MidnightBSD

Advisories for libtiff

CVE-2004-0803 HIGH

Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apple mac_os_x_server 10.2.7
apple mac_os_x_server 10.3
apple mac_os_x 10.3.5
apple mac_os_x_server 10.2.4
apple mac_os_x 10.3.4
apple mac_os_x_server 10.2.8
apple mac_os_x 10.2.7
kde kde 3.3.1
kde kde 3.2.2
apple mac_os_x 10.2.5
apple mac_os_x_server 10.2.1
apple mac_os_x_server 10.2
libtiff libtiff 3.6.0
trustix secure_linux 2.0
apple mac_os_x 10.3
apple mac_os_x 10.3.6
suse suse_linux 9.1
apple mac_os_x_server 10.2.2
apple mac_os_x_server 10.3.3
apple mac_os_x_server 10.3.6
redhat fedora_core core_2.0
kde kde 3.3
libtiff libtiff 3.5.1
apple mac_os_x_server 10.2.5
apple mac_os_x_server 10.2.6
kde kde 3.2.1
suse suse_linux 9.0
apple mac_os_x 10.2.1
kde kde 3.2.3
mandrakesoft mandrake_linux 10.0
apple mac_os_x 10.2.3
kde kde 3.2
libtiff libtiff 3.5.5
libtiff libtiff 3.5.4
libtiff libtiff 3.5.7
suse suse_linux 8
libtiff libtiff 3.6.1
trustix secure_linux 2.1
apple mac_os_x 10.3.2
apple mac_os_x 10.3.3
pdflib pdf_library 5.0.2
apple mac_os_x 10.3.1
redhat enterprise_linux_desktop 3.0
redhat enterprise_linux 3.0
redhat enterprise_linux 2.1
redhat linux_advanced_workstation 2.1
suse suse_linux 1.0
apple mac_os_x_server 10.3.2
apple mac_os_x 10.2.6
apple mac_os_x_server 10.2.3
libtiff libtiff 3.5.3
suse suse_linux 8.2
apple mac_os_x 10.2.4
wxgtk2 wxgtk2 2.5_.0
suse suse_linux 8.1
trustix secure_linux 1.5
libtiff libtiff 3.5.2
apple mac_os_x_server 10.3.5
apple mac_os_x 10.2.8
apple mac_os_x_server 10.3.1
apple mac_os_x_server 10.3.4
apple mac_os_x 10.2
libtiff libtiff 3.4
apple mac_os_x 10.2.2
CVE-2004-0804 MEDIUM

Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a denial of service (application crash) via a TIFF image that causes a divide-by-zero error when the number of row bytes is zero, a different vulnerability than CVE-2005-2452.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
libtiff libtiff *
CVE-2004-0886 MEDIUM

Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apple mac_os_x_server 10.2.7
apple mac_os_x_server 10.3
apple mac_os_x 10.3.5
apple mac_os_x_server 10.2.4
apple mac_os_x 10.3.4
apple mac_os_x_server 10.2.8
apple mac_os_x 10.2.7
kde kde 3.3.1
kde kde 3.2.2
apple mac_os_x 10.2.5
apple mac_os_x_server 10.2.1
apple mac_os_x_server 10.2
libtiff libtiff 3.6.0
trustix secure_linux 2.0
apple mac_os_x 10.3
apple mac_os_x 10.3.6
suse suse_linux 9.1
apple mac_os_x_server 10.2.2
apple mac_os_x_server 10.3.3
apple mac_os_x_server 10.3.6
redhat fedora_core core_2.0
kde kde 3.3
libtiff libtiff 3.5.1
apple mac_os_x_server 10.2.5
apple mac_os_x_server 10.2.6
kde kde 3.2.1
suse suse_linux 9.0
apple mac_os_x 10.2.1
kde kde 3.2.3
mandrakesoft mandrake_linux 10.0
apple mac_os_x 10.2.3
kde kde 3.2
libtiff libtiff 3.5.5
libtiff libtiff 3.5.4
libtiff libtiff 3.5.7
suse suse_linux 8
libtiff libtiff 3.6.1
trustix secure_linux 2.1
apple mac_os_x 10.3.2
apple mac_os_x 10.3.3
wxgtk2 wxgtk2 *
pdflib pdf_library 5.0.2
apple mac_os_x 10.3.1
redhat enterprise_linux_desktop 3.0
redhat enterprise_linux 3.0
redhat enterprise_linux 2.1
redhat linux_advanced_workstation 2.1
suse suse_linux 1.0
apple mac_os_x_server 10.3.2
apple mac_os_x 10.2.6
apple mac_os_x_server 10.2.3
libtiff libtiff 3.5.3
suse suse_linux 8.2
apple mac_os_x 10.2.4
wxgtk2 wxgtk2 2.5_.0
suse suse_linux 8.1
trustix secure_linux 1.5
libtiff libtiff 3.5.2
apple mac_os_x_server 10.3.5
apple mac_os_x 10.2.8
apple mac_os_x_server 10.3.1
apple mac_os_x_server 10.3.4
apple mac_os_x 10.2
libtiff libtiff 3.4
apple mac_os_x 10.2.2
CVE-2004-0929 HIGH

Heap-based buffer overflow in the OJPEGVSetField function in tif_ojpeg.c for libtiff 3.6.1 and earlier, when compiled with the OJPEG_SUPPORT (old JPEG support) option, allows remote attackers to execute arbitrary code via a malformed TIFF image.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
suse suse_linux 9.1
suse suse_linux 8.2
suse suse_linux 1.0
suse suse_linux 8.1
suse suse_linux 9.0
suse suse_linux 8
libtiff libtiff 3.6.1
CVE-2004-1183 MEDIUM

Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
libtiff libtiff 3.5.5
libtiff libtiff 3.7.1
libtiff libtiff 3.5.4
libtiff libtiff 3.5.7
libtiff libtiff 3.6.0
libtiff libtiff 3.6.1
libtiff libtiff 3.5.2
libtiff libtiff 3.7.0
libtiff libtiff 3.5.6
libtiff libtiff 3.5.1
libtiff libtiff 3.4
libtiff libtiff 3.5.3
CVE-2004-1307 HIGH

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apple mac_os_x_server 10.3
apple mac_os_x_server 10.3.7
apple mac_os_x 10.3.5
apple mac_os_x 10.3.4
mandrakesoft mandrake_linux 10.1
avaya call_management_system_server 12.0
avaya call_management_system_server 8.0
conectiva linux 10.0
f5 icontrol_service_manager 1.3.6
sun solaris 9.0
mandrakesoft mandrake_linux_corporate_server 3.0
apple mac_os_x 10.3.7
gentoo linux *
avaya interactive_response 1.2.1
sun solaris 10.0
avaya modular_messaging_message_storage_server 1.1
f5 icontrol_service_manager 1.3.4
avaya call_management_system_server 13.0
libtiff libtiff 3.6.0
apple mac_os_x 10.3
apple mac_os_x 10.3.6
avaya call_management_system_server 11.0
apple mac_os_x_server 10.3.3
apple mac_os_x_server 10.3.6
libtiff libtiff 3.5.1
sun sunos 5.7
apple mac_os_x_server 10.3.8
mandrakesoft mandrake_linux 10.0
avaya integrated_management *
libtiff libtiff 3.5.5
conectiva linux 9.0
libtiff libtiff 3.5.4
libtiff libtiff 3.5.7
avaya intuity_audix_lx *
libtiff libtiff 3.6.1
apple mac_os_x_server 10.3.9
apple mac_os_x 10.3.2
apple mac_os_x 10.3.3
apple mac_os_x 10.3.9
apple mac_os_x 10.3.1
sco unixware 7.1.4
avaya cvlan *
f5 icontrol_service_manager 1.3.5
apple mac_os_x_server 10.3.2
libtiff libtiff 3.5.3
f5 icontrol_service_manager 1.3
sun solaris 8.0
sun sunos 5.8
avaya interactive_response *
avaya call_management_system_server 9.0
libtiff libtiff 3.5.2
apple mac_os_x_server 10.3.5
libtiff libtiff 3.7.0
avaya mn100 *
sun solaris 7.0
apple mac_os_x_server 10.3.1
apple mac_os_x_server 10.3.4
avaya modular_messaging_message_storage_server 2.0
avaya interactive_response 1.3
libtiff libtiff 3.4
sgi propack 3.0
apple mac_os_x 10.3.8
CVE-2004-1308 HIGH

Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
libtiff libtiff 3.7.0
libtiff libtiff 3.5.5
libtiff libtiff 3.5.4
libtiff libtiff 3.5.7
libtiff libtiff 3.5.1
libtiff libtiff 3.6.0
libtiff libtiff 3.4
libtiff libtiff 3.6.1
libtiff libtiff 3.5.3
libtiff libtiff 3.5.2
CVE-2005-1544 HIGH

Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
libtiff libtiff 3.5.5
libtiff libtiff 3.7.1
libtiff libtiff 3.5.4
libtiff libtiff 3.5.7
libtiff libtiff 3.6.0
libtiff libtiff 3.6.1
libtiff libtiff 3.5.2
libtiff libtiff 3.7.0
libtiff libtiff 3.5.6
libtiff libtiff 3.5.1
libtiff libtiff 3.4
libtiff libtiff 3.5.3
CVE-2005-2452 MEDIUM

libtiff up to 3.7.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image header with a zero "YCbCr subsampling" value, which causes a divide-by-zero error in (1) tif_strip.c and (2) tif_tile.c, a different vulnerability than CVE-2004-0804.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
libtiff libtiff 3.5.5
libtiff libtiff 3.5.7
libtiff libtiff 3.6.1
CVE-2006-0405 MEDIUM

The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a NULL pointer dereference, possibly due to changes in type declarations and/or the TIFFVSetField function.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
libtiff libtiff 3.8.0
CVE-2006-2024 MEDIUM

Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
libtiff libtiff 3.5.5
libtiff libtiff 3.7.1
libtiff libtiff 3.5.4
libtiff libtiff 3.5.7
libtiff libtiff 3.6.0
libtiff libtiff *
libtiff libtiff 3.6.1
libtiff libtiff 3.5.2
libtiff libtiff 3.7.0
libtiff libtiff 3.5.6
libtiff libtiff 3.5.1
libtiff libtiff 3.4
libtiff libtiff 3.5.3
CVE-2006-2025 MEDIUM

Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
libtiff libtiff 3.5.5
libtiff libtiff 3.7.1
libtiff libtiff 3.5.4
libtiff libtiff 3.5.7
libtiff libtiff 3.6.0
libtiff libtiff *
libtiff libtiff 3.6.1
libtiff libtiff 3.5.2
libtiff libtiff 3.7.0
libtiff libtiff 3.5.6
libtiff libtiff 3.5.1
libtiff libtiff 3.4
libtiff libtiff 3.5.3
CVE-2006-2026 MEDIUM

Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers errors related to "setfield/getfield methods in cleanup functions."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libtiff libtiff 3.5.5
libtiff libtiff 3.7.1
libtiff libtiff 3.5.4
libtiff libtiff 3.5.7
libtiff libtiff 3.6.0
libtiff libtiff *
libtiff libtiff 3.6.1
libtiff libtiff 3.5.2
libtiff libtiff 3.7.0
libtiff libtiff 3.5.6
libtiff libtiff 3.5.1
libtiff libtiff 3.4
libtiff libtiff 3.5.3
CVE-2006-2120 LOW

The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
libtiff libtiff 3.8.1
CVE-2006-2193 HIGH

Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character is sign extended to an integer that produces more digits than expected in an sprintf call.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
libtiff libtiff 3.8.1
libtiff libtiff 3.5.5
libtiff libtiff 3.7.1
libtiff libtiff 3.5.4
libtiff libtiff 3.5.7
libtiff libtiff 3.6.0
libtiff libtiff *
libtiff libtiff 3.6.1
libtiff libtiff 3.5.2
libtiff libtiff 3.7.0
libtiff libtiff 3.5.6
libtiff libtiff 3.8.0
libtiff libtiff 3.5.1
libtiff libtiff 3.4
libtiff libtiff 3.5.3
CVE-2006-2656 HIGH

Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libtiff libtiff 3.8.1
libtiff libtiff 3.5.5
libtiff libtiff 3.7.1
libtiff libtiff 3.5.4
libtiff libtiff 3.5.7
libtiff libtiff 3.6.0
libtiff libtiff *
libtiff libtiff 3.6.1
libtiff libtiff 3.5.2
libtiff libtiff 3.7.0
libtiff libtiff 3.5.6
libtiff libtiff 3.8.0
libtiff libtiff 3.5.1
libtiff libtiff 3.4
libtiff libtiff 3.5.3
CVE-2009-5022 MEDIUM

Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libtiff libtiff 3.8.1
libtiff libtiff 3.9.0
libtiff libtiff 3.5.5
libtiff libtiff 3.7.1
libtiff libtiff 3.5.4
libtiff libtiff 3.5.7
libtiff libtiff 3.7.4
libtiff libtiff *
libtiff libtiff 3.6.1
libtiff libtiff 3.8.2
libtiff libtiff 3.9.1
libtiff libtiff 3.5.3
libtiff libtiff 3.9.2-5.2.1
libtiff libtiff 3.9.3
libtiff libtiff 3.6.0
libtiff libtiff 3.7.3
libtiff libtiff 3.7.2
libtiff libtiff 3.5.2
libtiff libtiff 3.7.0
libtiff libtiff 3.9
libtiff libtiff 3.5.6
libtiff libtiff 3.8.0
libtiff libtiff 3.5.1
libtiff libtiff 3.4
libtiff libtiff 3.9.2
CVE-2010-2065 MEDIUM

Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF file that triggers a buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
libtiff libtiff 3.8.1
libtiff libtiff 3.9.0
libtiff libtiff 3.5.5
libtiff libtiff 3.7.1
libtiff libtiff 3.5.4
libtiff libtiff 3.5.7
libtiff libtiff 3.7.4
libtiff libtiff 3.6.0
libtiff libtiff *
libtiff libtiff 3.7.3
libtiff libtiff 3.6.1
libtiff libtiff 3.7.2
libtiff libtiff 3.5.2
libtiff libtiff 3.7.0
libtiff libtiff 3.9
libtiff libtiff 3.5.6
libtiff libtiff 3.8.0
libtiff libtiff 3.8.2
libtiff libtiff 3.9.1
libtiff libtiff 3.5.1
libtiff libtiff 3.4
libtiff libtiff 3.5.3
CVE-2010-2067 MEDIUM

Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 6.06
canonical ubuntu_linux 10.04
libtiff libtiff *
canonical ubuntu_linux 8.04
canonical ubuntu_linux 9.04
canonical ubuntu_linux 9.10
CVE-2010-2233 HIGH

tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to "downsampled OJPEG input."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
libtiff libtiff 3.9.0
libtiff libtiff 3.9.2
CVE-2010-2443 MEDIUM

