rpm package

suse/tiff&distro=SUSE Linux Enterprise Software Development Kit 11 SP4

pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4

Vulnerabilities (70)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2014-8128		—	< 3.8.2-141.160.1	3.8.2-141.160.1	Feb 12, 2020	LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image.
CVE-2019-6128		—	< 3.8.2-141.169.31.1	3.8.2-141.169.31.1	Jan 11, 2019	The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.
CVE-2018-18661		—	< 3.8.2-141.169.22.1	3.8.2-141.169.22.1	Oct 26, 2018	An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.
CVE-2018-17795		—	< 3.8.2-141.169.19.1	3.8.2-141.169.19.1	Sep 30, 2018	The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935.
CVE-2018-17101		—	< 3.8.2-141.169.19.1	3.8.2-141.169.19.1	Sep 16, 2018	An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.
CVE-2018-17100		—	< 3.8.2-141.169.19.1	3.8.2-141.169.19.1	Sep 16, 2018	An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file.
CVE-2018-16335		—	< 3.8.2-141.169.19.1	3.8.2-141.169.19.1	Sep 2, 2018	newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tif
CVE-2018-12900		—	< 3.8.2-141.169.22.1	3.8.2-141.169.22.1	Jun 26, 2018	Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attack
CVE-2018-10779		—	< 3.8.2-141.169.16.1	3.8.2-141.169.16.1	May 7, 2018	TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff.
CVE-2018-8905		—	< 3.8.2-141.169.9.1	3.8.2-141.169.9.1	Mar 22, 2018	In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.
CVE-2016-5314		—	< 3.8.2-141.168.1	3.8.2-141.168.1	Mar 12, 2018	Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent
CVE-2014-8130		—	< 3.8.2-141.160.1	3.8.2-141.160.1	Mar 12, 2018	The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.
CVE-2014-8129		—	< 3.8.2-141.160.1	3.8.2-141.160.1	Mar 12, 2018	LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsi
CVE-2018-7456		—	< 3.8.2-141.169.9.1	3.8.2-141.169.9.1	Feb 24, 2018	A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the t
CVE-2017-18013		—	< 3.8.2-141.169.6.1	3.8.2-141.169.6.1	Jan 1, 2018	In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.
CVE-2017-17973	Hig	8.8	< 3.8.2-141.169.3.1	3.8.2-141.169.3.1	Dec 29, 2017	In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue
CVE-2017-17942	Hig	8.8	< 3.8.2-141.169.16.1	3.8.2-141.169.16.1	Dec 28, 2017	In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c.
CVE-2017-11613	Med	6.5	< 3.8.2-141.169.9.1	3.8.2-141.169.9.1	Jul 26, 2017	In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In
CVE-2017-11335	Hig	8.8	< 3.8.2-141.169.3.1	3.8.2-141.169.3.1	Jul 17, 2017	There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service atta
CVE-2014-8127	Med	6.5	< 3.8.2-141.160.1	3.8.2-141.160.1	Jun 26, 2017	LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCI

CVE-2014-8128Feb 12, 2020
affected < 3.8.2-141.160.1fixed 3.8.2-141.160.1
LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image.
CVE-2019-6128Jan 11, 2019
affected < 3.8.2-141.169.31.1fixed 3.8.2-141.169.31.1
The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.
CVE-2018-18661Oct 26, 2018
affected < 3.8.2-141.169.22.1fixed 3.8.2-141.169.22.1
An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.
CVE-2018-17795Sep 30, 2018
affected < 3.8.2-141.169.19.1fixed 3.8.2-141.169.19.1
The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935.
CVE-2018-17101Sep 16, 2018
affected < 3.8.2-141.169.19.1fixed 3.8.2-141.169.19.1
An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.
CVE-2018-17100Sep 16, 2018
affected < 3.8.2-141.169.19.1fixed 3.8.2-141.169.19.1
An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file.
CVE-2018-16335Sep 2, 2018
affected < 3.8.2-141.169.19.1fixed 3.8.2-141.169.19.1
newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tif
CVE-2018-12900Jun 26, 2018
affected < 3.8.2-141.169.22.1fixed 3.8.2-141.169.22.1
Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attack
CVE-2018-10779May 7, 2018
affected < 3.8.2-141.169.16.1fixed 3.8.2-141.169.16.1
TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff.
CVE-2018-8905Mar 22, 2018
affected < 3.8.2-141.169.9.1fixed 3.8.2-141.169.9.1
In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.
CVE-2016-5314Mar 12, 2018
affected < 3.8.2-141.168.1fixed 3.8.2-141.168.1
Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent
CVE-2014-8130Mar 12, 2018
affected < 3.8.2-141.160.1fixed 3.8.2-141.160.1
The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.
CVE-2014-8129Mar 12, 2018
affected < 3.8.2-141.160.1fixed 3.8.2-141.160.1
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsi
CVE-2018-7456Feb 24, 2018
affected < 3.8.2-141.169.9.1fixed 3.8.2-141.169.9.1
A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the t
CVE-2017-18013Jan 1, 2018
affected < 3.8.2-141.169.6.1fixed 3.8.2-141.169.6.1
In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.
CVE-2017-17973HigDec 29, 2017
affected < 3.8.2-141.169.3.1fixed 3.8.2-141.169.3.1
In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue
CVE-2017-17942HigDec 28, 2017
affected < 3.8.2-141.169.16.1fixed 3.8.2-141.169.16.1
In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c.
CVE-2017-11613MedJul 26, 2017
affected < 3.8.2-141.169.9.1fixed 3.8.2-141.169.9.1
In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In
CVE-2017-11335HigJul 17, 2017
affected < 3.8.2-141.169.3.1fixed 3.8.2-141.169.3.1
There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service atta
CVE-2014-8127MedJun 26, 2017
affected < 3.8.2-141.160.1fixed 3.8.2-141.160.1
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCI

Page 1 of 4