VYPR

Libtiff

by LibTIFF

Source repositories

CVEs (269)

  • CVE-2022-22844Jan 8, 2022
    risk 0.00cvss epss 0.01

    LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.

  • CVE-2020-19144Sep 9, 2021
    risk 0.00cvss epss 0.02

    Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'in _TIFFmemcpy' funtion in the component 'tif_unix.c'.

  • CVE-2020-19143Sep 9, 2021
    risk 0.00cvss epss 0.01

    Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "TIFFVGetField" funtion in the component 'libtiff/tif_dir.c'.

  • CVE-2020-19131Sep 7, 2021
    risk 0.00cvss epss 0.02

    Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop".

  • CVE-2020-35524Mar 9, 2021
    risk 0.00cvss epss 0.02

    A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system…

  • CVE-2020-35523Mar 9, 2021
    risk 0.00cvss epss 0.02

    An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as…

  • CVE-2020-35522Mar 9, 2021
    risk 0.00cvss epss 0.02

    In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.

  • CVE-2020-35521Mar 9, 2021
    risk 0.00cvss epss 0.01

    A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.

  • CVE-2014-8128Feb 12, 2020
    risk 0.00cvss epss 0.04

    LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image.

  • CVE-2019-17546Oct 14, 2019
    risk 0.00cvss epss 0.03

    tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.

  • CVE-2019-14973Aug 14, 2019
    risk 0.00cvss epss 0.04

    _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash.

  • CVE-2017-16232Mar 17, 2019
    risk 0.00cvss epss 0.05

    LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue

  • CVE-2019-7663Feb 9, 2019
    risk 0.00cvss epss 0.03

    An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a…

  • CVE-2019-6128Jan 11, 2019
    risk 0.00cvss epss 0.04

    The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.

  • CVE-2018-18661Oct 26, 2018
    risk 0.00cvss epss 0.03

    An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.

  • CVE-2014-9330Jan 20, 2015
    risk 0.00cvss epss 0.04

    Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) via crafted BMP image, related to dimensions, which triggers an out-of-bounds read.

  • CVE-2013-4244Sep 28, 2013
    risk 0.00cvss epss 0.03

    The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image.

  • CVE-2013-4232Sep 10, 2013
    risk 0.00cvss epss 0.05

    Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted TIFF image.

  • CVE-2013-1961Jul 3, 2013
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file.

  • CVE-2012-5581Jan 4, 2013
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image.