Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Libtiff
(Libtiff)Repositories | https://github.com/vadz/libtiff |
#Vulnerabilities | 250 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2022-10-21 | CVE-2022-3599 | LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125. | Debian_linux, Libtiff, Active_iq_unified_manager | 6.5 | ||
2022-10-21 | CVE-2022-3627 | LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191. | Debian_linux, Libtiff, Active_iq_unified_manager | 6.5 | ||
2022-03-28 | CVE-2022-1056 | Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd. | Libtiff, Active_iq_unified_manager | 5.5 | ||
2010-06-24 | CVE-2010-2067 | Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file. | Ubuntu_linux, Libtiff | N/A | ||
2010-07-02 | CVE-2010-2233 | tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to "downsampled OJPEG input." | Libtiff | N/A | ||
2010-07-06 | CVE-2010-2481 | The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file. | Libtiff | N/A | ||
2010-07-06 | CVE-2010-2482 | LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443. | Libtiff | N/A | ||
2010-07-06 | CVE-2010-2483 | The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values. | Libtiff | N/A | ||
2011-03-28 | CVE-2011-1167 | Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value. | Libtiff | N/A | ||
2011-05-03 | CVE-2009-5022 | Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file. | Libtiff | N/A |