rpm package

suse/tiff&distro=SUSE Linux Enterprise Module for Desktop Applications 15

pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015

Vulnerabilities (22)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2019-7663		—	< 4.0.9-5.27.5	4.0.9-5.27.5	Feb 9, 2019	An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a c
CVE-2019-6128		—	< 4.0.9-5.27.5	4.0.9-5.27.5	Jan 11, 2019	The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.
CVE-2018-19210		—	< 4.0.9-5.20.1	4.0.9-5.20.1	Nov 12, 2018	In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset.
CVE-2018-18661		—	< 4.0.9-5.17.1	4.0.9-5.17.1	Oct 26, 2018	An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.
CVE-2018-18557		—	< 4.0.9-5.17.1	4.0.9-5.17.1	Oct 22, 2018	LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads
CVE-2018-17795		—	< 4.0.9-5.14.1	4.0.9-5.14.1	Sep 30, 2018	The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935.
CVE-2018-17101		—	< 4.0.9-5.14.1	4.0.9-5.14.1	Sep 16, 2018	An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.
CVE-2018-17100		—	< 4.0.9-5.14.1	4.0.9-5.14.1	Sep 16, 2018	An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file.
CVE-2018-17000		—	< 4.0.9-5.27.5	4.0.9-5.27.5	Sep 13, 2018	A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction) in LibTIFF 4.0.9 allows an attacker to cause a denial-of-service through a crafted tiff file. This vulnerability can be triggered by the executable tiffcp.
CVE-2018-16335		—	< 4.0.9-5.14.1	4.0.9-5.14.1	Sep 2, 2018	newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tif
CVE-2018-12900		—	< 4.0.9-5.17.1	4.0.9-5.17.1	Jun 26, 2018	Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attack
CVE-2018-10963		—	< 4.0.9-5.9.1	4.0.9-5.9.1	May 10, 2018	The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726.
CVE-2018-10779		—	< 4.0.9-5.14.1	4.0.9-5.14.1	May 7, 2018	TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff.
CVE-2018-8905		—	< 4.0.9-5.9.1	4.0.9-5.9.1	Mar 22, 2018	In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.
CVE-2018-7456		—	< 4.0.9-5.9.1	4.0.9-5.9.1	Feb 24, 2018	A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the t
CVE-2017-18013		—	< 4.0.9-5.9.1	4.0.9-5.9.1	Jan 1, 2018	In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.
CVE-2017-12944	Hig	7.5	< 4.0.9-5.20.1	4.0.9-5.20.1	Aug 18, 2017	The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff
CVE-2017-11613	Med	6.5	< 4.0.9-5.9.1	4.0.9-5.9.1	Jul 26, 2017	In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In
CVE-2016-10094	Hig	7.8	< 4.0.9-5.20.1	4.0.9-5.20.1	Mar 1, 2017	Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image.
CVE-2016-10093	Hig	7.8	< 4.0.9-5.20.1	4.0.9-5.20.1	Mar 1, 2017	Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image, which t

CVE-2019-7663Feb 9, 2019
affected < 4.0.9-5.27.5fixed 4.0.9-5.27.5
An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a c
CVE-2019-6128Jan 11, 2019
affected < 4.0.9-5.27.5fixed 4.0.9-5.27.5
The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.
CVE-2018-19210Nov 12, 2018
affected < 4.0.9-5.20.1fixed 4.0.9-5.20.1
In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset.
CVE-2018-18661Oct 26, 2018
affected < 4.0.9-5.17.1fixed 4.0.9-5.17.1
An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.
CVE-2018-18557Oct 22, 2018
affected < 4.0.9-5.17.1fixed 4.0.9-5.17.1
LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads
CVE-2018-17795Sep 30, 2018
affected < 4.0.9-5.14.1fixed 4.0.9-5.14.1
The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935.
CVE-2018-17101Sep 16, 2018
affected < 4.0.9-5.14.1fixed 4.0.9-5.14.1
An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.
CVE-2018-17100Sep 16, 2018
affected < 4.0.9-5.14.1fixed 4.0.9-5.14.1
An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file.
CVE-2018-17000Sep 13, 2018
affected < 4.0.9-5.27.5fixed 4.0.9-5.27.5
A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction) in LibTIFF 4.0.9 allows an attacker to cause a denial-of-service through a crafted tiff file. This vulnerability can be triggered by the executable tiffcp.
CVE-2018-16335Sep 2, 2018
affected < 4.0.9-5.14.1fixed 4.0.9-5.14.1
newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tif
CVE-2018-12900Jun 26, 2018
affected < 4.0.9-5.17.1fixed 4.0.9-5.17.1
Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attack
CVE-2018-10963May 10, 2018
affected < 4.0.9-5.9.1fixed 4.0.9-5.9.1
The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726.
CVE-2018-10779May 7, 2018
affected < 4.0.9-5.14.1fixed 4.0.9-5.14.1
TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff.
CVE-2018-8905Mar 22, 2018
affected < 4.0.9-5.9.1fixed 4.0.9-5.9.1
In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.
CVE-2018-7456Feb 24, 2018
affected < 4.0.9-5.9.1fixed 4.0.9-5.9.1
A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the t
CVE-2017-18013Jan 1, 2018
affected < 4.0.9-5.9.1fixed 4.0.9-5.9.1
In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.
CVE-2017-12944HigAug 18, 2017
affected < 4.0.9-5.20.1fixed 4.0.9-5.20.1
The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff
CVE-2017-11613MedJul 26, 2017
affected < 4.0.9-5.9.1fixed 4.0.9-5.9.1
In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In
CVE-2016-10094HigMar 1, 2017
affected < 4.0.9-5.20.1fixed 4.0.9-5.20.1
Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image.
CVE-2016-10093HigMar 1, 2017
affected < 4.0.9-5.20.1fixed 4.0.9-5.20.1
Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image, which t

Page 1 of 2