rpm package
suse/tiff&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP3
pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3
Vulnerabilities (54)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-22844 | — | < 4.0.9-44.45.1 | 4.0.9-44.45.1 | Jan 8, 2022 | LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field. | ||
| CVE-2020-19131 | — | < 4.0.9-44.45.1 | 4.0.9-44.45.1 | Sep 7, 2021 | Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop". | ||
| CVE-2020-35524 | — | < 4.0.9-44.45.1 | 4.0.9-44.45.1 | Mar 9, 2021 | A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system ava | ||
| CVE-2020-35523 | — | < 4.0.9-44.45.1 | 4.0.9-44.45.1 | Mar 9, 2021 | An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as s | ||
| CVE-2020-35522 | — | < 4.0.9-44.45.1 | 4.0.9-44.45.1 | Mar 9, 2021 | In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack. | ||
| CVE-2020-35521 | — | < 4.0.9-44.45.1 | 4.0.9-44.45.1 | Mar 9, 2021 | A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service. | ||
| CVE-2014-8128 | — | < 4.0.9-44.7.1 | 4.0.9-44.7.1 | Feb 12, 2020 | LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image. | ||
| CVE-2019-17546 | — | < 4.0.9-44.45.1 | 4.0.9-44.45.1 | Oct 14, 2019 | tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition. | ||
| CVE-2017-16232 | — | < 4.0.9-44.7.1 | 4.0.9-44.7.1 | Mar 17, 2019 | LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue | ||
| CVE-2018-19210 | — | < 4.0.9-44.30.1 | 4.0.9-44.30.1 | Nov 12, 2018 | In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset. | ||
| CVE-2018-18661 | — | < 4.0.9-44.27.1 | 4.0.9-44.27.1 | Oct 26, 2018 | An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c. | ||
| CVE-2018-18557 | — | < 4.0.9-44.27.1 | 4.0.9-44.27.1 | Oct 22, 2018 | LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads | ||
| CVE-2018-17795 | — | < 4.0.9-44.24.1 | 4.0.9-44.24.1 | Sep 30, 2018 | The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935. | ||
| CVE-2018-17101 | — | < 4.0.9-44.24.1 | 4.0.9-44.24.1 | Sep 16, 2018 | An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. | ||
| CVE-2018-17100 | — | < 4.0.9-44.24.1 | 4.0.9-44.24.1 | Sep 16, 2018 | An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. | ||
| CVE-2018-16335 | — | < 4.0.9-44.24.1 | 4.0.9-44.24.1 | Sep 2, 2018 | newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tif | ||
| CVE-2018-12900 | — | < 4.0.9-44.27.1 | 4.0.9-44.27.1 | Jun 26, 2018 | Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attack | ||
| CVE-2018-10963 | — | < 4.0.9-44.15.2 | 4.0.9-44.15.2 | May 10, 2018 | The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726. | ||
| CVE-2018-10779 | — | < 4.0.9-44.21.1 | 4.0.9-44.21.1 | May 7, 2018 | TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff. | ||
| CVE-2018-8905 | — | < 4.0.9-44.15.2 | 4.0.9-44.15.2 | Mar 22, 2018 | In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps. |
- CVE-2022-22844Jan 8, 2022affected < 4.0.9-44.45.1fixed 4.0.9-44.45.1
LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.
- CVE-2020-19131Sep 7, 2021affected < 4.0.9-44.45.1fixed 4.0.9-44.45.1
Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop".
- CVE-2020-35524Mar 9, 2021affected < 4.0.9-44.45.1fixed 4.0.9-44.45.1
A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system ava
- CVE-2020-35523Mar 9, 2021affected < 4.0.9-44.45.1fixed 4.0.9-44.45.1
An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as s
- CVE-2020-35522Mar 9, 2021affected < 4.0.9-44.45.1fixed 4.0.9-44.45.1
In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.
- CVE-2020-35521Mar 9, 2021affected < 4.0.9-44.45.1fixed 4.0.9-44.45.1
A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.
- CVE-2014-8128Feb 12, 2020affected < 4.0.9-44.7.1fixed 4.0.9-44.7.1
LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image.
- CVE-2019-17546Oct 14, 2019affected < 4.0.9-44.45.1fixed 4.0.9-44.45.1
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.
- CVE-2017-16232Mar 17, 2019affected < 4.0.9-44.7.1fixed 4.0.9-44.7.1
LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue
- CVE-2018-19210Nov 12, 2018affected < 4.0.9-44.30.1fixed 4.0.9-44.30.1
In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset.
- CVE-2018-18661Oct 26, 2018affected < 4.0.9-44.27.1fixed 4.0.9-44.27.1
An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.
- CVE-2018-18557Oct 22, 2018affected < 4.0.9-44.27.1fixed 4.0.9-44.27.1
LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads
- CVE-2018-17795Sep 30, 2018affected < 4.0.9-44.24.1fixed 4.0.9-44.24.1
The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935.
- CVE-2018-17101Sep 16, 2018affected < 4.0.9-44.24.1fixed 4.0.9-44.24.1
An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.
- CVE-2018-17100Sep 16, 2018affected < 4.0.9-44.24.1fixed 4.0.9-44.24.1
An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file.
- CVE-2018-16335Sep 2, 2018affected < 4.0.9-44.24.1fixed 4.0.9-44.24.1
newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tif
- CVE-2018-12900Jun 26, 2018affected < 4.0.9-44.27.1fixed 4.0.9-44.27.1
Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attack
- CVE-2018-10963May 10, 2018affected < 4.0.9-44.15.2fixed 4.0.9-44.15.2
The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726.
- CVE-2018-10779May 7, 2018affected < 4.0.9-44.21.1fixed 4.0.9-44.21.1
TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff.
- CVE-2018-8905Mar 22, 2018affected < 4.0.9-44.15.2fixed 4.0.9-44.15.2
In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.
Page 1 of 3