rpm package
suse/tiff&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP1
pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1
Vulnerabilities (30)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-3623 | Hig | 7.5 | < 4.0.6-31.1 | 4.0.6-31.1 | Oct 3, 2016 | The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0. | |
| CVE-2016-3622 | Med | 6.5 | < 4.0.6-31.1 | 4.0.6-31.1 | Oct 3, 2016 | The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image. | |
| CVE-2016-3991 | Hig | 7.8 | < 4.0.6-31.1 | 4.0.6-31.1 | Sep 21, 2016 | Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles. | |
| CVE-2016-3990 | Hig | 7.8 | < 4.0.6-31.1 | 4.0.6-31.1 | Sep 21, 2016 | Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp. | |
| CVE-2016-3945 | Hig | 7.8 | < 4.0.6-31.1 | 4.0.6-31.1 | Sep 21, 2016 | Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which trig | |
| CVE-2016-3186 | Med | 6.2 | < 4.0.6-26.3 | 4.0.6-26.3 | Apr 19, 2016 | Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file. | |
| CVE-2015-8783 | Med | 6.5 | < 4.0.6-26.3 | 4.0.6-26.3 | Feb 1, 2016 | tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image. | |
| CVE-2015-8782 | Med | 6.5 | < 4.0.6-26.3 | 4.0.6-26.3 | Feb 1, 2016 | tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781. | |
| CVE-2015-8781 | Med | 6.5 | < 4.0.6-26.3 | 4.0.6-26.3 | Feb 1, 2016 | tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782. | |
| CVE-2015-7554 | Cri | 9.8 | < 4.0.6-19.1 | 4.0.6-19.1 | Jan 8, 2016 | The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image. |
- affected < 4.0.6-31.1fixed 4.0.6-31.1
The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0.
- affected < 4.0.6-31.1fixed 4.0.6-31.1
The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image.
- affected < 4.0.6-31.1fixed 4.0.6-31.1
Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles.
- affected < 4.0.6-31.1fixed 4.0.6-31.1
Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp.
- affected < 4.0.6-31.1fixed 4.0.6-31.1
Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which trig
- affected < 4.0.6-26.3fixed 4.0.6-26.3
Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file.
- affected < 4.0.6-26.3fixed 4.0.6-26.3
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image.
- affected < 4.0.6-26.3fixed 4.0.6-26.3
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781.
- affected < 4.0.6-26.3fixed 4.0.6-26.3
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782.
- affected < 4.0.6-19.1fixed 4.0.6-19.1
The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image.
Page 2 of 2