rpm package
almalinux/libtiff-tools
pkg:rpm/almalinux/libtiff-tools
Vulnerabilities (65)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-35522 | — | < 4.0.9-20.el8 | 4.0.9-20.el8 | Mar 9, 2021 | In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack. | ||
| CVE-2020-35521 | — | < 4.0.9-20.el8 | 4.0.9-20.el8 | Mar 9, 2021 | A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service. | ||
| CVE-2019-17546 | — | < 4.0.9-18.el8 | 4.0.9-18.el8 | Oct 14, 2019 | tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition. | ||
| CVE-2018-15209 | — | < 4.0.9-32.el8_10 | 4.0.9-32.el8_10 | Aug 8, 2018 | ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. | ||
| CVE-2017-17095 | Hig | 8.8 | < 4.0.9-34.el8_10 | 4.0.9-34.el8_10 | Dec 2, 2017 | tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file. |
- CVE-2020-35522Mar 9, 2021affected < 4.0.9-20.el8fixed 4.0.9-20.el8
In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.
- CVE-2020-35521Mar 9, 2021affected < 4.0.9-20.el8fixed 4.0.9-20.el8
A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.
- CVE-2019-17546Oct 14, 2019affected < 4.0.9-18.el8fixed 4.0.9-18.el8
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.
- CVE-2018-15209Aug 8, 2018affected < 4.0.9-32.el8_10fixed 4.0.9-32.el8_10
ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf.
- affected < 4.0.9-34.el8_10fixed 4.0.9-34.el8_10
tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.
Page 4 of 4