VYPR

rpm package

suse/tiff&distro=HPE Helion OpenStack 8

pkg:rpm/suse/tiff&distro=HPE%20Helion%20OpenStack%208

Vulnerabilities (8)

  • CVE-2022-22844Jan 8, 2022
    affected < 4.0.9-44.45.1fixed 4.0.9-44.45.1

    LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.

  • CVE-2020-19131Sep 7, 2021
    affected < 4.0.9-44.45.1fixed 4.0.9-44.45.1

    Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop".

  • CVE-2020-35524Mar 9, 2021
    affected < 4.0.9-44.45.1fixed 4.0.9-44.45.1

    A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system ava

  • CVE-2020-35523Mar 9, 2021
    affected < 4.0.9-44.45.1fixed 4.0.9-44.45.1

    An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as s

  • CVE-2020-35522Mar 9, 2021
    affected < 4.0.9-44.45.1fixed 4.0.9-44.45.1

    In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.

  • CVE-2020-35521Mar 9, 2021
    affected < 4.0.9-44.45.1fixed 4.0.9-44.45.1

    A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.

  • CVE-2019-17546Oct 14, 2019
    affected < 4.0.9-44.45.1fixed 4.0.9-44.45.1

    tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.

  • CVE-2017-17095HigDec 2, 2017
    affected < 4.0.9-44.45.1fixed 4.0.9-44.45.1

    tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.