The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an OJPEG image with undefined strip offsets, related to the TIFFVGetField function.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
libtiff libtiff 3.8.1
libtiff libtiff 3.9.0
libtiff libtiff 3.5.5
libtiff libtiff 3.7.1
libtiff libtiff 3.5.4
libtiff libtiff 3.5.7
libtiff libtiff 3.7.4
libtiff libtiff 3.6.0
libtiff libtiff *
libtiff libtiff 3.7.3
libtiff libtiff 3.6.1
libtiff libtiff 3.7.2
libtiff libtiff 3.5.2
libtiff libtiff 3.7.0
libtiff libtiff 3.9
libtiff libtiff 3.5.6
libtiff libtiff 3.8.0
libtiff libtiff 3.8.2
libtiff libtiff 3.9.1
libtiff libtiff 3.5.1
libtiff libtiff 3.4
libtiff libtiff 3.5.3
CVE-2010-2481 MEDIUM

The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libtiff libtiff 3.8.1
libtiff libtiff 3.9.0
libtiff libtiff 3.5.5
libtiff libtiff 3.7.1
libtiff libtiff 3.5.4
libtiff libtiff 3.5.7
libtiff libtiff 3.7.4
libtiff libtiff 3.6.0
libtiff libtiff *
libtiff libtiff 3.7.3
libtiff libtiff 3.6.1
libtiff libtiff 3.7.2
libtiff libtiff 3.5.2
libtiff libtiff 3.7.0
libtiff libtiff 3.9
libtiff libtiff 3.5.6
libtiff libtiff 3.8.0
libtiff libtiff 3.8.2
libtiff libtiff 3.9.1
libtiff libtiff 3.5.1
libtiff libtiff 3.4
libtiff libtiff 3.5.3
libtiff libtiff 3.9.2
CVE-2010-2482 MEDIUM

LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
libtiff libtiff 3.8.1
libtiff libtiff 3.9.0
libtiff libtiff 3.5.5
libtiff libtiff 3.7.1
libtiff libtiff 3.5.4
libtiff libtiff 3.5.7
libtiff libtiff 3.9.3
libtiff libtiff 3.7.4
libtiff libtiff 3.6.0
libtiff libtiff *
libtiff libtiff 3.7.3
libtiff libtiff 3.6.1
libtiff libtiff 3.7.2
libtiff libtiff 3.5.2
libtiff libtiff 3.7.0
libtiff libtiff 3.5.6
libtiff libtiff 3.8.0
libtiff libtiff 3.8.2
libtiff libtiff 3.9.1
libtiff libtiff 3.5.1
libtiff libtiff 3.4
libtiff libtiff 3.5.3
libtiff libtiff 3.9.2
CVE-2010-2483 MEDIUM

The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libtiff libtiff 3.9.0
CVE-2010-2595 MEDIUM

The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to "downsampled OJPEG input."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
libtiff libtiff 3.9.0
libtiff libtiff 3.9.2
CVE-2010-2596 MEDIUM

The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2, as used in tiff2ps, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF image, related to "downsampled OJPEG input."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
libtiff libtiff 3.9.0
libtiff libtiff 3.9.2
CVE-2010-2597 MEDIUM

The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image, related to "downsampled OJPEG input" and possibly related to a compiler optimization that triggers a divide-by-zero error.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
libtiff libtiff 3.9.0
libtiff libtiff 3.9.2
CVE-2010-2630 MEDIUM

The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
libtiff libtiff 3.9.0
CVE-2010-2631 MEDIUM

LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during the second stage, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
libtiff libtiff 3.9.0
CVE-2010-3087 MEDIUM

LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
opensuse opensuse 11.3
libtiff libtiff 3.9.2-5.2.1
CVE-2010-4665 MEDIUM

Integer overflow in the ReadDirectory function in tiffdump.c in tiffdump in LibTIFF before 3.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF file containing a directory data structure with many directory entries.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
libtiff libtiff 3.8.1
libtiff libtiff 3.9.0
libtiff libtiff 3.5.5
libtiff libtiff 3.7.1
libtiff libtiff 3.5.4
libtiff libtiff 3.5.7
libtiff libtiff 3.7.4
libtiff libtiff *
libtiff libtiff 3.6.1
libtiff libtiff 3.8.2
libtiff libtiff 3.9.1
libtiff libtiff 3.5.3
libtiff libtiff 3.9.2-5.2.1
libtiff libtiff 3.9.3
libtiff libtiff 3.6.0
libtiff libtiff 3.7.3
libtiff libtiff 3.7.2
libtiff libtiff 3.5.2
libtiff libtiff 3.7.0
libtiff libtiff 3.9
libtiff libtiff 3.5.6
libtiff libtiff 3.8.0
libtiff libtiff 3.5.1
libtiff libtiff 3.4
libtiff libtiff 3.9.2
CVE-2011-1167 MEDIUM

Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libtiff libtiff 3.8.1
libtiff libtiff 3.9.0
libtiff libtiff 3.5.5
libtiff libtiff 3.7.1
libtiff libtiff 3.5.4
libtiff libtiff 3.5.7
libtiff libtiff 3.7.4
libtiff libtiff *
libtiff libtiff 3.6.1
libtiff libtiff 3.8.2
libtiff libtiff 3.9.1
libtiff libtiff 3.5.3
libtiff libtiff 3.9.2-5.2.1
libtiff libtiff 3.9.3
libtiff libtiff 3.6.0
libtiff libtiff 3.7.3
libtiff libtiff 3.7.2
libtiff libtiff 3.5.2
libtiff libtiff 3.7.0
libtiff libtiff 3.9
libtiff libtiff 3.5.6
libtiff libtiff 3.8.0
libtiff libtiff 3.5.1
libtiff libtiff 3.4
libtiff libtiff 3.9.2
CVE-2012-1173 MEDIUM

Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
libtiff libtiff 3.9.4
CVE-2012-2088 HIGH

Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
libtiff libtiff 3.8.1
libtiff libtiff 3.9.0
libtiff libtiff 3.5.5
libtiff libtiff 3.7.1
libtiff libtiff 3.5.4
libtiff libtiff 3.5.7
libtiff libtiff 3.7.4
libtiff libtiff *
libtiff libtiff 3.6.1
libtiff libtiff 3.8.2
libtiff libtiff 3.9.1
libtiff libtiff 3.5.3
libtiff libtiff 3.9.2-5.2.1
libtiff libtiff 3.9.3
libtiff libtiff 3.6.0
libtiff libtiff 3.7.3
libtiff libtiff 3.7.2
libtiff libtiff 3.5.2
libtiff libtiff 3.7.0
libtiff libtiff 3.9
libtiff libtiff 3.5.6
libtiff libtiff 3.8.0
libtiff libtiff 3.5.1
libtiff libtiff 3.4
libtiff libtiff 3.9.2
CVE-2012-2113 MEDIUM

Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
libtiff libtiff 3.8.1
libtiff libtiff 3.9.0
libtiff libtiff 3.5.5
libtiff libtiff 3.7.1
libtiff libtiff 3.5.4
libtiff libtiff 3.5.7
libtiff libtiff 3.7.4
libtiff libtiff *
libtiff libtiff 4.0
libtiff libtiff 3.6.1
libtiff libtiff 3.8.2
libtiff libtiff 3.9.1
libtiff libtiff 3.5.3
libtiff libtiff 3.9.2-5.2.1
libtiff libtiff 3.9.3
libtiff libtiff 3.9.5
libtiff libtiff 3.6.0
libtiff libtiff 3.7.3
libtiff libtiff 3.7.2
libtiff libtiff 3.5.2
libtiff libtiff 3.7.0
libtiff libtiff 3.9
libtiff libtiff 3.5.6
libtiff libtiff 3.8.0
libtiff libtiff 3.9.4
libtiff libtiff 3.5.1
libtiff libtiff 3.4
libtiff libtiff 3.9.2
CVE-2012-3401 MEDIUM

