Libtiff

libtiff

Vendor: Libtiff • 262 CVEs

CVEs (262)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-11335 1Libtiff 1Libtiff May 13, 2026 Jul 17, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c)....Show more There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack.Show less
CVE-2017-10688 1Libtiff 1Libtiff May 13, 2026 Jun 29, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A crafted input will lead to a remote denial of service attack.
CVE-2014-8127 2Libtiff Opensuse 2Libtiff Opensuse May 13, 2026 Jun 26, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig fu...Show more LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.Show less
CVE-2017-9937 1Libtiff 1Libtiff May 13, 2026 Jun 26, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack.
CVE-2017-9936 3Canonical DebianLibtiff 3Debian Linux LibtiffUbuntu Linux May 13, 2026 Jun 26, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack.
CVE-2017-9935 3Canonical DebianLibtiff 3Debian Linux LibtiffUbuntu Linux May 13, 2026 Jun 26, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bo...Show more In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution.Show less
CVE-2017-9815 2Canonical Libtiff 2Libtiff Ubuntu Linux May 13, 2026 Jun 22, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a denial of service (memory leak within the function _TIFFmalloc in tif_un...Show more In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a denial of service (memory leak within the function _TIFFmalloc in tif_unix.c) via a crafted file.Show less
CVE-2017-9404 3Canonical DebianLibtiff 3Debian Linux LibtiffUbuntu Linux May 13, 2026 Jun 2, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-9403 3Canonical DebianLibtiff 3Debian Linux LibtiffUbuntu Linux May 13, 2026 Jun 2, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-9147 1Libtiff 1Libtiff May 13, 2026 May 22, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file.
CVE-2017-9117 2Canonical Libtiff 2Libtiff Ubuntu Linux May 13, 2026 May 21, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In LibTIFF 4.0.6 and possibly other versions, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, as demonstrated by a heap-based buffer o...Show more In LibTIFF 4.0.6 and possibly other versions, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, as demonstrated by a heap-based buffer over-read in bmp2tiff. NOTE: mentioning bmp2tiff does not imply that the activation point is in the bmp2tiff.c file (which was removed before the 4.0.7 release).Show less
CVE-2016-10371 1Libtiff 1Libtiff May 13, 2026 May 10, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file.
CVE-2016-5322 2Debian Libtiff 2Debian Linux Libtiff May 13, 2026 Apr 11, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.
CVE-2017-7602 1Libtiff 1Libtiff May 13, 2026 Apr 9, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVE-2017-7601 1Libtiff 1Libtiff May 13, 2026 Apr 9, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact...Show more LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.Show less
CVE-2017-7600 1Libtiff 1Libtiff May 13, 2026 Apr 9, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 LibTIFF 4.0.7 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspec...Show more LibTIFF 4.0.7 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.Show less
CVE-2017-7599 1Libtiff 1Libtiff May 13, 2026 Apr 9, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 LibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified ot...Show more LibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.Show less
CVE-2017-7598 1Libtiff 1Libtiff May 13, 2026 Apr 9, 2017 N/A· v4 7.8 HIGH· v3 4.3 MEDIUM· v2 tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.
CVE-2017-7597 1Libtiff 1Libtiff May 13, 2026 Apr 9, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly ha...Show more tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.Show less
CVE-2017-7596 1Libtiff 1Libtiff May 13, 2026 Apr 9, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified ot...Show more LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.Show less

Previous 1...678...14 Next