rpm package

opensuse/tiff&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/tiff&distro=openSUSE%20Tumbleweed

Vulnerabilities (157)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2017-17095	Hig	8.8	< 4.6.0-2.1	4.6.0-2.1	Dec 2, 2017	tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.
CVE-2017-12944	Hig	7.5	< 4.6.0-2.1	4.6.0-2.1	Aug 18, 2017	The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff
CVE-2017-11613	Med	6.5	< 4.3.0-1.3	4.3.0-1.3	Jul 26, 2017	In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In
CVE-2014-8127	Med	6.5	< 4.0.7-1.1	4.0.7-1.1	Jun 26, 2017	LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCI
CVE-2017-9936	Med	6.5	< 4.3.0-1.3	4.3.0-1.3	Jun 26, 2017	In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack.
CVE-2017-9935	Hig	8.8	< 4.3.0-1.3	4.3.0-1.3	Jun 26, 2017	In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2
CVE-2017-9404	Med	6.5	< 4.3.0-1.3	4.3.0-1.3	Jun 2, 2017	In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-9403	Med	6.5	< 4.3.0-1.3	4.3.0-1.3	Jun 2, 2017	In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2016-10371	Med	5.5	< 4.3.0-1.3	4.3.0-1.3	May 10, 2017	The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file.
CVE-2017-7602	Hig	7.8	< 4.3.0-1.3	4.3.0-1.3	Apr 9, 2017	LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVE-2017-7601	Hig	7.8	< 4.3.0-1.3	4.3.0-1.3	Apr 9, 2017	LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVE-2017-7599	Hig	7.8	< 4.3.0-1.3	4.3.0-1.3	Apr 9, 2017	LibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVE-2017-7598	Hig	7.8	< 4.3.0-1.3	4.3.0-1.3	Apr 9, 2017	tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.
CVE-2017-7596	Hig	7.8	< 4.3.0-1.3	4.3.0-1.3	Apr 9, 2017	LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVE-2017-7595	Med	5.5	< 4.3.0-1.3	4.3.0-1.3	Apr 9, 2017	The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.
CVE-2017-7594	Med	5.5	< 4.3.0-1.3	4.3.0-1.3	Apr 9, 2017	The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image.
CVE-2017-7593	Med	5.5	< 4.3.0-1.3	4.3.0-1.3	Apr 9, 2017	tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image.
CVE-2017-7592	Hig	7.8	< 4.3.0-1.3	4.3.0-1.3	Apr 9, 2017	The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVE-2016-10272	Hig	7.8	< 4.3.0-1.3	4.3.0-1.3	Mar 24, 2017	LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "WRITE of size 2048" and libtiff/tif_next.c:64:9.
CVE-2016-10271	Hig	7.8	< 4.3.0-1.3	4.3.0-1.3	Mar 24, 2017	tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 1" and libtiff/tif_fax3.c:413:13.

CVE-2017-17095HigDec 2, 2017
affected < 4.6.0-2.1fixed 4.6.0-2.1
tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.
CVE-2017-12944HigAug 18, 2017
affected < 4.6.0-2.1fixed 4.6.0-2.1
The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff
CVE-2017-11613MedJul 26, 2017
affected < 4.3.0-1.3fixed 4.3.0-1.3
In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In
CVE-2014-8127MedJun 26, 2017
affected < 4.0.7-1.1fixed 4.0.7-1.1
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCI
CVE-2017-9936MedJun 26, 2017
affected < 4.3.0-1.3fixed 4.3.0-1.3
In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack.
CVE-2017-9935HigJun 26, 2017
affected < 4.3.0-1.3fixed 4.3.0-1.3
In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2
CVE-2017-9404MedJun 2, 2017
affected < 4.3.0-1.3fixed 4.3.0-1.3
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-9403MedJun 2, 2017
affected < 4.3.0-1.3fixed 4.3.0-1.3
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2016-10371MedMay 10, 2017
affected < 4.3.0-1.3fixed 4.3.0-1.3
The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file.
CVE-2017-7602HigApr 9, 2017
affected < 4.3.0-1.3fixed 4.3.0-1.3
LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVE-2017-7601HigApr 9, 2017
affected < 4.3.0-1.3fixed 4.3.0-1.3
LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVE-2017-7599HigApr 9, 2017
affected < 4.3.0-1.3fixed 4.3.0-1.3
LibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVE-2017-7598HigApr 9, 2017
affected < 4.3.0-1.3fixed 4.3.0-1.3
tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.
CVE-2017-7596HigApr 9, 2017
affected < 4.3.0-1.3fixed 4.3.0-1.3
LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVE-2017-7595MedApr 9, 2017
affected < 4.3.0-1.3fixed 4.3.0-1.3
The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.
CVE-2017-7594MedApr 9, 2017
affected < 4.3.0-1.3fixed 4.3.0-1.3
The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image.
CVE-2017-7593MedApr 9, 2017
affected < 4.3.0-1.3fixed 4.3.0-1.3
tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image.
CVE-2017-7592HigApr 9, 2017
affected < 4.3.0-1.3fixed 4.3.0-1.3
The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVE-2016-10272HigMar 24, 2017
affected < 4.3.0-1.3fixed 4.3.0-1.3
LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "WRITE of size 2048" and libtiff/tif_next.c:64:9.
CVE-2016-10271HigMar 24, 2017
affected < 4.3.0-1.3fixed 4.3.0-1.3
tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 1" and libtiff/tif_fax3.c:413:13.

Page 5 of 8