rpm package

almalinux/libtiff-tools

pkg:rpm/almalinux/libtiff-tools

Vulnerabilities (65)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2023-0803	—	< 4.4.0-8.el9_2	4.4.0-8.el9_2	Feb 13, 2023	LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
CVE-2023-0802	—	< 4.4.0-8.el9_2	4.4.0-8.el9_2	Feb 13, 2023	LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
CVE-2023-0801	—	< 4.4.0-8.el9_2	4.4.0-8.el9_2	Feb 13, 2023	LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available w
CVE-2023-0800	—	< 4.4.0-8.el9_2	4.4.0-8.el9_2	Feb 13, 2023	LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
CVE-2023-0799	—	< 4.4.0-8.el9_2	4.4.0-8.el9_2	Feb 13, 2023	LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
CVE-2023-0798	—	< 4.4.0-8.el9_2	4.4.0-8.el9_2	Feb 13, 2023	LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
CVE-2023-0797	—	< 4.4.0-8.el9_2	4.4.0-8.el9_2	Feb 13, 2023	LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available wi
CVE-2023-0796	—	< 4.4.0-8.el9_2	4.4.0-8.el9_2	Feb 13, 2023	LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
CVE-2023-0795	—	< 4.4.0-8.el9_2	4.4.0-8.el9_2	Feb 13, 2023	LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
CVE-2022-48281	—	< 4.4.0-8.el9_2	4.4.0-8.el9_2	Jan 23, 2023	processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.
CVE-2022-3970	—	< 4.4.0-7.el9	4.4.0-7.el9	Nov 13, 2022	A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed t
CVE-2022-3627	—	< 4.4.0-7.el9	4.4.0-7.el9	Oct 21, 2022	LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is availabl
CVE-2022-3626	—	< 4.4.0-7.el9	4.4.0-7.el9	Oct 21, 2022	LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is availa
CVE-2022-3599	—	< 4.4.0-7.el9	4.4.0-7.el9	Oct 21, 2022	LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.
CVE-2022-3598	—	< 4.4.0-7.el9	4.4.0-7.el9	Oct 21, 2022	LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b.
CVE-2022-3597	—	< 4.4.0-7.el9	4.4.0-7.el9	Oct 21, 2022	LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is availabl
CVE-2022-3570	—	< 4.4.0-7.el9	4.4.0-7.el9	Oct 21, 2022	Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-depe
CVE-2022-2521	—	< 4.0.9-26.el8_7	4.0.9-26.el8_7	Aug 31, 2022	It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input.
CVE-2022-2520	—	< 4.0.9-26.el8_7	4.0.9-26.el8_7	Aug 31, 2022	A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input.
CVE-2022-2519	—	< 4.0.9-26.el8_7	4.0.9-26.el8_7	Aug 31, 2022	There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1

CVE-2023-0803Feb 13, 2023
affected < 4.4.0-8.el9_2fixed 4.4.0-8.el9_2
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
CVE-2023-0802Feb 13, 2023
affected < 4.4.0-8.el9_2fixed 4.4.0-8.el9_2
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
CVE-2023-0801Feb 13, 2023
affected < 4.4.0-8.el9_2fixed 4.4.0-8.el9_2
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available w
CVE-2023-0800Feb 13, 2023
affected < 4.4.0-8.el9_2fixed 4.4.0-8.el9_2
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
CVE-2023-0799Feb 13, 2023
affected < 4.4.0-8.el9_2fixed 4.4.0-8.el9_2
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
CVE-2023-0798Feb 13, 2023
affected < 4.4.0-8.el9_2fixed 4.4.0-8.el9_2
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
CVE-2023-0797Feb 13, 2023
affected < 4.4.0-8.el9_2fixed 4.4.0-8.el9_2
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available wi
CVE-2023-0796Feb 13, 2023
affected < 4.4.0-8.el9_2fixed 4.4.0-8.el9_2
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
CVE-2023-0795Feb 13, 2023
affected < 4.4.0-8.el9_2fixed 4.4.0-8.el9_2
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
CVE-2022-48281Jan 23, 2023
affected < 4.4.0-8.el9_2fixed 4.4.0-8.el9_2
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.
CVE-2022-3970Nov 13, 2022
affected < 4.4.0-7.el9fixed 4.4.0-7.el9
A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed t
CVE-2022-3627Oct 21, 2022
affected < 4.4.0-7.el9fixed 4.4.0-7.el9
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is availabl
CVE-2022-3626Oct 21, 2022
affected < 4.4.0-7.el9fixed 4.4.0-7.el9
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is availa
CVE-2022-3599Oct 21, 2022
affected < 4.4.0-7.el9fixed 4.4.0-7.el9
LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.
CVE-2022-3598Oct 21, 2022
affected < 4.4.0-7.el9fixed 4.4.0-7.el9
LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b.
CVE-2022-3597Oct 21, 2022
affected < 4.4.0-7.el9fixed 4.4.0-7.el9
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is availabl
CVE-2022-3570Oct 21, 2022
affected < 4.4.0-7.el9fixed 4.4.0-7.el9
Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-depe
CVE-2022-2521Aug 31, 2022
affected < 4.0.9-26.el8_7fixed 4.0.9-26.el8_7
It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input.
CVE-2022-2520Aug 31, 2022
affected < 4.0.9-26.el8_7fixed 4.0.9-26.el8_7
A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input.
CVE-2022-2519Aug 31, 2022
affected < 4.0.9-26.el8_7fixed 4.0.9-26.el8_7
There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1

Page 2 of 4