VYPR

rpm package

suse/tiff&distro=SUSE Linux Enterprise Server for SAP Applications 11 SP4

pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4

Vulnerabilities (70)

  • CVE-2016-3990HigSep 21, 2016
    affected < 3.8.2-141.168.1fixed 3.8.2-141.168.1

    Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp.

  • CVE-2016-3945HigSep 21, 2016
    affected < 3.8.2-141.168.1fixed 3.8.2-141.168.1

    Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which trig

  • CVE-2016-3632HigSep 21, 2016
    affected < 3.8.2-141.169.9.1fixed 3.8.2-141.169.9.1

    The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image.

  • CVE-2016-3186MedApr 19, 2016
    affected < 3.8.2-141.168.1fixed 3.8.2-141.168.1

    Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file.

  • CVE-2014-9655MedApr 13, 2016
    affected < 3.8.2-141.160.1fixed 3.8.2-141.160.1

    The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif.

  • CVE-2015-8783MedFeb 1, 2016
    affected < 3.8.2-141.163.1fixed 3.8.2-141.163.1

    tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image.

  • CVE-2015-8782MedFeb 1, 2016
    affected < 3.8.2-141.163.1fixed 3.8.2-141.163.1

    tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781.

  • CVE-2015-8781MedFeb 1, 2016
    affected < 3.8.2-141.163.1fixed 3.8.2-141.163.1

    tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782.

  • CVE-2015-8668CriJan 8, 2016
    affected < 3.8.2-141.169.16.1fixed 3.8.2-141.169.16.1

    Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image.

  • CVE-2015-7554CriJan 8, 2016
    affected < 3.8.2-141.163.1fixed 3.8.2-141.163.1

    The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image.

Page 4 of 4