rpm package
suse/tiff&distro=SUSE Linux Enterprise Server 12 SP3-BCL
pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL
Vulnerabilities (22)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-3970 | — | < 4.0.9-44.59.1 | 4.0.9-44.59.1 | Nov 13, 2022 | A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed t | ||
| CVE-2022-3627 | — | < 4.0.9-44.59.1 | 4.0.9-44.59.1 | Oct 21, 2022 | LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is availabl | ||
| CVE-2022-3626 | — | < 4.0.9-44.59.1 | 4.0.9-44.59.1 | Oct 21, 2022 | LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is availa | ||
| CVE-2022-3599 | — | < 4.0.9-44.59.1 | 4.0.9-44.59.1 | Oct 21, 2022 | LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125. | ||
| CVE-2022-3597 | — | < 4.0.9-44.59.1 | 4.0.9-44.59.1 | Oct 21, 2022 | LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is availabl | ||
| CVE-2022-2521 | — | < 4.0.9-44.56.1 | 4.0.9-44.56.1 | Aug 31, 2022 | It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input. | ||
| CVE-2022-2520 | — | < 4.0.9-44.56.1 | 4.0.9-44.56.1 | Aug 31, 2022 | A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input. | ||
| CVE-2022-2519 | — | < 4.0.9-44.56.1 | 4.0.9-44.56.1 | Aug 31, 2022 | There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1 | ||
| CVE-2022-2869 | — | < 4.0.9-44.56.1 | 4.0.9-44.56.1 | Aug 17, 2022 | libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with ti | ||
| CVE-2022-2868 | — | < 4.0.9-44.56.1 | 4.0.9-44.56.1 | Aug 17, 2022 | libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop. | ||
| CVE-2022-2867 | — | < 4.0.9-44.56.1 | 4.0.9-44.56.1 | Aug 17, 2022 | libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploita | ||
| CVE-2022-34526 | — | < 4.0.9-44.56.1 | 4.0.9-44.56.1 | Jul 29, 2022 | A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the "tiffsplit" or "tiffcrop" utilities. | ||
| CVE-2022-34266 | — | < 4.0.9-44.56.1 | 4.0.9-44.56.1 | Jul 19, 2022 | The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 allows attackers to cause a denial of service (application crash), a different vulnerability than CVE-2022-0562. When processing a malicious TIFF file, an invalid range may be passed as an argument to the memset | ||
| CVE-2022-0561 | — | < 4.0.9-44.56.1 | 4.0.9-44.56.1 | Feb 11, 2022 | Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commi | ||
| CVE-2022-22844 | — | < 4.0.9-44.45.1 | 4.0.9-44.45.1 | Jan 8, 2022 | LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field. | ||
| CVE-2020-19131 | — | < 4.0.9-44.45.1 | 4.0.9-44.45.1 | Sep 7, 2021 | Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop". | ||
| CVE-2020-35524 | — | < 4.0.9-44.45.1 | 4.0.9-44.45.1 | Mar 9, 2021 | A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system ava | ||
| CVE-2020-35523 | — | < 4.0.9-44.45.1 | 4.0.9-44.45.1 | Mar 9, 2021 | An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as s | ||
| CVE-2020-35522 | — | < 4.0.9-44.45.1 | 4.0.9-44.45.1 | Mar 9, 2021 | In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack. | ||
| CVE-2020-35521 | — | < 4.0.9-44.45.1 | 4.0.9-44.45.1 | Mar 9, 2021 | A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service. |
- CVE-2022-3970Nov 13, 2022affected < 4.0.9-44.59.1fixed 4.0.9-44.59.1
A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed t
- CVE-2022-3627Oct 21, 2022affected < 4.0.9-44.59.1fixed 4.0.9-44.59.1
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is availabl
- CVE-2022-3626Oct 21, 2022affected < 4.0.9-44.59.1fixed 4.0.9-44.59.1
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is availa
- CVE-2022-3599Oct 21, 2022affected < 4.0.9-44.59.1fixed 4.0.9-44.59.1
LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.
- CVE-2022-3597Oct 21, 2022affected < 4.0.9-44.59.1fixed 4.0.9-44.59.1
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is availabl
- CVE-2022-2521Aug 31, 2022affected < 4.0.9-44.56.1fixed 4.0.9-44.56.1
It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input.
- CVE-2022-2520Aug 31, 2022affected < 4.0.9-44.56.1fixed 4.0.9-44.56.1
A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input.
- CVE-2022-2519Aug 31, 2022affected < 4.0.9-44.56.1fixed 4.0.9-44.56.1
There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1
- CVE-2022-2869Aug 17, 2022affected < 4.0.9-44.56.1fixed 4.0.9-44.56.1
libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with ti
- CVE-2022-2868Aug 17, 2022affected < 4.0.9-44.56.1fixed 4.0.9-44.56.1
libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop.
- CVE-2022-2867Aug 17, 2022affected < 4.0.9-44.56.1fixed 4.0.9-44.56.1
libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploita
- CVE-2022-34526Jul 29, 2022affected < 4.0.9-44.56.1fixed 4.0.9-44.56.1
A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the "tiffsplit" or "tiffcrop" utilities.
- CVE-2022-34266Jul 19, 2022affected < 4.0.9-44.56.1fixed 4.0.9-44.56.1
The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 allows attackers to cause a denial of service (application crash), a different vulnerability than CVE-2022-0562. When processing a malicious TIFF file, an invalid range may be passed as an argument to the memset
- CVE-2022-0561Feb 11, 2022affected < 4.0.9-44.56.1fixed 4.0.9-44.56.1
Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commi
- CVE-2022-22844Jan 8, 2022affected < 4.0.9-44.45.1fixed 4.0.9-44.45.1
LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.
- CVE-2020-19131Sep 7, 2021affected < 4.0.9-44.45.1fixed 4.0.9-44.45.1
Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop".
- CVE-2020-35524Mar 9, 2021affected < 4.0.9-44.45.1fixed 4.0.9-44.45.1
A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system ava
- CVE-2020-35523Mar 9, 2021affected < 4.0.9-44.45.1fixed 4.0.9-44.45.1
An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as s
- CVE-2020-35522Mar 9, 2021affected < 4.0.9-44.45.1fixed 4.0.9-44.45.1
In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.
- CVE-2020-35521Mar 9, 2021affected < 4.0.9-44.45.1fixed 4.0.9-44.45.1
A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.
Page 1 of 2