Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Libtiff
(Libtiff)Repositories | https://github.com/vadz/libtiff |
#Vulnerabilities | 250 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2017-12-28 | CVE-2017-17942 | In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c. | Libtiff | 8.8 | ||
2017-08-29 | CVE-2017-13727 | There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack. | Libtiff | 6.5 | ||
2017-08-29 | CVE-2017-13726 | There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack. | Libtiff | 6.5 | ||
2017-08-18 | CVE-2017-12944 | The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation. | Libtiff | 7.5 | ||
2018-10-26 | CVE-2018-18661 | An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c. | Ubuntu_linux, Libtiff | 6.5 | ||
2018-05-10 | CVE-2018-10963 | The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726. | Ubuntu_linux, Debian_linux, Libtiff | 6.5 | ||
2018-01-19 | CVE-2018-5784 | In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries. | Ubuntu_linux, Debian_linux, Libtiff | 6.5 | ||
2018-01-14 | CVE-2018-5360 | LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27. | Graphicsmagick, Libtiff | 8.8 | ||
2018-09-16 | CVE-2018-17101 | An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. | Ubuntu_linux, Debian_linux, Libtiff | 8.8 | ||
2018-09-16 | CVE-2018-17100 | An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. | Ubuntu_linux, Debian_linux, Libtiff | 8.8 |