rpm package
opensuse/tiff&distro=openSUSE Leap 15.6
pkg:rpm/opensuse/tiff&distro=openSUSE%20Leap%2015.6
Vulnerabilities (11)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-9900 | Hig | 8.8 | < 4.7.1-150600.3.23.1 | 4.7.1-150600.3.23.1 | Sep 23, 2025 | A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing | |
| CVE-2025-9165 | Low | 2.5 | < 4.7.0-150600.3.18.1 | 4.7.0-150600.3.18.1 | Aug 19, 2025 | A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attack is restricted to local execution. This | |
| CVE-2025-8961 | Low | 3.3 | < 4.7.0-150600.3.18.1 | 4.7.0-150600.3.18.1 | Aug 14, 2025 | A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and c | |
| CVE-2025-8851 | — | < 4.7.1-150600.3.23.1 | 4.7.1-150600.3.23.1 | Aug 11, 2025 | A vulnerability was determined in LibTIFF up to 4.5.1. Affected by this issue is the function readSeparateStripsetoBuffer of the file tools/tiffcrop.c of the component tiffcrop. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attac | ||
| CVE-2025-8534 | Low | 2.5 | < 4.7.0-150600.3.18.1 | 4.7.0-150600.3.18.1 | Aug 5, 2025 | A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PS_Lvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local hos | |
| CVE-2024-13978 | — | < 4.7.0-150600.3.18.1 | 4.7.0-150600.3.18.1 | Aug 1, 2025 | A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as problematic. Affected by this vulnerability is the function t2p_read_tiff_init of the file tools/tiff2pdf.c of the component fax2ps. The manipulation leads to null pointer dereference. The attack needs to b | ||
| CVE-2025-8176 | Med | 5.3 | < 4.7.0-150600.3.13.1 | 4.7.0-150600.3.13.1 | Jul 26, 2025 | A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disc | |
| CVE-2025-8177 | — | < 4.7.0-150600.3.13.1 | 4.7.0-150600.3.13.1 | Jul 26, 2025 | A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58 | ||
| CVE-2024-7006 | — | < 4.6.0-150600.3.3.1 | 4.6.0-150600.3.3.1 | Aug 8, 2024 | A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an app | ||
| CVE-2023-52356 | Hig | 7.5 | < 4.7.0-150600.3.8.1 | 4.7.0-150600.3.8.1 | Jan 25, 2024 | A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. | |
| CVE-2023-25435 | — | < 4.7.0-150600.3.8.1 | 4.7.0-150600.3.8.1 | Jun 21, 2023 | libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753. |
- affected < 4.7.1-150600.3.23.1fixed 4.7.1-150600.3.23.1
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing
- affected < 4.7.0-150600.3.18.1fixed 4.7.0-150600.3.18.1
A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attack is restricted to local execution. This
- affected < 4.7.0-150600.3.18.1fixed 4.7.0-150600.3.18.1
A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and c
- CVE-2025-8851Aug 11, 2025affected < 4.7.1-150600.3.23.1fixed 4.7.1-150600.3.23.1
A vulnerability was determined in LibTIFF up to 4.5.1. Affected by this issue is the function readSeparateStripsetoBuffer of the file tools/tiffcrop.c of the component tiffcrop. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attac
- affected < 4.7.0-150600.3.18.1fixed 4.7.0-150600.3.18.1
A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PS_Lvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local hos
- CVE-2024-13978Aug 1, 2025affected < 4.7.0-150600.3.18.1fixed 4.7.0-150600.3.18.1
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as problematic. Affected by this vulnerability is the function t2p_read_tiff_init of the file tools/tiff2pdf.c of the component fax2ps. The manipulation leads to null pointer dereference. The attack needs to b
- affected < 4.7.0-150600.3.13.1fixed 4.7.0-150600.3.13.1
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disc
- CVE-2025-8177Jul 26, 2025affected < 4.7.0-150600.3.13.1fixed 4.7.0-150600.3.13.1
A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58
- CVE-2024-7006Aug 8, 2024affected < 4.6.0-150600.3.3.1fixed 4.6.0-150600.3.3.1
A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an app
- affected < 4.7.0-150600.3.8.1fixed 4.7.0-150600.3.8.1
A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.
- CVE-2023-25435Jun 21, 2023affected < 4.7.0-150600.3.8.1fixed 4.7.0-150600.3.8.1
libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753.