Libtiff

libtiff

Vendor: Libtiff • 262 CVEs

CVEs (262)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2006-3464 1Libtiff 1Libtiff Apr 16, 2026 Aug 3, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an intege...Show more TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecified vectors involving "unchecked arithmetic operations".Show less
CVE-2006-3463 1Libtiff 1Libtiff Apr 16, 2026 Aug 3, 2006 N/A· v4 N/A· v3 7.8 HIGH· v2 The EstimateStripByteCounts function in TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, which allows context-dependent attackers to cause a denial of service...Show more The EstimateStripByteCounts function in TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, which allows context-dependent attackers to cause a denial of service via a large td_nstrips value, which triggers an infinite loop.Show less
CVE-2006-3462 1Libtiff 1Libtiff Apr 16, 2026 Aug 3, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors involving decoding large RLE images.
CVE-2006-3461 1Libtiff 1Libtiff Apr 16, 2026 Aug 3, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Heap-based buffer overflow in the PixarLog decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors.
CVE-2006-3460 1Libtiff 1Libtiff Apr 16, 2026 Aug 3, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an encoded JPEG stream tha...Show more Heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an encoded JPEG stream that is longer than the scan line size (TiffScanLineSize).Show less
CVE-2006-3459 1Libtiff 1Libtiff Apr 16, 2026 Aug 3, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service...Show more Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c.Show less
CVE-2006-2193 1Libtiff 1Libtiff Apr 16, 2026 Jun 8, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName...Show more Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character is sign extended to an integer that produces more digits than expected in an sprintf call.Show less
CVE-2006-2656 1Libtiff 1Libtiff Apr 16, 2026 May 30, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scena...Show more Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.Show less
CVE-2006-2120 1Libtiff 1Libtiff Apr 16, 2026 May 1, 2006 N/A· v4 N/A· v3 2.1 LOW· v2 The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bound...Show more The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read.Show less
CVE-2006-2026 1Libtiff 1Libtiff Apr 16, 2026 Apr 25, 2006 N/A· v4 N/A· v3 6.5 MEDIUM· v2 Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers errors re...Show more Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers errors related to "setfield/getfield methods in cleanup functions."Show less
CVE-2006-2025 1Libtiff 1Libtiff Apr 16, 2026 Apr 25, 2006 N/A· v4 N/A· v3 6.5 MEDIUM· v2 Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image.
CVE-2006-2024 1Libtiff 1Libtiff Apr 16, 2026 Apr 25, 2006 N/A· v4 N/A· v3 4.0 MEDIUM· v2 Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certai...Show more Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c.Show less
CVE-2006-0405 1Libtiff 1Libtiff Apr 16, 2026 Jan 25, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a NULL pointer dereference, possibly due t...Show more The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a NULL pointer dereference, possibly due to changes in type declarations and/or the TIFFVSetField function.Show less
CVE-2005-2452 1Libtiff 1Libtiff Apr 16, 2026 Aug 3, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 libtiff up to 3.7.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image header with a zero "YCbCr subsampling" value, which causes a divide-by-zero error in (1) tif_strip.c and (2) t...Show more libtiff up to 3.7.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image header with a zero "YCbCr subsampling" value, which causes a divide-by-zero error in (1) tif_strip.c and (2) tif_tile.c, a different vulnerability than CVE-2004-0804.Show less
CVE-2005-1544 1Libtiff 1Libtiff Apr 16, 2026 May 14, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag.
CVE-2004-0929 2Libtiff Suse 2Libtiff Suse Linux Apr 16, 2026 Jan 27, 2005 N/A· v4 N/A· v3 10.0 HIGH· v2 Heap-based buffer overflow in the OJPEGVSetField function in tif_ojpeg.c for libtiff 3.6.1 and earlier, when compiled with the OJPEG_SUPPORT (old JPEG support) option, allows remote attackers to execute arbitrary code vi...Show more Heap-based buffer overflow in the OJPEGVSetField function in tif_ojpeg.c for libtiff 3.6.1 and earlier, when compiled with the OJPEG_SUPPORT (old JPEG support) option, allows remote attackers to execute arbitrary code via a malformed TIFF image.Show less
CVE-2004-0886 9Apple KdeLibtiff+6 more 13Enterprise Linux Enterprise Linux DesktopFedora Core+10 more Apr 16, 2026 Jan 27, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.
CVE-2004-1308 1Libtiff 1Libtiff Apr 16, 2026 Jan 10, 2005 N/A· v4 N/A· v3 10.0 HIGH· v2 Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 e...Show more Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow.Show less
CVE-2004-1183 1Libtiff 1Libtiff Apr 16, 2026 Jan 6, 2005 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF file.
CVE-2004-0803 9Apple KdeLibtiff+6 more 13Enterprise Linux Enterprise Linux DesktopFedora Core+10 more Apr 16, 2026 Dec 23, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.

Previous 1...10 11 121314 Next