rpm package
suse/tiff&distro=SUSE Linux Enterprise Server 15 SP1-BCL
pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL
Vulnerabilities (31)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-0865 | — | < 4.0.9-150000.45.8.1 | 4.0.9-150000.45.8.1 | Mar 7, 2022 | Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045. | ||
| CVE-2022-0562 | — | < 4.0.9-150000.45.8.1 | 4.0.9-150000.45.8.1 | Feb 11, 2022 | Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 5615 | ||
| CVE-2022-0561 | — | < 4.0.9-150000.45.8.1 | 4.0.9-150000.45.8.1 | Feb 11, 2022 | Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commi | ||
| CVE-2022-22844 | — | < 4.0.9-45.5.1 | 4.0.9-45.5.1 | Jan 8, 2022 | LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field. | ||
| CVE-2020-19131 | — | < 4.0.9-45.5.1 | 4.0.9-45.5.1 | Sep 7, 2021 | Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop". | ||
| CVE-2020-35524 | — | < 4.0.9-45.5.1 | 4.0.9-45.5.1 | Mar 9, 2021 | A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system ava | ||
| CVE-2020-35523 | — | < 4.0.9-45.5.1 | 4.0.9-45.5.1 | Mar 9, 2021 | An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as s | ||
| CVE-2020-35522 | — | < 4.0.9-45.5.1 | 4.0.9-45.5.1 | Mar 9, 2021 | In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack. | ||
| CVE-2020-35521 | — | < 4.0.9-45.5.1 | 4.0.9-45.5.1 | Mar 9, 2021 | A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service. | ||
| CVE-2019-17546 | — | < 4.0.9-45.5.1 | 4.0.9-45.5.1 | Oct 14, 2019 | tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition. | ||
| CVE-2017-17095 | Hig | 8.8 | < 4.0.9-45.5.1 | 4.0.9-45.5.1 | Dec 2, 2017 | tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file. |
- CVE-2022-0865Mar 7, 2022affected < 4.0.9-150000.45.8.1fixed 4.0.9-150000.45.8.1
Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.
- CVE-2022-0562Feb 11, 2022affected < 4.0.9-150000.45.8.1fixed 4.0.9-150000.45.8.1
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 5615
- CVE-2022-0561Feb 11, 2022affected < 4.0.9-150000.45.8.1fixed 4.0.9-150000.45.8.1
Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commi
- CVE-2022-22844Jan 8, 2022affected < 4.0.9-45.5.1fixed 4.0.9-45.5.1
LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.
- CVE-2020-19131Sep 7, 2021affected < 4.0.9-45.5.1fixed 4.0.9-45.5.1
Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop".
- CVE-2020-35524Mar 9, 2021affected < 4.0.9-45.5.1fixed 4.0.9-45.5.1
A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system ava
- CVE-2020-35523Mar 9, 2021affected < 4.0.9-45.5.1fixed 4.0.9-45.5.1
An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as s
- CVE-2020-35522Mar 9, 2021affected < 4.0.9-45.5.1fixed 4.0.9-45.5.1
In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.
- CVE-2020-35521Mar 9, 2021affected < 4.0.9-45.5.1fixed 4.0.9-45.5.1
A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.
- CVE-2019-17546Oct 14, 2019affected < 4.0.9-45.5.1fixed 4.0.9-45.5.1
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.
- affected < 4.0.9-45.5.1fixed 4.0.9-45.5.1
tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.
Page 2 of 2