The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libtiff libtiff 3.8.1
libtiff libtiff 3.9.0
libtiff libtiff 3.5.5
libtiff libtiff 3.7.1
libtiff libtiff 3.5.4
libtiff libtiff 3.5.7
libtiff libtiff 3.7.4
libtiff libtiff *
libtiff libtiff 4.0
libtiff libtiff 3.6.1
libtiff libtiff 3.8.2
libtiff libtiff 3.9.1
libtiff libtiff 4.0.1
libtiff libtiff 3.5.3
libtiff libtiff 3.9.2-5.2.1
libtiff libtiff 3.9.3
libtiff libtiff 3.6.0
libtiff libtiff 3.7.3
libtiff libtiff 3.7.2
libtiff libtiff 3.5.2
libtiff libtiff 3.7.0
libtiff libtiff 3.9
libtiff libtiff 3.5.6
libtiff libtiff 3.8.0
libtiff libtiff 3.9.4
libtiff libtiff 3.5.1
libtiff libtiff 3.4
libtiff libtiff 3.9.2
CVE-2012-4447 MEDIUM

Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libtiff libtiff 3.8.1
libtiff libtiff 3.9.0
libtiff libtiff 3.5.5
libtiff libtiff 3.7.1
libtiff libtiff 3.5.4
libtiff libtiff 3.5.7
libtiff libtiff 3.7.4
libtiff libtiff *
libtiff libtiff 4.0
libtiff libtiff 3.6.1
libtiff libtiff 3.8.2
libtiff libtiff 3.9.1
libtiff libtiff 4.0.1
libtiff libtiff 3.5.3
libtiff libtiff 3.9.2-5.2.1
libtiff libtiff 3.9.3
libtiff libtiff 3.9.5
libtiff libtiff 3.6.0
libtiff libtiff 3.7.3
libtiff libtiff 3.7.2
libtiff libtiff 3.5.2
libtiff libtiff 3.7.0
libtiff libtiff 3.9
libtiff libtiff 3.5.6
libtiff libtiff 3.8.0
libtiff libtiff 3.9.4
libtiff libtiff 3.5.1
libtiff libtiff 3.4
libtiff libtiff 3.9.2
CVE-2012-4564 MEDIUM

ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.10
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server 6.0
libtiff libtiff *
canonical ubuntu_linux 8.04
debian debian_linux 6.0
redhat enterprise_linux_workstation 5.0
canonical ubuntu_linux 11.10
debian debian_linux 7.0
opensuse opensuse 11.4
canonical ubuntu_linux 12.04
redhat enterprise_linux_eus 6.3
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_server 5.0
canonical ubuntu_linux 10.04
redhat enterprise_linux_workstation 6.0
CVE-2012-5581 MEDIUM

Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libtiff libtiff 3.8.1
libtiff libtiff 3.9.0
libtiff libtiff 3.5.5
libtiff libtiff 3.7.1
libtiff libtiff 3.5.4
libtiff libtiff 3.5.7
libtiff libtiff 3.7.4
libtiff libtiff *
libtiff libtiff 4.0
libtiff libtiff 3.6.1
libtiff libtiff 3.8.2
libtiff libtiff 3.9.1
libtiff libtiff 3.5.3
libtiff libtiff 3.9.2-5.2.1
libtiff libtiff 3.9.3
libtiff libtiff 3.9.5
libtiff libtiff 3.6.0
libtiff libtiff 3.7.3
libtiff libtiff 3.7.2
libtiff libtiff 3.5.2
libtiff libtiff 3.7.0
libtiff libtiff 3.9
libtiff libtiff 3.5.6
libtiff libtiff 3.8.0
libtiff libtiff 3.9.4
libtiff libtiff 3.5.1
libtiff libtiff 3.4
libtiff libtiff 3.9.2
CVE-2013-4231 MEDIUM

Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libtiff libtiff *
libtiff libtiff 4.0
libtiff libtiff 4.0.1
CVE-2013-4232 MEDIUM

Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted TIFF image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.3
debian debian_linux 6.0
debian debian_linux 7.0
CVE-2013-4243 MEDIUM

Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libtiff libtiff 3.8.1
libtiff libtiff 3.9.0
libtiff libtiff 3.5.5
libtiff libtiff 3.7.1
libtiff libtiff 3.5.4
libtiff libtiff 3.5.7
libtiff libtiff 3.7.4
libtiff libtiff *
libtiff libtiff 4.0
debian debian_linux 7.0
libtiff libtiff 3.6.1
libtiff libtiff 3.8.2
libtiff libtiff 3.9.1
libtiff libtiff 4.0.1
libtiff libtiff 3.5.3
libtiff libtiff 3.9.2-5.2.1
libtiff libtiff 3.9.3
libtiff libtiff 3.9.5
libtiff libtiff 3.6.0
debian debian_linux 6.0
libtiff libtiff 3.7.3
libtiff libtiff 3.7.2
libtiff libtiff 3.5.2
libtiff libtiff 3.7.0
libtiff libtiff 3.9
libtiff libtiff 3.5.6
libtiff libtiff 3.8.0
libtiff libtiff 3.9.4
libtiff libtiff 3.5.1
libtiff libtiff 4.0.2
libtiff libtiff 3.4
libtiff libtiff 3.9.2
CVE-2013-4244 MEDIUM

The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libtiff libtiff 3.8.1
libtiff libtiff 3.9.0
libtiff libtiff 3.5.5
libtiff libtiff 3.7.1
libtiff libtiff 3.5.4
libtiff libtiff 3.5.7
libtiff libtiff 3.7.4
libtiff libtiff *
libtiff libtiff 4.0
libtiff libtiff 3.6.1
libtiff libtiff 3.8.2
libtiff libtiff 3.9.1
libtiff libtiff 4.0.1
libtiff libtiff 3.5.3
libtiff libtiff 3.9.2-5.2.1
libtiff libtiff 3.9.3
libtiff libtiff 3.9.5
libtiff libtiff 3.6.0
libtiff libtiff 3.7.3
libtiff libtiff 3.7.2
libtiff libtiff 3.5.2
libtiff libtiff 3.7.0
libtiff libtiff 3.9
libtiff libtiff 3.5.6
libtiff libtiff 3.8.0
libtiff libtiff 3.9.4
libtiff libtiff 3.5.1
libtiff libtiff 4.0.2
libtiff libtiff 3.4
libtiff libtiff 3.9.2
CVE-2014-8127 MEDIUM

LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.3
opensuse opensuse 13.1
opensuse opensuse 13.2
CVE-2014-8128 MEDIUM

LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
libtiff libtiff *
CVE-2014-8129 MEDIUM

LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.3
apple mac_os_x 10.10.3
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server 6.0
apple iphone_os -
apple mac_os_x 10.9.5
redhat enterprise_linux_server_aus 7.3
apple mac_os_x 10.8.5
apple mac_os_x 10.10.0
debian debian_linux 7.0
apple mac_os_x 10.10.1
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_server_eus 7.3
apple mac_os_x 10.10.2
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_eus 7.2
redhat enterprise_linux_server_eus 7.4
CVE-2014-8130 MEDIUM

The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.3
apple mac_os_x 10.10.3
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server 6.0
apple mac_os_x 10.9.5
redhat enterprise_linux_server_aus 7.3
apple mac_os_x 10.8.5
apple mac_os_x 10.10.0
apple mac_os_x 10.10.1
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_server_eus 7.3
redhat enterprise_linux_workstation 6.0
apple mac_os_x 10.10.2
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_server_tus 7.3
apple iphone_os *
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_eus 7.2
redhat enterprise_linux_server_eus 7.4
CVE-2014-9330 MEDIUM

Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) via crafted BMP image, related to dimensions, which triggers an out-of-bounds read.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.3
CVE-2015-1547 MEDIUM

The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
debian debian_linux 8.0
libtiff libtiff *
debian debian_linux 7.0
CVE-2015-7313 MEDIUM

LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted tiff file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
libtiff libtiff -
libtiff libtiff *
CVE-2015-7554 HIGH

The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-254,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.6
CVE-2015-8665 MEDIUM

tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.6
CVE-2015-8668 HIGH

Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
redhat enterprise_linux_workstation 7.0
oracle linux 6
oracle linux 7
oracle vm_server 3.3
redhat enterprise_linux_desktop 6.0
oracle vm_server 3.4
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux 7.0
libtiff libtiff *
redhat enterprise_linux 6.0
CVE-2015-8683 MEDIUM

The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
debian debian_linux 8.0
libtiff libtiff 4.0.6
debian debian_linux 7.0
CVE-2015-8781 MEDIUM

tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
debian debian_linux 8.0
libtiff libtiff *
debian debian_linux 7.0
CVE-2015-8782 MEDIUM

tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
debian debian_linux 8.0
libtiff libtiff *
debian debian_linux 7.0
CVE-2015-8783 MEDIUM

tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
debian debian_linux 8.0
libtiff libtiff *
debian debian_linux 7.0
CVE-2015-8784 MEDIUM

The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
debian debian_linux 8.0
libtiff libtiff *
debian debian_linux 7.0
CVE-2015-8870 MEDIUM

Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-190,

Products Affected

Vendor Product Version
libtiff libtiff *
CVE-2016-10092 MEDIUM

Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.7
CVE-2016-10093 MEDIUM

Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image, which triggers a heap-based buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-190,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.7
CVE-2016-10094 MEDIUM

Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.7
CVE-2016-10095 MEDIUM

Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7 and 4.0.8 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.7
CVE-2016-10266 MEDIUM

LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.7
CVE-2016-10267 MEDIUM

LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.7
CVE-2016-10268 MEDIUM

tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 78490" and libtiff/tif_unix.c:115:23.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-191,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.7
CVE-2016-10269 MEDIUM

LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6 and 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 512" and libtiff/tif_unix.c:340:2.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.7
CVE-2016-10270 MEDIUM

LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 8" and libtiff/tif_read.c:523:22.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.7
CVE-2016-10271 MEDIUM

tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 1" and libtiff/tif_fax3.c:413:13.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.7
CVE-2016-10272 MEDIUM

LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "WRITE of size 2048" and libtiff/tif_next.c:64:9.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.7
CVE-2016-10371 MEDIUM

The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.6
CVE-2016-3186 MEDIUM

Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
libtiff libtiff 4.0.6
CVE-2016-3619 MEDIUM

The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c none" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.6
CVE-2016-3620 MEDIUM

The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c zip" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libtiff libtiff *
CVE-2016-3621 MEDIUM

The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c lzw" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libtiff libtiff *
CVE-2016-3622 MEDIUM

The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.6
CVE-2016-3623 MEDIUM

The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
libtiff libtiff *
CVE-2016-3624 MEDIUM

The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the "-v" option to -1.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
libtiff libtiff *
CVE-2016-3625 MEDIUM

tif_read.c in the tiff2bw tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libtiff libtiff *
CVE-2016-3631 MEDIUM

The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the bytecounts[] array variable.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libtiff libtiff *
CVE-2016-3632 MEDIUM

The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
oracle vm_server 3.3
oracle vm_server 3.4
libtiff libtiff *
CVE-2016-3633 MEDIUM

The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the src variable.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libtiff libtiff *
CVE-2016-3634 MEDIUM

The tagCompare function in tif_dirinfo.c in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to field_tag matching.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libtiff libtiff *
CVE-2016-3658 MEDIUM

The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving the ma variable.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libtiff libtiff *
CVE-2016-3945 MEDIUM

Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-787,

Products Affected

Vendor Product Version
oracle vm_server 3.3
oracle vm_server 3.4
libtiff libtiff *
CVE-2016-3990 MEDIUM

Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
oracle vm_server 3.3
oracle vm_server 3.4
libtiff libtiff *
CVE-2016-3991 MEDIUM

Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
oracle vm_server 3.3
oracle vm_server 3.4
libtiff libtiff *
CVE-2016-5102 MEDIUM

Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
libtiff libtiff *
CVE-2016-5314 MEDIUM

Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
opensuse opensuse 13.1
opensuse opensuse 13.2
redhat enterprise_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0
opensuse leap 42.1
libtiff libtiff *
redhat enterprise_linux 6.0
CVE-2016-5315 MEDIUM

The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
debian debian_linux 8.0
libtiff libtiff *
CVE-2016-5316 MEDIUM

Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
opensuse opensuse 13.1
opensuse opensuse 13.2
libtiff libtiff *
opensuse_project leap 42.1
CVE-2016-5317 MEDIUM

Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
opensuse opensuse 13.1
opensuse opensuse 13.2
libtiff libtiff 4.0.6
opensuse_project leap 42.1
CVE-2016-5318 MEDIUM

Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libtiff libtiff *
CVE-2016-5319 MEDIUM

Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libtiff libtiff *
CVE-2016-5321 MEDIUM

The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
opensuse opensuse 13.1
libtiff libtiff *
CVE-2016-5322 MEDIUM

The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
debian debian_linux 8.0
debian debian_linux 9.0
libtiff libtiff *
CVE-2016-5323 MEDIUM

The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
libtiff libtiff *
CVE-2016-5652 MEDIUM

An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.6
CVE-2016-6223 MEDIUM

The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a negative index in a file-content buffer.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
libtiff libtiff *
CVE-2016-8331 MEDIUM

An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the application using LibTIFF's tag extension functionality.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.6
CVE-2016-9273 MEDIUM

tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.6
CVE-2016-9297 MEDIUM

The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.6
CVE-2016-9448 MEDIUM

The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting the tags TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII to values that access 0-byte arrays. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9297.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
libtiff libtiff 4.0.6
CVE-2016-9453 MEDIUM

The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
debian debian_linux 8.0
debian debian_linux 9.0
libtiff libtiff *
CVE-2016-9532 MEDIUM

Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
debian debian_linux 8.0
libtiff libtiff *
CVE-2016-9533 HIGH

tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka "PixarLog horizontalDifference heap-buffer-overflow."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.6
CVE-2016-9534 HIGH

tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.6
CVE-2016-9535 HIGH

tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.6
CVE-2016-9536 HIGH

tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka "t2p_process_jpeg_strip heap-buffer-overflow."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.6
CVE-2016-9537 HIGH

tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096, and MSVR 35097.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.6
CVE-2016-9538 HIGH

tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.6
CVE-2016-9539 HIGH

tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-125,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.6
CVE-2016-9540 HIGH

tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.6
CVE-2017-10688 MEDIUM

In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A crafted input will lead to a remote denial of service attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.8
CVE-2017-11335 MEDIUM

There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.8
CVE-2017-11613 MEDIUM

In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If we set the value of td_imagelength close to the amount of system memory, it will hang the system or trigger the OOM killer.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.8
CVE-2017-12944 MEDIUM

The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.8
CVE-2017-13726 MEDIUM

There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.8
CVE-2017-13727 MEDIUM

There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.8
CVE-2017-16232 MEDIUM

LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-772,

Products Affected

Vendor Product Version
suse linux_enterprise_server 12
libtiff libtiff 4.0.8
suse linux_enterprise_software_development_kit 12
suse linux_enterprise_desktop 12
opensuse leap 42.3
opensuse leap 42.2
CVE-2017-17095 MEDIUM

tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.9
CVE-2017-17942 MEDIUM

In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.9
CVE-2017-17973 MEDIUM

In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.8
CVE-2017-18013 MEDIUM

In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.9
CVE-2017-5225 HIGH

LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-122,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.7
CVE-2017-5563 MEDIUM

LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.7
CVE-2017-7592 MEDIUM

The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.7
CVE-2017-7593 MEDIUM

tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.7
CVE-2017-7594 MEDIUM

The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-772,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.7
CVE-2017-7595 MEDIUM

The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.7
CVE-2017-7596 MEDIUM

LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.7
CVE-2017-7597 MEDIUM

tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.7
CVE-2017-7598 MEDIUM

tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.7
CVE-2017-7599 MEDIUM

LibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.7
CVE-2017-7600 MEDIUM

LibTIFF 4.0.7 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.7
CVE-2017-7601 MEDIUM

LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.7
CVE-2017-7602 MEDIUM

LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.7
CVE-2017-9117 HIGH

In LibTIFF 4.0.6 and possibly other versions, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, as demonstrated by a heap-based buffer over-read in bmp2tiff. NOTE: mentioning bmp2tiff does not imply that the activation point is in the bmp2tiff.c file (which was removed before the 4.0.7 release).

