Search Results (263 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-3626 4 Debian, Libtiff, Netapp and 1 more 4 Debian Linux, Libtiff, Active Iq Unified Manager and 1 more 2025-05-07 5.5 Medium
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
CVE-2022-3627 4 Debian, Libtiff, Netapp and 1 more 4 Debian Linux, Libtiff, Active Iq Unified Manager and 1 more 2025-05-07 5.5 Medium
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
CVE-2016-5318 1 Libtiff 1 Libtiff 2025-04-20 N/A
Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff.
CVE-2014-8127 3 Libtiff, Opensuse, Redhat 3 Libtiff, Opensuse, Enterprise Linux 2025-04-20 N/A
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.
CVE-2016-10094 1 Libtiff 1 Libtiff 2025-04-20 N/A
Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image.
CVE-2016-10271 1 Libtiff 1 Libtiff 2025-04-20 N/A
tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 1" and libtiff/tif_fax3.c:413:13.
CVE-2016-9453 3 Debian, Libtiff, Opensuse 3 Debian Linux, Libtiff, Opensuse 2025-04-20 7.8 High
The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one.
CVE-2016-10266 1 Libtiff 1 Libtiff 2025-04-20 N/A
LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22.
CVE-2017-7602 1 Libtiff 1 Libtiff 2025-04-20 N/A
LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVE-2016-5317 3 Libtiff, Opensuse, Opensuse Project 3 Libtiff, Opensuse, Leap 2025-04-20 N/A
Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file.
CVE-2017-7592 1 Libtiff 1 Libtiff 2025-04-20 N/A
The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVE-2017-13727 1 Libtiff 1 Libtiff 2025-04-20 N/A
There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack.
CVE-2017-9935 3 Canonical, Debian, Libtiff 3 Ubuntu Linux, Debian Linux, Libtiff 2025-04-20 N/A
In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution.
CVE-2017-7598 1 Libtiff 1 Libtiff 2025-04-20 N/A
tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.
CVE-2016-10272 1 Libtiff 1 Libtiff 2025-04-20 N/A
LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "WRITE of size 2048" and libtiff/tif_next.c:64:9.
CVE-2017-9815 2 Canonical, Libtiff 2 Ubuntu Linux, Libtiff 2025-04-20 N/A
In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a denial of service (memory leak within the function _TIFFmalloc in tif_unix.c) via a crafted file.
CVE-2017-7601 1 Libtiff 1 Libtiff 2025-04-20 N/A
LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVE-2016-10270 1 Libtiff 1 Libtiff 2025-04-20 N/A
LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 8" and libtiff/tif_read.c:523:22.
CVE-2016-5321 2 Libtiff, Opensuse 2 Libtiff, Opensuse 2025-04-20 N/A
The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image.
CVE-2017-10688 1 Libtiff 1 Libtiff 2025-04-20 N/A
In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A crafted input will lead to a remote denial of service attack.