rpm package
suse/tiff&distro=SUSE Linux Enterprise Micro 5.2
pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Micro%205.2
Vulnerabilities (62)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-61144 | — | < 4.0.9-150000.45.63.1 | 4.0.9-150000.45.63.1 | Feb 23, 2026 | libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function. | ||
| CVE-2025-61143 | — | < 4.0.9-150000.45.63.1 | 4.0.9-150000.45.63.1 | Feb 23, 2026 | libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tif_open.c. | ||
| CVE-2025-9900 | Hig | 8.8 | < 4.0.9-150000.45.60.1 | 4.0.9-150000.45.60.1 | Sep 23, 2025 | A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing | |
| CVE-2025-9165 | Low | 2.5 | < 4.0.9-150000.45.55.1 | 4.0.9-150000.45.55.1 | Aug 19, 2025 | A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attack is restricted to local execution. This | |
| CVE-2025-8961 | Low | 3.3 | < 4.0.9-150000.45.55.1 | 4.0.9-150000.45.55.1 | Aug 14, 2025 | A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and c | |
| CVE-2025-8534 | Low | 2.5 | < 4.0.9-150000.45.55.1 | 4.0.9-150000.45.55.1 | Aug 5, 2025 | A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PS_Lvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local hos | |
| CVE-2025-8176 | Med | 5.3 | < 4.0.9-150000.45.50.1 | 4.0.9-150000.45.50.1 | Jul 26, 2025 | A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disc | |
| CVE-2025-8177 | — | < 4.0.9-150000.45.50.1 | 4.0.9-150000.45.50.1 | Jul 26, 2025 | A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58 | ||
| CVE-2024-7006 | — | < 4.0.9-150000.45.47.1 | 4.0.9-150000.45.47.1 | Aug 8, 2024 | A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an app | ||
| CVE-2023-52356 | Hig | 7.5 | < 4.0.9-150000.45.38.1 | 4.0.9-150000.45.38.1 | Jan 25, 2024 | A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. | |
| CVE-2023-3164 | — | < 4.0.9-150000.45.44.1 | 4.0.9-150000.45.44.1 | Nov 2, 2023 | A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file. | ||
| CVE-2023-41175 | — | < 4.0.9-150000.45.41.1 | 4.0.9-150000.45.41.1 | Oct 5, 2023 | A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. | ||
| CVE-2023-40745 | — | < 4.0.9-150000.45.41.1 | 4.0.9-150000.45.41.1 | Oct 5, 2023 | LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. | ||
| CVE-2023-3576 | — | < 4.0.9-150000.45.32.1 | 4.0.9-150000.45.32.1 | Oct 4, 2023 | A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually l | ||
| CVE-2022-40090 | — | < 4.0.9-150000.45.35.1 | 4.0.9-150000.45.35.1 | Aug 22, 2023 | An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file. | ||
| CVE-2020-18768 | — | < 4.0.9-150000.45.32.1 | 4.0.9-150000.45.32.1 | Aug 22, 2023 | There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.0.10, which allows an attacker to cause a denial-of-service through a crafted tiff file. | ||
| CVE-2023-3618 | — | < 4.0.9-150000.45.32.1 | 4.0.9-150000.45.32.1 | Jul 12, 2023 | A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service. | ||
| CVE-2023-2908 | — | < 4.0.9-150000.45.32.1 | 4.0.9-150000.45.32.1 | Jun 30, 2023 | A null pointer dereference issue was found in Libtiff's tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually lea | ||
| CVE-2023-26966 | — | < 4.0.9-150000.45.32.1 | 4.0.9-150000.45.32.1 | Jun 29, 2023 | libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian. | ||
| CVE-2023-25433 | — | < 4.0.9-150000.45.32.1 | 4.0.9-150000.45.32.1 | Jun 29, 2023 | libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV. |
- CVE-2025-61144Feb 23, 2026affected < 4.0.9-150000.45.63.1fixed 4.0.9-150000.45.63.1
libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function.
- CVE-2025-61143Feb 23, 2026affected < 4.0.9-150000.45.63.1fixed 4.0.9-150000.45.63.1
libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tif_open.c.
- affected < 4.0.9-150000.45.60.1fixed 4.0.9-150000.45.60.1
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing
- affected < 4.0.9-150000.45.55.1fixed 4.0.9-150000.45.55.1
A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attack is restricted to local execution. This
- affected < 4.0.9-150000.45.55.1fixed 4.0.9-150000.45.55.1
A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and c
- affected < 4.0.9-150000.45.55.1fixed 4.0.9-150000.45.55.1
A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PS_Lvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local hos
- affected < 4.0.9-150000.45.50.1fixed 4.0.9-150000.45.50.1
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disc
- CVE-2025-8177Jul 26, 2025affected < 4.0.9-150000.45.50.1fixed 4.0.9-150000.45.50.1
A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58
- CVE-2024-7006Aug 8, 2024affected < 4.0.9-150000.45.47.1fixed 4.0.9-150000.45.47.1
A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an app
- affected < 4.0.9-150000.45.38.1fixed 4.0.9-150000.45.38.1
A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.
- CVE-2023-3164Nov 2, 2023affected < 4.0.9-150000.45.44.1fixed 4.0.9-150000.45.44.1
A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file.
- CVE-2023-41175Oct 5, 2023affected < 4.0.9-150000.45.41.1fixed 4.0.9-150000.45.41.1
A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.
- CVE-2023-40745Oct 5, 2023affected < 4.0.9-150000.45.41.1fixed 4.0.9-150000.45.41.1
LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.
- CVE-2023-3576Oct 4, 2023affected < 4.0.9-150000.45.32.1fixed 4.0.9-150000.45.32.1
A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually l
- CVE-2022-40090Aug 22, 2023affected < 4.0.9-150000.45.35.1fixed 4.0.9-150000.45.35.1
An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file.
- CVE-2020-18768Aug 22, 2023affected < 4.0.9-150000.45.32.1fixed 4.0.9-150000.45.32.1
There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.0.10, which allows an attacker to cause a denial-of-service through a crafted tiff file.
- CVE-2023-3618Jul 12, 2023affected < 4.0.9-150000.45.32.1fixed 4.0.9-150000.45.32.1
A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.
- CVE-2023-2908Jun 30, 2023affected < 4.0.9-150000.45.32.1fixed 4.0.9-150000.45.32.1
A null pointer dereference issue was found in Libtiff's tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually lea
- CVE-2023-26966Jun 29, 2023affected < 4.0.9-150000.45.32.1fixed 4.0.9-150000.45.32.1
libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.
- CVE-2023-25433Jun 29, 2023affected < 4.0.9-150000.45.32.1fixed 4.0.9-150000.45.32.1
libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV.
Page 1 of 4