VYPR

rpm package

suse/tiff&distro=SUSE Linux Enterprise Software Development Kit 11 SP4

pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4

Vulnerabilities (70)

  • CVE-2016-10092HigMar 1, 2017
    affected < 3.8.2-141.169.26.1fixed 3.8.2-141.169.26.1

    Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to hav

  • CVE-2016-5102MedFeb 6, 2017
    affected < 3.8.2-141.169.31.1fixed 3.8.2-141.169.31.1

    Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file.

  • CVE-2016-9453HigJan 27, 2017
    affected < 3.8.2-141.169.3.1fixed 3.8.2-141.169.3.1

    The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one.

  • CVE-2016-5319MedJan 20, 2017
    affected < 3.8.2-141.169.16.1fixed 3.8.2-141.169.16.1

    Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file.

  • CVE-2016-5318MedJan 20, 2017
    affected < 3.8.2-141.169.3.1fixed 3.8.2-141.169.3.1

    Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff.

  • CVE-2016-5317MedJan 20, 2017
    affected < 3.8.2-141.168.1fixed 3.8.2-141.168.1

    Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file.

  • CVE-2016-5316MedJan 20, 2017
    affected < 3.8.2-141.168.1fixed 3.8.2-141.168.1

    Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool.

  • CVE-2016-9273MedJan 18, 2017
    affected < 3.8.2-141.169.22.1fixed 3.8.2-141.169.22.1

    tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode.

  • CVE-2017-5225HigJan 12, 2017
    affected < 3.8.2-141.169.9.1fixed 3.8.2-141.169.9.1

    LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value.

  • CVE-2016-5652HigJan 6, 2017
    affected < 3.8.2-141.169.3.1fixed 3.8.2-141.169.3.1

    An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other

  • CVE-2015-8870HigDec 6, 2016
    affected < 3.8.2-141.169.22.1fixed 3.8.2-141.169.22.1

    Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file.

  • CVE-2016-9540CriNov 22, 2016
    affected < 3.8.2-141.169.9.1fixed 3.8.2-141.169.9.1

    tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow."

  • CVE-2016-9536CriNov 22, 2016
    affected < 3.8.2-141.169.3.1fixed 3.8.2-141.169.3.1

    tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka "t2p_process_jpeg_strip heap-buffer-overflow."

  • CVE-2016-9535CriNov 22, 2016
    affected < 3.8.2-141.169.9.1fixed 3.8.2-141.169.9.1

    tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."

  • CVE-2016-8331HigOct 28, 2016
    affected < 3.8.2-141.169.9.1fixed 3.8.2-141.169.9.1

    An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered

  • CVE-2016-3623HigOct 3, 2016
    affected < 3.8.2-141.168.1fixed 3.8.2-141.168.1

    The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0.

  • CVE-2016-3622MedOct 3, 2016
    affected < 3.8.2-141.168.1fixed 3.8.2-141.168.1

    The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image.

  • CVE-2016-3621HigOct 3, 2016
    affected < 3.8.2-141.169.22.1fixed 3.8.2-141.169.22.1

    The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c lzw" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.

  • CVE-2016-3620HigOct 3, 2016
    affected < 3.8.2-141.169.22.1fixed 3.8.2-141.169.22.1

    The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c zip" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.

  • CVE-2016-3619MedOct 3, 2016
    affected < 3.8.2-141.169.22.1fixed 3.8.2-141.169.22.1

    The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c none" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.