rpm package
opensuse/tiff&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/tiff&distro=openSUSE%20Tumbleweed
Vulnerabilities (157)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-4775 | Hig | 7.8 | < 4.7.1-5.1 | 4.7.1-5.1 | Mar 24, 2026 | A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer | |
| CVE-2025-9900 | Hig | 8.8 | < 4.7.1-2.1 | 4.7.1-2.1 | Sep 23, 2025 | A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing | |
| CVE-2025-9165 | Low | 2.5 | < 4.7.0-8.1 | 4.7.0-8.1 | Aug 19, 2025 | A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attack is restricted to local execution. This | |
| CVE-2025-8961 | Low | 3.3 | < 4.7.0-9.1 | 4.7.0-9.1 | Aug 14, 2025 | A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and c | |
| CVE-2025-8851 | — | < 4.7.1-3.1 | 4.7.1-3.1 | Aug 11, 2025 | A vulnerability was determined in LibTIFF up to 4.5.1. Affected by this issue is the function readSeparateStripsetoBuffer of the file tools/tiffcrop.c of the component tiffcrop. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attac | ||
| CVE-2025-8534 | Low | 2.5 | < 4.7.0-8.1 | 4.7.0-8.1 | Aug 5, 2025 | A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PS_Lvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local hos | |
| CVE-2024-13978 | — | < 4.7.0-8.1 | 4.7.0-8.1 | Aug 1, 2025 | A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as problematic. Affected by this vulnerability is the function t2p_read_tiff_init of the file tools/tiff2pdf.c of the component fax2ps. The manipulation leads to null pointer dereference. The attack needs to b | ||
| CVE-2025-8176 | Med | 5.3 | < 4.7.0-7.1 | 4.7.0-7.1 | Jul 26, 2025 | A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disc | |
| CVE-2025-8177 | — | < 4.7.0-7.1 | 4.7.0-7.1 | Jul 26, 2025 | A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58 | ||
| CVE-2024-7006 | — | < 4.6.0-5.1 | 4.6.0-5.1 | Aug 8, 2024 | A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an app | ||
| CVE-2023-52356 | Hig | 7.5 | < 4.6.0-4.1 | 4.6.0-4.1 | Jan 25, 2024 | A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. | |
| CVE-2023-25435 | — | < 4.6.0-3.1 | 4.6.0-3.1 | Jun 21, 2023 | libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753. | ||
| CVE-2023-0804 | — | < 4.5.0-3.1 | 4.5.0-3.1 | Feb 13, 2023 | LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. | ||
| CVE-2023-0803 | — | < 4.5.0-3.1 | 4.5.0-3.1 | Feb 13, 2023 | LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. | ||
| CVE-2023-0802 | — | < 4.5.0-3.1 | 4.5.0-3.1 | Feb 13, 2023 | LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. | ||
| CVE-2023-0801 | — | < 4.5.0-3.1 | 4.5.0-3.1 | Feb 13, 2023 | LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available w | ||
| CVE-2023-0800 | — | < 4.5.0-3.1 | 4.5.0-3.1 | Feb 13, 2023 | LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. | ||
| CVE-2023-0799 | — | < 4.5.0-3.1 | 4.5.0-3.1 | Feb 13, 2023 | LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. | ||
| CVE-2023-0798 | — | < 4.5.0-3.1 | 4.5.0-3.1 | Feb 13, 2023 | LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. | ||
| CVE-2023-0797 | — | < 4.5.0-3.1 | 4.5.0-3.1 | Feb 13, 2023 | LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available wi |
- affected < 4.7.1-5.1fixed 4.7.1-5.1
A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer
- affected < 4.7.1-2.1fixed 4.7.1-2.1
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing
- affected < 4.7.0-8.1fixed 4.7.0-8.1
A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attack is restricted to local execution. This
- affected < 4.7.0-9.1fixed 4.7.0-9.1
A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and c
- CVE-2025-8851Aug 11, 2025affected < 4.7.1-3.1fixed 4.7.1-3.1
A vulnerability was determined in LibTIFF up to 4.5.1. Affected by this issue is the function readSeparateStripsetoBuffer of the file tools/tiffcrop.c of the component tiffcrop. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attac
- affected < 4.7.0-8.1fixed 4.7.0-8.1
A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PS_Lvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local hos
- CVE-2024-13978Aug 1, 2025affected < 4.7.0-8.1fixed 4.7.0-8.1
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as problematic. Affected by this vulnerability is the function t2p_read_tiff_init of the file tools/tiff2pdf.c of the component fax2ps. The manipulation leads to null pointer dereference. The attack needs to b
- affected < 4.7.0-7.1fixed 4.7.0-7.1
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disc
- CVE-2025-8177Jul 26, 2025affected < 4.7.0-7.1fixed 4.7.0-7.1
A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58
- CVE-2024-7006Aug 8, 2024affected < 4.6.0-5.1fixed 4.6.0-5.1
A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an app
- affected < 4.6.0-4.1fixed 4.6.0-4.1
A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.
- CVE-2023-25435Jun 21, 2023affected < 4.6.0-3.1fixed 4.6.0-3.1
libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753.
- CVE-2023-0804Feb 13, 2023affected < 4.5.0-3.1fixed 4.5.0-3.1
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
- CVE-2023-0803Feb 13, 2023affected < 4.5.0-3.1fixed 4.5.0-3.1
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
- CVE-2023-0802Feb 13, 2023affected < 4.5.0-3.1fixed 4.5.0-3.1
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
- CVE-2023-0801Feb 13, 2023affected < 4.5.0-3.1fixed 4.5.0-3.1
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available w
- CVE-2023-0800Feb 13, 2023affected < 4.5.0-3.1fixed 4.5.0-3.1
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
- CVE-2023-0799Feb 13, 2023affected < 4.5.0-3.1fixed 4.5.0-3.1
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
- CVE-2023-0798Feb 13, 2023affected < 4.5.0-3.1fixed 4.5.0-3.1
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
- CVE-2023-0797Feb 13, 2023affected < 4.5.0-3.1fixed 4.5.0-3.1
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available wi
Page 1 of 8