Total
227 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-9534 | 1 Libtiff | 1 Libtiff | 2018-01-04 | 7.5 HIGH | 9.8 CRITICAL |
tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow." | |||||
CVE-2015-1547 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2018-01-04 | 4.3 MEDIUM | 6.5 MEDIUM |
The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif. | |||||
CVE-2015-8870 | 1 Libtiff | 1 Libtiff | 2018-01-04 | 5.8 MEDIUM | 7.4 HIGH |
Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file. | |||||
CVE-2015-8683 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2018-01-04 | 4.3 MEDIUM | 5.5 MEDIUM |
The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image. | |||||
CVE-2015-8665 | 1 Libtiff | 1 Libtiff | 2018-01-04 | 4.3 MEDIUM | 5.5 MEDIUM |
tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image. | |||||
CVE-2014-9330 | 1 Libtiff | 1 Libtiff | 2018-01-04 | 5.0 MEDIUM | N/A |
Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) via crafted BMP image, related to dimensions, which triggers an out-of-bounds read. | |||||
CVE-2016-3622 | 1 Libtiff | 1 Libtiff | 2017-11-03 | 4.3 MEDIUM | 6.5 MEDIUM |
The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image. | |||||
CVE-2016-10094 | 1 Libtiff | 1 Libtiff | 2017-11-03 | 6.8 MEDIUM | 7.8 HIGH |
Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image. | |||||
CVE-2016-10270 | 1 Libtiff | 1 Libtiff | 2017-11-03 | 6.8 MEDIUM | 7.8 HIGH |
LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 8" and libtiff/tif_read.c:523:22. | |||||
CVE-2017-5225 | 1 Libtiff | 1 Libtiff | 2017-11-03 | 7.5 HIGH | 9.8 CRITICAL |
LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value. | |||||
CVE-2016-9273 | 1 Libtiff | 1 Libtiff | 2017-11-03 | 4.3 MEDIUM | 5.5 MEDIUM |
tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode. | |||||
CVE-2016-9297 | 1 Libtiff | 1 Libtiff | 2017-11-03 | 5.0 MEDIUM | 7.5 HIGH |
The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values. | |||||
CVE-2016-6223 | 1 Libtiff | 1 Libtiff | 2017-11-03 | 6.4 MEDIUM | 9.1 CRITICAL |
The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a negative index in a file-content buffer. | |||||
CVE-2016-9538 | 1 Libtiff | 1 Libtiff | 2017-11-03 | 7.5 HIGH | 9.8 CRITICAL |
tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100. | |||||
CVE-2016-3624 | 1 Libtiff | 1 Libtiff | 2017-11-03 | 5.0 MEDIUM | 7.5 HIGH |
The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the "-v" option to -1. | |||||
CVE-2006-3464 | 1 Libtiff | 1 Libtiff | 2017-10-10 | 7.5 HIGH | N/A |
TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecified vectors involving "unchecked arithmetic operations". | |||||
CVE-2006-3459 | 2 Adobe, Libtiff | 2 Acrobat Reader, Libtiff | 2017-10-10 | 7.5 HIGH | N/A |
Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c. | |||||
CVE-2006-3460 | 1 Libtiff | 1 Libtiff | 2017-10-10 | 7.5 HIGH | N/A |
Heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an encoded JPEG stream that is longer than the scan line size (TiffScanLineSize). | |||||
CVE-2006-3461 | 1 Libtiff | 1 Libtiff | 2017-10-10 | 7.5 HIGH | N/A |
Heap-based buffer overflow in the PixarLog decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors. | |||||
CVE-2006-3462 | 1 Libtiff | 1 Libtiff | 2017-10-10 | 7.5 HIGH | N/A |
Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors involving decoding large RLE images. |