VYPR

rpm package

opensuse/tiff&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/tiff&distro=openSUSE%20Tumbleweed

Vulnerabilities (157)

  • CVE-2016-3658HigOct 3, 2016
    affected < 4.0.7-1.1fixed 4.0.7-1.1

    The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving the ma variable.

  • CVE-2016-3623HigOct 3, 2016
    affected < 4.0.7-1.1fixed 4.0.7-1.1

    The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0.

  • CVE-2016-3622MedOct 3, 2016
    affected < 4.0.7-1.1fixed 4.0.7-1.1

    The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image.

  • CVE-2016-3991HigSep 21, 2016
    affected < 4.0.7-1.1fixed 4.0.7-1.1

    Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles.

  • CVE-2016-3990HigSep 21, 2016
    affected < 4.0.7-1.1fixed 4.0.7-1.1

    Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp.

  • CVE-2016-3945HigSep 21, 2016
    affected < 4.0.7-1.1fixed 4.0.7-1.1

    Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which trig

  • CVE-2016-3186MedApr 19, 2016
    affected < 4.0.7-1.1fixed 4.0.7-1.1

    Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file.

  • CVE-2015-8683MedApr 13, 2016
    affected < 4.0.7-1.1fixed 4.0.7-1.1

    The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image.

  • CVE-2015-8665MedApr 13, 2016
    affected < 4.0.7-1.1fixed 4.0.7-1.1

    tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image.

  • CVE-2015-1547MedApr 13, 2016
    affected < 4.0.7-1.1fixed 4.0.7-1.1

    The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif.

  • CVE-2014-9655MedApr 13, 2016
    affected < 4.0.7-1.1fixed 4.0.7-1.1

    The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif.

  • CVE-2015-8783MedFeb 1, 2016
    affected < 4.0.7-1.1fixed 4.0.7-1.1

    tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image.

  • CVE-2015-8782MedFeb 1, 2016
    affected < 4.0.7-1.1fixed 4.0.7-1.1

    tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781.

  • CVE-2015-8781MedFeb 1, 2016
    affected < 4.0.7-1.1fixed 4.0.7-1.1

    tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782.

  • CVE-2015-7554CriJan 8, 2016
    affected < 4.0.7-1.1fixed 4.0.7-1.1

    The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image.

  • CVE-2013-4231Jan 19, 2014
    affected < 4.0.7-1.1fixed 4.0.7-1.1

    Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c.

  • CVE-2013-4244Sep 28, 2013
    affected < 4.0.7-1.1fixed 4.0.7-1.1

    The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image.

  • CVE-2013-4243Sep 10, 2013
    affected < 4.0.7-1.1fixed 4.0.7-1.1

    Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image.

  • CVE-2013-4232Sep 10, 2013
    affected < 4.0.7-1.1fixed 4.0.7-1.1

    Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted TIFF image.

  • CVE-2013-1961Jul 3, 2013
    affected < 4.0.7-1.1fixed 4.0.7-1.1

    Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file.

Page 7 of 8