VYPR

Libtiff

by LibTIFF

Source repositories

CVEs (269)

  • CVE-2018-17100HigSep 16, 2018
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file.

  • CVE-2018-16335HigSep 2, 2018
    risk 0.57cvss 8.8epss 0.03

    newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by…

  • CVE-2018-8905HigMar 22, 2018
    risk 0.57cvss 8.8epss 0.03

    In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.

  • CVE-2018-5360HigJan 14, 2018
    risk 0.57cvss 8.8epss 0.02

    LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27.

  • CVE-2017-17973HigDec 29, 2017
    risk 0.57cvss 8.8epss 0.03

    In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue

  • CVE-2017-17942HigDec 28, 2017
    risk 0.57cvss 8.8epss 0.02

    In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c.

  • CVE-2017-11335HigJul 17, 2017
    risk 0.57cvss 8.8epss 0.04

    There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service…

  • CVE-2017-5563HigJan 23, 2017
    risk 0.57cvss 8.8epss 0.03

    LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff.

  • CVE-2016-3621HigOct 3, 2016
    risk 0.57cvss 8.8epss 0.02

    The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c lzw" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.

  • CVE-2016-8331HigOct 28, 2016
    risk 0.53cvss 8.1epss 0.07

    An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered…

  • CVE-2017-10688HigJun 29, 2017
    risk 0.52cvss 7.5epss 0.07

    In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A crafted input will lead to a remote denial of service attack.

  • CVE-2026-4775HigMar 24, 2026
    risk 0.51cvss 7.8epss 0.01

    A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer…

  • CVE-2016-5314HigMar 12, 2018
    risk 0.51cvss 8.8epss 0.05

    Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the…

  • CVE-2017-7602HigApr 9, 2017
    risk 0.51cvss 7.8epss 0.03

    LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

  • CVE-2017-7601HigApr 9, 2017
    risk 0.51cvss 7.8epss 0.02

    LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

  • CVE-2017-7600HigApr 9, 2017
    risk 0.51cvss 7.8epss 0.01

    LibTIFF 4.0.7 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

  • CVE-2017-7599HigApr 9, 2017
    risk 0.51cvss 7.8epss 0.02

    LibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

  • CVE-2017-7598HigApr 9, 2017
    risk 0.51cvss 7.8epss 0.03

    tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.

  • CVE-2017-7597HigApr 9, 2017
    risk 0.51cvss 7.8epss 0.02

    tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

  • CVE-2017-7596HigApr 9, 2017
    risk 0.51cvss 7.8epss 0.02

    LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

Page 2 of 14