Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Libtiff
(Libtiff)| Repositories | https://github.com/vadz/libtiff |
| #Vulnerabilities | 250 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-09-13 | CVE-2018-17000 | A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction) in LibTIFF 4.0.9 allows an attacker to cause a denial-of-service through a crafted tiff file. This vulnerability can be triggered by the executable tiffcp. | Ubuntu_linux, Debian_linux, Libtiff | 6.5 | ||
| 2018-05-08 | CVE-2018-10801 | TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory leaks, as demonstrated by bmp2tiff. | Libtiff | 6.5 | ||
| 2018-05-07 | CVE-2018-10779 | TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff. | Ubuntu_linux, Libtiff | 6.5 | ||
| 2017-06-26 | CVE-2017-9936 | In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack. | Ubuntu_linux, Debian_linux, Libtiff | 6.5 | ||
| 2017-06-26 | CVE-2017-9935 | In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution. | Ubuntu_linux, Debian_linux, Libtiff | 8.8 | ||
| 2017-06-22 | CVE-2017-9815 | In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a denial of service (memory leak within the function _TIFFmalloc in tif_unix.c) via a crafted file. | Ubuntu_linux, Libtiff | 6.5 | ||
| 2017-06-02 | CVE-2017-9404 | In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file. | Ubuntu_linux, Debian_linux, Libtiff | 6.5 | ||
| 2017-06-02 | CVE-2017-9403 | In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file. | Ubuntu_linux, Debian_linux, Libtiff | 6.5 | ||
| 2017-05-22 | CVE-2017-9147 | LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file. | Libtiff | 6.5 | ||
| 2017-05-21 | CVE-2017-9117 | In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff. | Ubuntu_linux, Libtiff | 9.8 |