE-2010-2597 | 1 Libtiff | 1 Libtiff | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image, related to "downsampled OJPEG input" and possibly related to a compiler optimization that triggers a divide-by-zero error.
|
|||||
| CVE-2012-2113 | 1 Libtiff | 1 Libtiff | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.
|
|||||
| CVE-2012-2088 | 1 Libtiff | 1 Libtiff | 2025-04-11 | 7.5 HIGH | N/A |
|
Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow.
|
|||||
| CVE-2012-4447 | 1 Libtiff | 1 Libtiff | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format.
|
|||||
| CVE-2010-2596 | 1 Libtiff | 1 Libtiff | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2, as used in tiff2ps, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF image, related to "downsampled OJPEG input."
|
|||||
| CVE-2010-3087 | 2 Libtiff, Opensuse | 2 Libtiff, Opensuse | 2025-04-11 | 6.8 MEDIUM | N/A |
|
LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF image.
|
|||||
| CVE-2010-2067 | 2 Canonical, Libtiff | 2 Ubuntu Linux, Libtiff | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file.
|
|||||
| CVE-2009-2285 | 1 Libtiff | 1 Libtiff | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.
|
|||||
| CVE-2008-2327 | 1 Libtiff | 1 Libtiff | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code.
|
|||||
| CVE-2009-2347 | 1 Libtiff | 1 Libtiff | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.
|
|||||
| CVE-2022-4645 | 2 Fedoraproject, Libtiff | 2 Fedora, Libtiff | 2025-04-04 | N/A | 6.8 MEDIUM |
|
LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.
|
|||||
| CVE-2022-48281 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2025-04-03 | N/A | 5.5 MEDIUM |
|
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.
|
|||||
| CVE-2004-0804 | 1 Libtiff | 1 Libtiff | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a denial of service (application crash) via a TIFF image that causes a divide-by-zero error when the number of row bytes is zero, a different vulnerability than CVE-2005-2452.
|
|||||
| CVE-2006-2024 | 1 Libtiff | 1 Libtiff | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c.
|
|||||
| CVE-2004-1183 | 1 Libtiff | 1 Libtiff | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF file.
|
|||||
| CVE-2006-3464 | 1 Libtiff | 1 Libtiff | 2025-04-03 | 7.5 HIGH | N/A |
|
TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecified vectors involving "unchecked arithmetic operations".
|
|||||
| CVE-2006-3459 | 2 Adobe, Libtiff | 2 Acrobat Reader, Libtiff | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c.
|
|||||
| CVE-2004-0929 | 2 Libtiff, Suse | 2 Libtiff, Suse Linux | 2025-04-03 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in the OJPEGVSetField function in tif_ojpeg.c for libtiff 3.6.1 and earlier, when compiled with the OJPEG_SUPPORT (old JPEG support) option, allows remote attackers to execute arbitrary code via a malformed TIFF image.
|
|||||