rpm package
almalinux/libtiff
pkg:rpm/almalinux/libtiff
Vulnerabilities (64)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-35522 | — | < 4.0.9-20.el8 | 4.0.9-20.el8 | Mar 9, 2021 | In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack. | ||
| CVE-2020-35521 | — | < 4.0.9-20.el8 | 4.0.9-20.el8 | Mar 9, 2021 | A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service. | ||
| CVE-2018-15209 | — | < 4.0.9-32.el8_10 | 4.0.9-32.el8_10 | Aug 8, 2018 | ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. | ||
| CVE-2017-17095 | Hig | 8.8 | < 4.0.9-34.el8_10 | 4.0.9-34.el8_10 | Dec 2, 2017 | tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file. |
- CVE-2020-35522Mar 9, 2021affected < 4.0.9-20.el8fixed 4.0.9-20.el8
In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.
- CVE-2020-35521Mar 9, 2021affected < 4.0.9-20.el8fixed 4.0.9-20.el8
A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.
- CVE-2018-15209Aug 8, 2018affected < 4.0.9-32.el8_10fixed 4.0.9-32.el8_10
ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf.
- affected < 4.0.9-34.el8_10fixed 4.0.9-34.el8_10
tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.
Page 4 of 4