Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Libtiff
(Libtiff)| Repositories | https://github.com/vadz/libtiff |
| #Vulnerabilities | 250 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-02-01 | CVE-2015-8781 | tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782. | Debian_linux, Libtiff | N/A | ||
| 2004-11-03 | CVE-2004-0804 | Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a denial of service (application crash) via a TIFF image that causes a divide-by-zero error when the number of row bytes is zero, a different vulnerability than CVE-2005-2452. | Libtiff | N/A | ||
| 2017-04-09 | CVE-2017-7594 | The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image. | Libtiff | 5.5 | ||
| 2017-01-23 | CVE-2017-5563 | LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff. | Libtiff | 8.8 | ||
| 2017-12-28 | CVE-2017-17942 | In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c. | Libtiff | 8.8 | ||
| 2017-08-29 | CVE-2017-13727 | There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack. | Libtiff | 6.5 | ||
| 2017-08-29 | CVE-2017-13726 | There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack. | Libtiff | 6.5 | ||
| 2017-08-18 | CVE-2017-12944 | The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation. | Libtiff | 7.5 | ||
| 2018-10-26 | CVE-2018-18661 | An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c. | Ubuntu_linux, Libtiff | 6.5 | ||
| 2018-05-10 | CVE-2018-10963 | The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726. | Ubuntu_linux, Debian_linux, Libtiff | 6.5 |