rpm package
almalinux/libtiff-tools
pkg:rpm/almalinux/libtiff-tools
Vulnerabilities (65)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-4775 | Hig | 7.8 | < 4.6.0-6.el10_1.3 | 4.6.0-6.el10_1.3 | Mar 24, 2026 | A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer | |
| CVE-2025-9900 | Hig | 8.8 | < 4.4.0-13.el9_6.2 | 4.4.0-13.el9_6.2 | Sep 23, 2025 | A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing | |
| CVE-2025-8176 | Med | 5.3 | < 4.4.0-13.el9_6.2 | 4.4.0-13.el9_6.2 | Jul 26, 2025 | A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disc | |
| CVE-2024-7006 | — | < 4.0.9-33.el8_10 | 4.0.9-33.el8_10 | Aug 8, 2024 | A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an app | ||
| CVE-2023-52356 | Hig | 7.5 | < 4.0.9-32.el8_10 | 4.0.9-32.el8_10 | Jan 25, 2024 | A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. | |
| CVE-2023-6228 | — | < 4.4.0-12.el9 | 4.4.0-12.el9 | Dec 18, 2023 | An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash. | ||
| CVE-2023-41175 | — | < 4.4.0-12.el9 | 4.4.0-12.el9 | Oct 5, 2023 | A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. | ||
| CVE-2023-40745 | — | < 4.4.0-12.el9 | 4.4.0-12.el9 | Oct 5, 2023 | LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. | ||
| CVE-2023-3576 | — | < 4.4.0-10.el9 | 4.4.0-10.el9 | Oct 4, 2023 | A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually l | ||
| CVE-2022-40090 | — | < 4.4.0-12.el9 | 4.4.0-12.el9 | Aug 22, 2023 | An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file. | ||
| CVE-2023-3618 | — | < 4.4.0-12.el9 | 4.4.0-12.el9 | Jul 12, 2023 | A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service. | ||
| CVE-2023-26966 | — | < 4.4.0-10.el9 | 4.4.0-10.el9 | Jun 29, 2023 | libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian. | ||
| CVE-2023-25433 | — | < 4.0.9-32.el8_10 | 4.0.9-32.el8_10 | Jun 29, 2023 | libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV. | ||
| CVE-2023-3316 | — | < 4.4.0-10.el9 | 4.4.0-10.el9 | Jun 19, 2023 | A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones. | ||
| CVE-2023-26965 | — | < 4.4.0-10.el9 | 4.4.0-10.el9 | Jun 14, 2023 | loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image. | ||
| CVE-2023-30775 | — | < 4.4.0-7.el9 | 4.4.0-7.el9 | May 19, 2023 | A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c. | ||
| CVE-2023-30774 | — | < 4.4.0-7.el9 | 4.4.0-7.el9 | May 19, 2023 | A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values. | ||
| CVE-2023-2731 | — | < 4.4.0-10.el9 | 4.4.0-10.el9 | May 17, 2023 | A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a | ||
| CVE-2022-4645 | — | < 4.4.0-7.el9 | 4.4.0-7.el9 | Mar 3, 2023 | LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125. | ||
| CVE-2023-0804 | — | < 4.4.0-8.el9_2 | 4.4.0-8.el9_2 | Feb 13, 2023 | LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. |
- affected < 4.6.0-6.el10_1.3fixed 4.6.0-6.el10_1.3
A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer
- affected < 4.4.0-13.el9_6.2fixed 4.4.0-13.el9_6.2
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing
- affected < 4.4.0-13.el9_6.2fixed 4.4.0-13.el9_6.2
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disc
- CVE-2024-7006Aug 8, 2024affected < 4.0.9-33.el8_10fixed 4.0.9-33.el8_10
A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an app
- affected < 4.0.9-32.el8_10fixed 4.0.9-32.el8_10
A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.
- CVE-2023-6228Dec 18, 2023affected < 4.4.0-12.el9fixed 4.4.0-12.el9
An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.
- CVE-2023-41175Oct 5, 2023affected < 4.4.0-12.el9fixed 4.4.0-12.el9
A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.
- CVE-2023-40745Oct 5, 2023affected < 4.4.0-12.el9fixed 4.4.0-12.el9
LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.
- CVE-2023-3576Oct 4, 2023affected < 4.4.0-10.el9fixed 4.4.0-10.el9
A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually l
- CVE-2022-40090Aug 22, 2023affected < 4.4.0-12.el9fixed 4.4.0-12.el9
An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file.
- CVE-2023-3618Jul 12, 2023affected < 4.4.0-12.el9fixed 4.4.0-12.el9
A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.
- CVE-2023-26966Jun 29, 2023affected < 4.4.0-10.el9fixed 4.4.0-10.el9
libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.
- CVE-2023-25433Jun 29, 2023affected < 4.0.9-32.el8_10fixed 4.0.9-32.el8_10
libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV.
- CVE-2023-3316Jun 19, 2023affected < 4.4.0-10.el9fixed 4.4.0-10.el9
A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.
- CVE-2023-26965Jun 14, 2023affected < 4.4.0-10.el9fixed 4.4.0-10.el9
loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.
- CVE-2023-30775May 19, 2023affected < 4.4.0-7.el9fixed 4.4.0-7.el9
A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c.
- CVE-2023-30774May 19, 2023affected < 4.4.0-7.el9fixed 4.4.0-7.el9
A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.
- CVE-2023-2731May 17, 2023affected < 4.4.0-10.el9fixed 4.4.0-10.el9
A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a
- CVE-2022-4645Mar 3, 2023affected < 4.4.0-7.el9fixed 4.4.0-7.el9
LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.
- CVE-2023-0804Feb 13, 2023affected < 4.4.0-8.el9_2fixed 4.4.0-8.el9_2
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
Page 1 of 4