Libtiff

libtiff

262 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Libtiff

libtiff

262 CVEs

CVEs (262)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-12900 2Canonical Libtiff 2Libtiff Ubuntu Linux Nov 21, 2024 Jun 26, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4bet...Show more Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.Show less
CVE-2018-10963 3Canonical DebianLibtiff 3Debian Linux LibtiffUbuntu Linux Nov 21, 2024 May 10, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability...Show more The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726.Show less
CVE-2018-10801 1Libtiff 1Libtiff Nov 21, 2024 May 8, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory leaks, as demonstrated by bmp2tiff.
CVE-2018-10779 2Canonical Libtiff 2Libtiff Ubuntu Linux Nov 21, 2024 May 7, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff.
CVE-2018-10126 1Libtiff 1Libtiff Nov 21, 2024 Apr 21, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 ijg-libjpeg before 9d, as used in tiff2pdf (from LibTIFF) and other products, does not check for a NULL pointer at a certain place in jpeg_fdct_16x16 in jfdctint.c.
CVE-2018-8905 4Canonical DebianLibtiff+1 more 6Debian Linux Enterprise Linux DesktopEnterprise Linux Server+3 more Nov 21, 2024 Mar 22, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.
CVE-2016-5314 4Debian LibtiffOpensuse+1 more 5Debian Linux Enterprise LinuxLeap+2 more Nov 21, 2024 Mar 12, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a craft...Show more Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr.Show less
CVE-2014-8130 3Apple LibtiffRedhat 9Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Server Aus+6 more Nov 21, 2024 Mar 12, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that i...Show more The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.Show less
CVE-2014-8129 4Apple DebianLibtiff+1 more 8Debian Linux Enterprise Linux ServerEnterprise Linux Server Aus+5 more Nov 21, 2024 Mar 12, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the Bit...Show more LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c.Show less
CVE-2018-7456 3Canonical DebianLibtiff 3Debian Linux LibtiffUbuntu Linux Nov 21, 2024 Feb 24, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0....Show more A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)Show less
CVE-2018-5784 3Canonical DebianLibtiff 3Debian Linux LibtiffUbuntu Linux Nov 21, 2024 Jan 19, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This...Show more In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries.Show less
CVE-2018-5360 2Graphicsmagick Libtiff 2Graphicsmagick Libtiff Nov 21, 2024 Jan 14, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27.
CVE-2017-18013 1Libtiff 1Libtiff Nov 21, 2024 Jan 1, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.
CVE-2017-17973 1Libtiff 1Libtiff May 13, 2026 Dec 29, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue
CVE-2017-17942 1Libtiff 1Libtiff May 13, 2026 Dec 28, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c.
CVE-2017-17095 1Libtiff 1Libtiff May 13, 2026 Dec 2, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted...Show more tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.Show less
CVE-2017-13727 1Libtiff 1Libtiff May 13, 2026 Aug 29, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack.
CVE-2017-13726 1Libtiff 1Libtiff May 13, 2026 Aug 29, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack.
CVE-2017-12944 1Libtiff 1Libtiff May 13, 2026 Aug 18, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the...Show more The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation.Show less
CVE-2017-11613 1Libtiff 1Libtiff May 13, 2026 Jul 26, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_...Show more In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If we set the value of td_imagelength close to the amount of system memory, it will hang the system or trigger the OOM killer.Show less

Previous 1...567...14 Next