rpm package

suse/tiff&distro=SUSE Linux Enterprise Server 12 SP2

pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2

Vulnerabilities (37)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2014-8128		—	< 4.0.9-44.7.1	4.0.9-44.7.1	Feb 12, 2020	LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image.
CVE-2017-16232		—	< 4.0.9-44.7.1	4.0.9-44.7.1	Mar 17, 2019	LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue
CVE-2014-8127	Med	6.5	< 4.0.7-35.1	4.0.7-35.1	Jun 26, 2017	LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCI
CVE-2017-9404	Med	6.5	< 4.0.8-44.3.1	4.0.8-44.3.1	Jun 2, 2017	In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-9403	Med	6.5	< 4.0.8-44.3.1	4.0.8-44.3.1	Jun 2, 2017	In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2016-10371	Med	5.5	< 4.0.8-44.3.1	4.0.8-44.3.1	May 10, 2017	The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file.
CVE-2017-7602	Hig	7.8	< 4.0.8-44.3.1	4.0.8-44.3.1	Apr 9, 2017	LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVE-2017-7601	Hig	7.8	< 4.0.8-44.3.1	4.0.8-44.3.1	Apr 9, 2017	LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVE-2017-7600	Hig	7.8	< 4.0.8-44.3.1	4.0.8-44.3.1	Apr 9, 2017	LibTIFF 4.0.7 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVE-2017-7599	Hig	7.8	< 4.0.8-44.3.1	4.0.8-44.3.1	Apr 9, 2017	LibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVE-2017-7598	Hig	7.8	< 4.0.8-44.3.1	4.0.8-44.3.1	Apr 9, 2017	tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.
CVE-2017-7597	Hig	7.8	< 4.0.8-44.3.1	4.0.8-44.3.1	Apr 9, 2017	tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVE-2017-7596	Hig	7.8	< 4.0.8-44.3.1	4.0.8-44.3.1	Apr 9, 2017	LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVE-2017-7595	Med	5.5	< 4.0.8-44.3.1	4.0.8-44.3.1	Apr 9, 2017	The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.
CVE-2017-7594	Med	5.5	< 4.0.8-44.3.1	4.0.8-44.3.1	Apr 9, 2017	The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image.
CVE-2017-7593	Med	5.5	< 4.0.8-44.3.1	4.0.8-44.3.1	Apr 9, 2017	tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image.
CVE-2017-7592	Hig	7.8	< 4.0.8-44.3.1	4.0.8-44.3.1	Apr 9, 2017	The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVE-2016-10272	Hig	7.8	< 4.0.7-43.1	4.0.7-43.1	Mar 24, 2017	LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "WRITE of size 2048" and libtiff/tif_next.c:64:9.
CVE-2016-10271	Hig	7.8	< 4.0.7-43.1	4.0.7-43.1	Mar 24, 2017	tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 1" and libtiff/tif_fax3.c:413:13.
CVE-2016-10270	Hig	7.8	< 4.0.7-43.1	4.0.7-43.1	Mar 24, 2017	LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 8" and libtiff/tif_read.c:523:22.

CVE-2014-8128Feb 12, 2020
affected < 4.0.9-44.7.1fixed 4.0.9-44.7.1
LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image.
CVE-2017-16232Mar 17, 2019
affected < 4.0.9-44.7.1fixed 4.0.9-44.7.1
LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue
CVE-2014-8127MedJun 26, 2017
affected < 4.0.7-35.1fixed 4.0.7-35.1
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCI
CVE-2017-9404MedJun 2, 2017
affected < 4.0.8-44.3.1fixed 4.0.8-44.3.1
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-9403MedJun 2, 2017
affected < 4.0.8-44.3.1fixed 4.0.8-44.3.1
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2016-10371MedMay 10, 2017
affected < 4.0.8-44.3.1fixed 4.0.8-44.3.1
The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file.
CVE-2017-7602HigApr 9, 2017
affected < 4.0.8-44.3.1fixed 4.0.8-44.3.1
LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVE-2017-7601HigApr 9, 2017
affected < 4.0.8-44.3.1fixed 4.0.8-44.3.1
LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVE-2017-7600HigApr 9, 2017
affected < 4.0.8-44.3.1fixed 4.0.8-44.3.1
LibTIFF 4.0.7 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVE-2017-7599HigApr 9, 2017
affected < 4.0.8-44.3.1fixed 4.0.8-44.3.1
LibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVE-2017-7598HigApr 9, 2017
affected < 4.0.8-44.3.1fixed 4.0.8-44.3.1
tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.
CVE-2017-7597HigApr 9, 2017
affected < 4.0.8-44.3.1fixed 4.0.8-44.3.1
tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVE-2017-7596HigApr 9, 2017
affected < 4.0.8-44.3.1fixed 4.0.8-44.3.1
LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVE-2017-7595MedApr 9, 2017
affected < 4.0.8-44.3.1fixed 4.0.8-44.3.1
The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.
CVE-2017-7594MedApr 9, 2017
affected < 4.0.8-44.3.1fixed 4.0.8-44.3.1
The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image.
CVE-2017-7593MedApr 9, 2017
affected < 4.0.8-44.3.1fixed 4.0.8-44.3.1
tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image.
CVE-2017-7592HigApr 9, 2017
affected < 4.0.8-44.3.1fixed 4.0.8-44.3.1
The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVE-2016-10272HigMar 24, 2017
affected < 4.0.7-43.1fixed 4.0.7-43.1
LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "WRITE of size 2048" and libtiff/tif_next.c:64:9.
CVE-2016-10271HigMar 24, 2017
affected < 4.0.7-43.1fixed 4.0.7-43.1
tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 1" and libtiff/tif_fax3.c:413:13.
CVE-2016-10270HigMar 24, 2017
affected < 4.0.7-43.1fixed 4.0.7-43.1
LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 8" and libtiff/tif_read.c:523:22.

Page 1 of 2