Product:

Libtiff

(Libtiff)
Repositories https://github.com/vadz/libtiff
#Vulnerabilities 251
Date Id Summary Products Score Patch Annotated
2022-10-21 CVE-2022-3570 Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact Debian_linux, Libtiff 5.5
2022-10-21 CVE-2022-3597 LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191. Debian_linux, Libtiff, Active_iq_unified_manager 6.5
2022-10-21 CVE-2022-3598 LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b. Debian_linux, Libtiff, Active_iq_unified_manager 6.5
2022-10-21 CVE-2022-3599 LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125. Debian_linux, Libtiff, Active_iq_unified_manager 6.5
2022-10-21 CVE-2022-3626 LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191. Debian_linux, Libtiff, Active_iq_unified_manager 6.5
2022-10-21 CVE-2022-3627 LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191. Debian_linux, Libtiff, Active_iq_unified_manager 6.5
2023-03-03 CVE-2022-4645 LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125. Fedora, Libtiff 5.5
2023-05-19 CVE-2023-30774 A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values. Macos, Libtiff 5.5
2023-06-19 CVE-2023-3316 A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones. Libtiff 6.5
2023-05-09 CVE-2023-30086 Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c. Libtiff 5.5