VYPR

Vendor CVEs

LibTIFF

All CVEs

269 total · sorted by risk
  • CVE-2015-8668CriJan 8, 2016
    risk 0.65cvss 9.8epss 0.14

    Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image.

  • CVE-2016-9540CriNov 22, 2016
    risk 0.64cvss 9.8epss 0.04

    tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow."

  • CVE-2016-9539CriNov 22, 2016
    risk 0.64cvss 9.8epss 0.03

    tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092.

  • CVE-2016-9538CriNov 22, 2016
    risk 0.64cvss 9.8epss 0.03

    tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100.

  • CVE-2016-9537CriNov 22, 2016
    risk 0.64cvss 9.8epss 0.03

    tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096, and MSVR 35097.

  • CVE-2016-9536CriNov 22, 2016
    risk 0.64cvss 9.8epss 0.03

    tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka "t2p_process_jpeg_strip heap-buffer-overflow."

  • CVE-2016-9535CriNov 22, 2016
    risk 0.64cvss 9.8epss 0.05

    tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."

  • CVE-2016-9534CriNov 22, 2016
    risk 0.64cvss 9.8epss 0.04

    tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow."

  • CVE-2016-9533CriNov 22, 2016
    risk 0.64cvss 9.8epss 0.03

    tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka "PixarLog horizontalDifference heap-buffer-overflow."

  • CVE-2015-7554CriJan 8, 2016
    risk 0.64cvss 9.8epss 0.04

    The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image.

  • CVE-2017-17095HigDec 2, 2017
    risk 0.61cvss 8.8epss 0.11

    tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.

  • CVE-2018-12900HigJun 26, 2018
    risk 0.59cvss 8.8epss 0.25

    Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote…

  • CVE-2016-6223CriJan 23, 2017
    risk 0.59cvss 9.1epss 0.03

    The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a negative index in a file-content buffer.

  • CVE-2018-17795HigSep 30, 2018
    risk 0.58cvss 8.8epss 0.04

    The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935.

  • CVE-2018-15209HigAug 8, 2018
    risk 0.58cvss 8.8epss 0.04

    ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf.

  • CVE-2014-8129HigMar 12, 2018
    risk 0.58cvss 8.8epss 0.04

    LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the…

  • CVE-2017-9935HigJun 26, 2017
    risk 0.58cvss 8.8epss 0.04

    In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or…

  • CVE-2017-5225HigJan 12, 2017
    risk 0.58cvss 8.8epss 0.04

    LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value.

  • CVE-2025-9900HigSep 23, 2025
    risk 0.57cvss 8.8epss 0.01

    A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into…

  • CVE-2018-17101HigSep 16, 2018
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.

  • CVE-2018-17100HigSep 16, 2018
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file.

  • CVE-2018-16335HigSep 2, 2018
    risk 0.57cvss 8.8epss 0.03

    newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by…

  • CVE-2018-8905HigMar 22, 2018
    risk 0.57cvss 8.8epss 0.03

    In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.

  • CVE-2018-5360HigJan 14, 2018
    risk 0.57cvss 8.8epss 0.02

    LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27.

  • CVE-2017-17973HigDec 29, 2017
    risk 0.57cvss 8.8epss 0.03

    In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue

  • CVE-2017-17942HigDec 28, 2017
    risk 0.57cvss 8.8epss 0.02

    In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c.

  • CVE-2017-11335HigJul 17, 2017
    risk 0.57cvss 8.8epss 0.04

    There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service…

  • CVE-2017-5563HigJan 23, 2017
    risk 0.57cvss 8.8epss 0.03

    LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff.

  • CVE-2016-3621HigOct 3, 2016
    risk 0.57cvss 8.8epss 0.02

    The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c lzw" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.

  • CVE-2016-8331HigOct 28, 2016
    risk 0.53cvss 8.1epss 0.07

    An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered…

  • CVE-2017-10688HigJun 29, 2017
    risk 0.52cvss 7.5epss 0.07

    In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A crafted input will lead to a remote denial of service attack.

  • CVE-2026-4775HigMar 24, 2026
    risk 0.51cvss 7.8epss 0.01

    A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer…

  • CVE-2016-5314HigMar 12, 2018
    risk 0.51cvss 8.8epss 0.05

    Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the…

  • CVE-2017-7602HigApr 9, 2017
    risk 0.51cvss 7.8epss 0.03

    LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

  • CVE-2017-7601HigApr 9, 2017
    risk 0.51cvss 7.8epss 0.02

    LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

  • CVE-2017-7600HigApr 9, 2017
    risk 0.51cvss 7.8epss 0.01

    LibTIFF 4.0.7 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

  • CVE-2017-7599HigApr 9, 2017
    risk 0.51cvss 7.8epss 0.02

    LibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

  • CVE-2017-7598HigApr 9, 2017
    risk 0.51cvss 7.8epss 0.03

    tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.

  • CVE-2017-7597HigApr 9, 2017
    risk 0.51cvss 7.8epss 0.02

    tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

  • CVE-2017-7596HigApr 9, 2017
    risk 0.51cvss 7.8epss 0.02

    LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

  • CVE-2017-7592HigApr 9, 2017
    risk 0.51cvss 7.8epss 0.02

    The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

  • CVE-2016-9453HigJan 27, 2017
    risk 0.51cvss 7.8epss 0.03

    The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one.

  • CVE-2016-3991HigSep 21, 2016
    risk 0.51cvss 7.8epss 0.04

    Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles.

  • CVE-2016-3990HigSep 21, 2016
    risk 0.51cvss 7.8epss 0.04

    Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp.

  • CVE-2016-3945HigSep 21, 2016
    risk 0.51cvss 7.8epss 0.03

    Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which…

  • CVE-2016-3632HigSep 21, 2016
    risk 0.51cvss 7.8epss 0.03

    The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image.

  • CVE-2023-52356HigJan 25, 2024
    risk 0.49cvss 7.5epss 0.02

    A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.

  • CVE-2017-12944HigAug 18, 2017
    risk 0.49cvss 7.5epss 0.03

    The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a…

  • CVE-2016-9448HigJan 27, 2017
    risk 0.49cvss 7.5epss 0.05

    The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting the tags TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII to values that access 0-byte arrays. NOTE: this vulnerability exists…

  • CVE-2016-5323HigJan 20, 2017
    risk 0.49cvss 7.5epss 0.06

    The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image.

Page 1 of 6