CVSS 2.0

Severity: HIGH

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 17.10
libtiff libtiff 4.0.7
CVE-2017-9147 MEDIUM

LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.7
CVE-2017-9403 MEDIUM

In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-772,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
debian debian_linux 8.0
debian debian_linux 9.0
debian debian_linux 10.0
canonical ubuntu_linux 14.04
libtiff libtiff 4.0.7
CVE-2017-9404 MEDIUM

In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-772,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
debian debian_linux 8.0
debian debian_linux 9.0
debian debian_linux 10.0
canonical ubuntu_linux 14.04
libtiff libtiff 4.0.7
CVE-2017-9815 MEDIUM

In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a denial of service (memory leak within the function _TIFFmalloc in tif_unix.c) via a crafted file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-772,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
canonical ubuntu_linux 14.04
libtiff libtiff 4.0.7
CVE-2017-9935 MEDIUM

In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
debian debian_linux 8.0
debian debian_linux 9.0
libtiff libtiff *
debian debian_linux 7.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 17.10
CVE-2017-9936 MEDIUM

In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-772,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.8
canonical ubuntu_linux 16.04
debian debian_linux 8.0
debian debian_linux 9.0
debian debian_linux 10.0
canonical ubuntu_linux 14.04
CVE-2017-9937 MEDIUM

In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libtiff libtiff *
CVE-2018-10126 MEDIUM

ijg-libjpeg before 9d, as used in tiff2pdf (from LibTIFF) and other products, does not check for a NULL pointer at a certain place in jpeg_fdct_16x16 in jfdctint.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.9
CVE-2018-10779 MEDIUM

TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
libtiff libtiff 3.8.2
canonical ubuntu_linux 18.10
canonical ubuntu_linux 18.04
canonical ubuntu_linux 14.04
CVE-2018-10801 MEDIUM

TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory leaks, as demonstrated by bmp2tiff.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-772,

Products Affected

Vendor Product Version
libtiff libtiff 3.8.2
CVE-2018-10963 MEDIUM

The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
debian debian_linux 8.0
debian debian_linux 9.0
libtiff libtiff *
canonical ubuntu_linux 18.10
canonical ubuntu_linux 18.04
canonical ubuntu_linux 14.04
CVE-2018-12900 MEDIUM

Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.10
canonical ubuntu_linux 18.04
libtiff libtiff 4.0.9
canonical ubuntu_linux 14.04
CVE-2018-15209 MEDIUM

ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
debian debian_linux 9.0
libtiff libtiff 4.0.9
CVE-2018-16335 MEDIUM

newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
debian debian_linux 9.0
libtiff libtiff 4.0.9
CVE-2018-17000 MEDIUM

A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction) in LibTIFF 4.0.9 allows an attacker to cause a denial-of-service through a crafted tiff file. This vulnerability can be triggered by the executable tiffcp.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
debian debian_linux 8.0
canonical ubuntu_linux 18.10
canonical ubuntu_linux 18.04
libtiff libtiff 4.0.9
canonical ubuntu_linux 14.04
CVE-2018-17100 MEDIUM

An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
debian debian_linux 8.0
canonical ubuntu_linux 18.10
canonical ubuntu_linux 18.04
libtiff libtiff 4.0.9
canonical ubuntu_linux 14.04
CVE-2018-17101 MEDIUM

An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
debian debian_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 18.10
canonical ubuntu_linux 18.04
libtiff libtiff 4.0.9
canonical ubuntu_linux 14.04
CVE-2018-17795 MEDIUM

The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
libtiff libtiff 4.0.9
CVE-2018-18557 MEDIUM

LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
debian debian_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 18.10
canonical ubuntu_linux 18.04
libtiff libtiff 4.0.9
canonical ubuntu_linux 14.04
CVE-2018-18661 MEDIUM

An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.10
canonical ubuntu_linux 18.04
libtiff libtiff 4.0.9
canonical ubuntu_linux 14.04
CVE-2018-19210 MEDIUM

In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
debian debian_linux 8.0
canonical ubuntu_linux 18.10
canonical ubuntu_linux 18.04
libtiff libtiff 4.0.9
canonical ubuntu_linux 14.04
CVE-2018-5360 MEDIUM

LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
graphicsmagick graphicsmagick 1.3.27
libtiff libtiff *
CVE-2018-5784 MEDIUM

In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
debian debian_linux 8.0
debian debian_linux 9.0
debian debian_linux 7.0
libtiff libtiff 4.0.9
canonical ubuntu_linux 14.04
canonical ubuntu_linux 17.10
CVE-2018-7456 MEDIUM

A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
debian debian_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 18.10
debian debian_linux 7.0
canonical ubuntu_linux 18.04
libtiff libtiff 4.0.9
canonical ubuntu_linux 14.04
CVE-2018-8905 MEDIUM

In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 16.04
redhat enterprise_linux_desktop 7.0
debian debian_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 18.10
debian debian_linux 7.0
canonical ubuntu_linux 18.04
libtiff libtiff 4.0.9
canonical ubuntu_linux 14.04
CVE-2019-14973 MEDIUM

_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
opensuse leap 15.1
fedoraproject fedora 31
debian debian_linux 8.0
debian debian_linux 9.0
libtiff libtiff *
debian debian_linux 10.0
fedoraproject fedora 30
opensuse leap 15.2
CVE-2019-17546 MEDIUM

tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-787,

Products Affected

Vendor Product Version
libtiff libtiff *
osgeo gdal *
CVE-2019-6128 MEDIUM

The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
opensuse leap 15.0
canonical ubuntu_linux 16.04
libtiff libtiff 4.0.10
debian debian_linux 8.0
canonical ubuntu_linux 18.10
canonical ubuntu_linux 18.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
CVE-2019-7663 MEDIUM

An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
opensuse leap 15.0
canonical ubuntu_linux 16.04
libtiff libtiff 4.0.10
debian debian_linux 8.0
canonical ubuntu_linux 18.10
canonical ubuntu_linux 18.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
CVE-2020-18768

There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.0.10, which allows an attacker to cause a denial-of-service through a crafted tiff file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
libtiff libtiff 4.0.10
CVE-2020-35521 MEDIUM

A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
fedoraproject fedora 33
redhat enterprise_linux 7.0
libtiff libtiff *
redhat enterprise_linux 8.0
netapp ontap_select_deploy_administration_utility -
CVE-2020-35522 MEDIUM

In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
fedoraproject fedora 33
redhat enterprise_linux 7.0
libtiff libtiff *
redhat enterprise_linux 6.0
redhat enterprise_linux 8.0
netapp ontap_select_deploy_administration_utility -
CVE-2020-35523 MEDIUM

