rpm package
suse/tiff&distro=SUSE Linux Enterprise Software Development Kit 12 SP3
pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3
Vulnerabilities (46)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-8128 | — | < 4.0.9-44.7.1 | 4.0.9-44.7.1 | Feb 12, 2020 | LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image. | ||
| CVE-2017-16232 | — | < 4.0.9-44.7.1 | 4.0.9-44.7.1 | Mar 17, 2019 | LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue | ||
| CVE-2018-19210 | — | < 4.0.9-44.30.1 | 4.0.9-44.30.1 | Nov 12, 2018 | In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset. | ||
| CVE-2018-18661 | — | < 4.0.9-44.27.1 | 4.0.9-44.27.1 | Oct 26, 2018 | An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c. | ||
| CVE-2018-18557 | — | < 4.0.9-44.27.1 | 4.0.9-44.27.1 | Oct 22, 2018 | LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads | ||
| CVE-2018-17795 | — | < 4.0.9-44.24.1 | 4.0.9-44.24.1 | Sep 30, 2018 | The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935. | ||
| CVE-2018-17101 | — | < 4.0.9-44.24.1 | 4.0.9-44.24.1 | Sep 16, 2018 | An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. | ||
| CVE-2018-17100 | — | < 4.0.9-44.24.1 | 4.0.9-44.24.1 | Sep 16, 2018 | An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. | ||
| CVE-2018-16335 | — | < 4.0.9-44.24.1 | 4.0.9-44.24.1 | Sep 2, 2018 | newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tif | ||
| CVE-2018-12900 | — | < 4.0.9-44.27.1 | 4.0.9-44.27.1 | Jun 26, 2018 | Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attack | ||
| CVE-2018-10963 | — | < 4.0.9-44.15.2 | 4.0.9-44.15.2 | May 10, 2018 | The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726. | ||
| CVE-2018-10779 | — | < 4.0.9-44.21.1 | 4.0.9-44.21.1 | May 7, 2018 | TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff. | ||
| CVE-2018-8905 | — | < 4.0.9-44.15.2 | 4.0.9-44.15.2 | Mar 22, 2018 | In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps. | ||
| CVE-2018-7456 | — | < 4.0.9-44.15.2 | 4.0.9-44.15.2 | Feb 24, 2018 | A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the t | ||
| CVE-2018-5784 | — | < 4.0.9-44.10.1 | 4.0.9-44.10.1 | Jan 19, 2018 | In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is n | ||
| CVE-2017-18013 | — | < 4.0.9-44.15.2 | 4.0.9-44.15.2 | Jan 1, 2018 | In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash. | ||
| CVE-2017-17973 | Hig | 8.8 | < 4.0.9-44.10.1 | 4.0.9-44.10.1 | Dec 29, 2017 | In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue | |
| CVE-2017-17942 | Hig | 8.8 | < 4.0.9-44.21.1 | 4.0.9-44.21.1 | Dec 28, 2017 | In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c. | |
| CVE-2017-13726 | Med | 6.5 | < 4.0.9-44.15.2 | 4.0.9-44.15.2 | Aug 29, 2017 | There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack. | |
| CVE-2017-12944 | Hig | 7.5 | < 4.0.9-44.30.1 | 4.0.9-44.30.1 | Aug 18, 2017 | The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff |
- CVE-2014-8128Feb 12, 2020affected < 4.0.9-44.7.1fixed 4.0.9-44.7.1
LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image.
- CVE-2017-16232Mar 17, 2019affected < 4.0.9-44.7.1fixed 4.0.9-44.7.1
LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue
- CVE-2018-19210Nov 12, 2018affected < 4.0.9-44.30.1fixed 4.0.9-44.30.1
In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset.
- CVE-2018-18661Oct 26, 2018affected < 4.0.9-44.27.1fixed 4.0.9-44.27.1
An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.
- CVE-2018-18557Oct 22, 2018affected < 4.0.9-44.27.1fixed 4.0.9-44.27.1
LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads
- CVE-2018-17795Sep 30, 2018affected < 4.0.9-44.24.1fixed 4.0.9-44.24.1
The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935.
- CVE-2018-17101Sep 16, 2018affected < 4.0.9-44.24.1fixed 4.0.9-44.24.1
An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.
- CVE-2018-17100Sep 16, 2018affected < 4.0.9-44.24.1fixed 4.0.9-44.24.1
An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file.
- CVE-2018-16335Sep 2, 2018affected < 4.0.9-44.24.1fixed 4.0.9-44.24.1
newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tif
- CVE-2018-12900Jun 26, 2018affected < 4.0.9-44.27.1fixed 4.0.9-44.27.1
Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attack
- CVE-2018-10963May 10, 2018affected < 4.0.9-44.15.2fixed 4.0.9-44.15.2
The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726.
- CVE-2018-10779May 7, 2018affected < 4.0.9-44.21.1fixed 4.0.9-44.21.1
TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff.
- CVE-2018-8905Mar 22, 2018affected < 4.0.9-44.15.2fixed 4.0.9-44.15.2
In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.
- CVE-2018-7456Feb 24, 2018affected < 4.0.9-44.15.2fixed 4.0.9-44.15.2
A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the t
- CVE-2018-5784Jan 19, 2018affected < 4.0.9-44.10.1fixed 4.0.9-44.10.1
In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is n
- CVE-2017-18013Jan 1, 2018affected < 4.0.9-44.15.2fixed 4.0.9-44.15.2
In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.
- affected < 4.0.9-44.10.1fixed 4.0.9-44.10.1
In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue
- affected < 4.0.9-44.21.1fixed 4.0.9-44.21.1
In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c.
- affected < 4.0.9-44.15.2fixed 4.0.9-44.15.2
There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack.
- affected < 4.0.9-44.30.1fixed 4.0.9-44.30.1
The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff
Page 1 of 3