rpm package
suse/tiff&distro=SUSE Linux Enterprise Server 12 SP2-BCL
pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL
Vulnerabilities (23)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-35521 | — | < 4.0.9-44.45.1 | 4.0.9-44.45.1 | Mar 9, 2021 | A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service. | ||
| CVE-2019-17546 | — | < 4.0.9-44.45.1 | 4.0.9-44.45.1 | Oct 14, 2019 | tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition. | ||
| CVE-2017-17095 | Hig | 8.8 | < 4.0.9-44.45.1 | 4.0.9-44.45.1 | Dec 2, 2017 | tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file. |
- CVE-2020-35521Mar 9, 2021affected < 4.0.9-44.45.1fixed 4.0.9-44.45.1
A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.
- CVE-2019-17546Oct 14, 2019affected < 4.0.9-44.45.1fixed 4.0.9-44.45.1
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.
- affected < 4.0.9-44.45.1fixed 4.0.9-44.45.1
tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.
Page 2 of 2