VYPR

rpm package

suse/tiff&distro=SUSE Linux Enterprise Desktop 12

pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Desktop%2012

Vulnerabilities (6)

  • CVE-2014-8128Feb 12, 2020
    affected < 4.0.4-12.2fixed 4.0.4-12.2

    LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image.

  • CVE-2014-8130MedMar 12, 2018
    affected < 4.0.4-12.2fixed 4.0.4-12.2

    The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.

  • CVE-2014-8129HigMar 12, 2018
    affected < 4.0.4-12.2fixed 4.0.4-12.2

    LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsi

  • CVE-2014-8127MedJun 26, 2017
    affected < 4.0.4-12.2fixed 4.0.4-12.2

    LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCI

  • CVE-2014-9655MedApr 13, 2016
    affected < 4.0.4-12.2fixed 4.0.4-12.2

    The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif.

  • CVE-2015-7554CriJan 8, 2016
    affected < 4.0.6-19.1fixed 4.0.6-19.1

    The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image.