An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
redhat enterprise_linux 7.0
debian debian_linux 9.0
libtiff libtiff *
debian debian_linux 10.0
redhat enterprise_linux 6.0
redhat enterprise_linux 8.0
netapp ontap_select_deploy_administration_utility -
CVE-2020-35524 MEDIUM

A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
fedoraproject fedora 33
redhat enterprise_linux 7.0
debian debian_linux 9.0
libtiff libtiff *
debian debian_linux 10.0
redhat enterprise_linux 6.0
redhat enterprise_linux 8.0
netapp ontap_select_deploy_administration_utility -
CVE-2022-0561 MEDIUM

Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
debian debian_linux 11.0
debian debian_linux 9.0
libtiff libtiff *
debian debian_linux 10.0
redhat enterprise_linux 8.0
netapp ontap_select_deploy_administration_utility -
fedoraproject fedora 35
CVE-2022-0562 MEDIUM

Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
debian debian_linux 11.0
debian debian_linux 9.0
libtiff libtiff *
debian debian_linux 10.0
netapp ontap_select_deploy_administration_utility -
fedoraproject fedora 35
CVE-2022-0865 MEDIUM

Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6
cve@gitlab.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
debian debian_linux 11.0
libtiff libtiff 4.3.0
fedoraproject fedora 36
debian debian_linux 10.0
CVE-2022-0891 MEDIUM

A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
debian debian_linux 11.0
fedoraproject fedora 36
libtiff libtiff *
debian debian_linux 10.0
fedoraproject fedora 35
CVE-2022-0907 MEDIUM

Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@gitlab.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-252,

Products Affected

Vendor Product Version
debian debian_linux 11.0
libtiff libtiff 4.3.0
fedoraproject fedora 36
debian debian_linux 10.0
netapp ontap_select_deploy_administration_utility -
fedoraproject fedora 35
CVE-2022-0908 MEDIUM

Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
cve@gitlab.com 7.7 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 3.1 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
debian debian_linux 11.0
fedoraproject fedora 36
libtiff libtiff *
debian debian_linux 10.0
netapp ontap_select_deploy_administration_utility -
fedoraproject fedora 35
CVE-2022-0909 MEDIUM

Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@gitlab.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
debian debian_linux 11.0
libtiff libtiff 4.3.0
fedoraproject fedora 36
debian debian_linux 10.0
netapp ontap_select_deploy_administration_utility -
fedoraproject fedora 35
CVE-2022-0924 MEDIUM

Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
debian debian_linux 11.0
libtiff libtiff 4.3.0
fedoraproject fedora 36
debian debian_linux 10.0
netapp ontap_select_deploy_administration_utility -
fedoraproject fedora 35
CVE-2022-1056 MEDIUM

Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
cve@gitlab.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
libtiff libtiff 4.3.0
CVE-2022-1210 MEDIUM

A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-404,

Products Affected

Vendor Product Version
libtiff libtiff 4.3.0
netapp ontap_select_deploy_administration_utility -
CVE-2022-1354

A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
debian debian_linux 11.0
fedoraproject fedora 34
fedoraproject fedora 36
redhat enterprise_linux 9.0
libtiff libtiff *
debian debian_linux 10.0
netapp ontap_select_deploy_administration_utility -
fedoraproject fedora 35
CVE-2022-1355

A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H 1.8 4.2

Products Affected

Vendor Product Version
debian debian_linux 11.0
fedoraproject fedora 34
fedoraproject fedora 36
redhat enterprise_linux 7.0
redhat enterprise_linux 9.0
libtiff libtiff *
debian debian_linux 10.0
redhat enterprise_linux 8.0
netapp ontap_select_deploy_administration_utility -
fedoraproject fedora 35
CVE-2022-1622 MEDIUM

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
cve@gitlab.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
apple watchos *
libtiff libtiff 4.3.0
fedoraproject fedora 36
apple macos *
apple iphone_os *
apple tvos *
netapp ontap_select_deploy_administration_utility -
fedoraproject fedora 35
CVE-2022-1623 MEDIUM

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@gitlab.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
debian debian_linux 11.0
libtiff libtiff 4.3.0
fedoraproject fedora 36
netapp ontap_select_deploy_administration_utility -
fedoraproject fedora 35
CVE-2022-2056 MEDIUM

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6
cve@gitlab.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
debian debian_linux 11.0
fedoraproject fedora 36
libtiff libtiff 4.4.0
debian debian_linux 10.0
fedoraproject fedora 35
CVE-2022-2057 MEDIUM

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6
cve@gitlab.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
debian debian_linux 11.0
fedoraproject fedora 36
libtiff libtiff 4.4.0
debian debian_linux 10.0
fedoraproject fedora 35
CVE-2022-2058 MEDIUM

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6
cve@gitlab.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
debian debian_linux 11.0
fedoraproject fedora 36
libtiff libtiff 4.4.0
debian debian_linux 10.0
fedoraproject fedora 35
CVE-2022-22844 MEDIUM

LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
debian debian_linux 11.0
libtiff libtiff 4.3.0
debian debian_linux 9.0
debian debian_linux 10.0
netapp ontap_select_deploy_administration_utility -
CVE-2022-2519

There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
debian debian_linux 11.0
libtiff libtiff 4.4.0
CVE-2022-2520

A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
debian debian_linux 11.0
libtiff libtiff 4.4.0
CVE-2022-2521

It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
debian debian_linux 11.0
libtiff libtiff 4.4.0
CVE-2022-2867

libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
debian debian_linux 11.0
fedoraproject fedora 36
libtiff libtiff *
debian debian_linux 10.0
fedoraproject fedora 35
CVE-2022-2868

libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
debian debian_linux 11.0
fedoraproject fedora 36
libtiff libtiff *
debian debian_linux 10.0
fedoraproject fedora 35
CVE-2022-2869

libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
debian debian_linux 11.0
fedoraproject fedora 36
libtiff libtiff *
debian debian_linux 10.0
fedoraproject fedora 35
CVE-2022-2953

LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@gitlab.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
debian debian_linux 11.0
libtiff libtiff *
netapp ontap_select_deploy_administration_utility -
CVE-2022-34266

The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 allows attackers to cause a denial of service (application crash), a different vulnerability than CVE-2022-0562. When processing a malicious TIFF file, an invalid range may be passed as an argument to the memset() function within TIFFFetchStripThing() in tif_dirread.c. This will cause TIFFFetchStripThing() to segfault after use of an uninitialized resource.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
cve@mitre.org 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
libtiff libtiff 4.0.3-35
CVE-2022-34526

A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the "tiffsplit" or "tiffcrop" utilities.

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
debian debian_linux 11.0
fedoraproject fedora 36
libtiff libtiff 4.4.0
debian debian_linux 10.0
netapp ontap_select_deploy_administration_utility -
CVE-2022-3570

Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@gitlab.com 7.7 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 2.5 5.2
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
debian debian_linux 11.0
libtiff libtiff *
debian debian_linux 10.0
CVE-2022-3597

LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@gitlab.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
debian debian_linux 11.0
libtiff libtiff *
debian debian_linux 10.0
CVE-2022-3598

LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6
cve@gitlab.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
libtiff libtiff *
debian debian_linux 10.0
CVE-2022-3599

LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@gitlab.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
debian debian_linux 11.0
libtiff libtiff *
debian debian_linux 10.0
CVE-2022-3626

LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@gitlab.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
libtiff libtiff *
debian debian_linux 10.0
CVE-2022-3627

LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@gitlab.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
debian debian_linux 11.0
libtiff libtiff *
debian debian_linux 10.0
CVE-2022-3970

A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9
cna@vuldb.com 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L 2.8 3.4

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
apple macos *
apple ipados *
libtiff libtiff *
apple iphone_os *
debian debian_linux 10.0
apple safari *
CVE-2022-40090

