Vulnerabilities (CVE)

Filtered by vendor Libtiff Subscribe
Filtered by product Libtiff
Total 251 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-9404 3 Canonical, Debian, Libtiff 3 Ubuntu Linux, Debian Linux, Libtiff 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-9403 3 Canonical, Debian, Libtiff 3 Ubuntu Linux, Debian Linux, Libtiff 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-9147 1 Libtiff 1 Libtiff 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file.
CVE-2017-9117 2 Canonical, Libtiff 2 Ubuntu Linux, Libtiff 2024-11-21 7.5 HIGH 9.8 CRITICAL
In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff.
CVE-2017-7602 1 Libtiff 1 Libtiff 2024-11-21 6.8 MEDIUM 7.8 HIGH
LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVE-2017-7601 1 Libtiff 1 Libtiff 2024-11-21 6.8 MEDIUM 7.8 HIGH
LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVE-2017-7600 1 Libtiff 1 Libtiff 2024-11-21 6.8 MEDIUM 7.8 HIGH
LibTIFF 4.0.7 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVE-2017-7599 1 Libtiff 1 Libtiff 2024-11-21 6.8 MEDIUM 7.8 HIGH
LibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVE-2017-7598 1 Libtiff 1 Libtiff 2024-11-21 4.3 MEDIUM 7.8 HIGH
tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.
CVE-2017-7597 1 Libtiff 1 Libtiff 2024-11-21 6.8 MEDIUM 7.8 HIGH
tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVE-2017-7596 1 Libtiff 1 Libtiff 2024-11-21 6.8 MEDIUM 7.8 HIGH
LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVE-2017-7595 1 Libtiff 1 Libtiff 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.
CVE-2017-7594 1 Libtiff 1 Libtiff 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image.
CVE-2017-7593 1 Libtiff 1 Libtiff 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image.
CVE-2017-7592 1 Libtiff 1 Libtiff 2024-11-21 6.8 MEDIUM 7.8 HIGH
The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVE-2017-5563 1 Libtiff 1 Libtiff 2024-11-21 6.8 MEDIUM 8.8 HIGH
LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff.
CVE-2017-5225 1 Libtiff 1 Libtiff 2024-11-21 7.5 HIGH 9.8 CRITICAL
LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value.
CVE-2017-18013 1 Libtiff 1 Libtiff 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.
CVE-2017-17973 1 Libtiff 1 Libtiff 2024-11-21 6.8 MEDIUM 8.8 HIGH
In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue
CVE-2017-17942 1 Libtiff 1 Libtiff 2024-11-21 6.8 MEDIUM 8.8 HIGH
In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c.