An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
libtiff libtiff *
CVE-2022-4645

LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@gitlab.com 6.8 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H 2.5 4.2
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
libtiff libtiff *
CVE-2022-48281

processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
debian debian_linux 11.0
libtiff libtiff *
debian debian_linux 10.0
CVE-2023-0795

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
cve@gitlab.com 6.8 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H 2.5 4.2

Products Affected

Vendor Product Version
libtiff libtiff *
CVE-2023-0796

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@gitlab.com 6.8 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H 2.5 4.2
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
libtiff libtiff *
CVE-2023-0797

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@gitlab.com 6.8 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H 2.5 4.2
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
libtiff libtiff *
CVE-2023-0798

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
cve@gitlab.com 6.8 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H 2.5 4.2

Products Affected

Vendor Product Version
libtiff libtiff *
CVE-2023-0799

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
cve@gitlab.com 6.8 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H 2.5 4.2

Products Affected

Vendor Product Version
libtiff libtiff *
CVE-2023-0800

LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@gitlab.com 6.8 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H 2.5 4.2
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
libtiff libtiff *
CVE-2023-0801

LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
cve@gitlab.com 6.8 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H 2.5 4.2

Products Affected

Vendor Product Version
libtiff libtiff *
CVE-2023-0802

LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
cve@gitlab.com 6.8 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H 2.5 4.2

Products Affected

Vendor Product Version
libtiff libtiff *
CVE-2023-0803

LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@gitlab.com 6.8 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H 2.5 4.2
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
libtiff libtiff *
CVE-2023-0804

LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
cve@gitlab.com 6.8 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H 2.5 4.2

Products Affected

Vendor Product Version
libtiff libtiff *
CVE-2023-1916

A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x.

Products Affected

Vendor Product Version
libtiff libtiff *
CVE-2023-25433

libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV.

Products Affected

Vendor Product Version
libtiff libtiff 4.5.0
CVE-2023-25434

libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215.

Products Affected

Vendor Product Version
libtiff libtiff 4.5.0
CVE-2023-25435

libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753.

Products Affected

Vendor Product Version
libtiff libtiff 4.5.0
CVE-2023-26965

loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.

Products Affected

Vendor Product Version
libtiff libtiff *
CVE-2023-26966

libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.

Products Affected

Vendor Product Version
libtiff libtiff 4.5.0
CVE-2023-2731

A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.

Products Affected

Vendor Product Version
fedoraproject fedora 38
redhat enterprise_linux 9.0
libtiff libtiff *
CVE-2023-2908

A null pointer dereference issue was found in Libtiff's tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial of service.

Products Affected

Vendor Product Version
libtiff libtiff *
CVE-2023-30086

Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c.

Products Affected

Vendor Product Version
libtiff libtiff 4.0.7
CVE-2023-30774

A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.

Products Affected

Vendor Product Version
libtiff libtiff 4.0.0
apple macos *
CVE-2023-30775

A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c.

Products Affected

Vendor Product Version
libtiff libtiff 4.4.0
CVE-2023-3164

A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
libtiff libtiff -
redhat enterprise_linux 7.0
redhat enterprise_linux 9.0
libtiff libtiff *
redhat enterprise_linux 8.0
CVE-2023-3316

A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
reefs@jfrog.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

Products Affected

Vendor Product Version
libtiff libtiff *
CVE-2023-3576

A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
secalert@redhat.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
fedoraproject fedora -
redhat enterprise_linux 9.0
libtiff libtiff *
redhat enterprise_linux 8.0
CVE-2023-3618

A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
libtiff libtiff *
debian debian_linux 10.0
redhat enterprise_linux 8.0
CVE-2023-40745

LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
fedoraproject fedora -
redhat enterprise_linux 9.0
libtiff libtiff *
redhat enterprise_linux 8.0
CVE-2023-41175

A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
fedoraproject fedora -
redhat enterprise_linux 9.0
libtiff libtiff *
redhat enterprise_linux 8.0
CVE-2023-52355

An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
libtiff libtiff *
redhat enterprise_linux 8.0
CVE-2023-52356

A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
libtiff libtiff -
redhat enterprise_linux 9.0
redhat enterprise_linux 8.0
CVE-2023-6228

An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
secalert@redhat.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
libtiff libtiff -
CVE-2023-6277

An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
fedoraproject fedora 38
libtiff libtiff -
CVE-2024-13978 LOW

A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as problematic. Affected by this vulnerability is the function t2p_read_tiff_init of the file tools/tiff2pdf.c of the component fax2ps. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The patch is named 2ebfffb0e8836bfb1cd7d85c059cd285c59761a4. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 2.5 LOW CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L 1.0 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-404,CWE-476,

Products Affected

Vendor Product Version
libtiff libtiff *
CVE-2024-7006

A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.5 3.6

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
libtiff libtiff *
redhat enterprise_linux 8.0
redhat enterprise_linux_for_power_little_endian_eus 9.2
redhat enterprise_linux_for_arm_64 9.2
redhat enterprise_linux_server_aus 9.2
CVE-2025-61143

libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tif_open.c.

Products Affected

Vendor Product Version
libtiff libtiff *
CVE-2025-61144

libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function.

Products Affected

Vendor Product Version
libtiff libtiff *
CVE-2025-61145

libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c.

Products Affected

Vendor Product Version
libtiff libtiff *
CVE-2025-8176 MEDIUM

A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab3b41a839d5172. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 1.8 3.4
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-416,

Products Affected

Vendor Product Version
libtiff libtiff *
CVE-2025-8177 MEDIUM

A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to apply a patch to fix this issue. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
cna@vuldb.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 1.8 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-120,

Products Affected

Vendor Product Version
libtiff libtiff *
CVE-2025-8534 LOW

A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PS_Lvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 6ba36f159fd396ad11bf6b7874554197736ecc8b. It is recommended to apply a patch to fix this issue. One of the maintainers explains, that "[t]his error only occurs if DEFER_STRILE_LOAD (defer-strile-load:BOOL=ON) or TIFFOpen( .. "rD") option is used."

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 2.5 LOW CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L 1.0 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-404,CWE-476,

Products Affected

Vendor Product Version
libtiff libtiff 4.6.0
CVE-2025-8851 MEDIUM

A vulnerability was determined in LibTIFF up to 4.5.1. Affected by this issue is the function readSeparateStripsetoBuffer of the file tools/tiffcrop.c of the component tiffcrop. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The patch is identified as 8a7a48d7a645992ca83062b3a1873c951661e2b3. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 1.8 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-121,

Products Affected

Vendor Product Version
libtiff libtiff *
CVE-2025-8961 LOW

A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and could be exploited.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libtiff libtiff 4.7.0
CVE-2025-9165 LOW

A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attack is restricted to local execution. This attack is characterized by high complexity. It is indicated that the exploitability is difficult. The exploit has been published and may be used. There is ongoing doubt regarding the real existence of this vulnerability. This patch is called ed141286a37f6e5ddafb5069347ff5d587e7a4e0. It is best practice to apply a patch to resolve this issue. A researcher disputes the security impact of this issue, because "this is a memory leak on a command line tool that is about to exit anyway". In the reply the project maintainer declares this issue as "a simple 'bug' when leaving the command line tool and (...) not a security issue at all".

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 2.5 LOW CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L 1.0 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-401,CWE-404,

Products Affected

Vendor Product Version
libtiff libtiff 4.7.0
CVE-2026-4775

A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
libtiff libtiff -
debian debian_linux 11.0
redhat enterprise_linux 7.0
redhat enterprise_linux 9.0
redhat enterprise_linux 6.0
redhat enterprise_linux 8.0
redhat enterprise_linux 10.0
redhat hardened_images -