Vulnerabilities > Libtiff > Libtiff > 3.9.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-07-06 | CVE-2010-2631 | Improper Input Validation vulnerability in Libtiff 3.9.0 LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during the second stage, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481. | 4.3 |
| 2010-07-06 | CVE-2010-2630 | Improper Input Validation vulnerability in Libtiff 3.9.0 The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481. | 4.3 |
| 2010-07-02 | CVE-2010-2597 | Improper Input Validation vulnerability in Libtiff 3.9.0/3.9.2 The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image, related to "downsampled OJPEG input" and possibly related to a compiler optimization that triggers a divide-by-zero error. | 4.3 |
| 2010-07-02 | CVE-2010-2596 | Improper Input Validation vulnerability in Libtiff 3.9.0/3.9.2 The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2, as used in tiff2ps, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF image, related to "downsampled OJPEG input." | 4.3 |
| 2010-07-02 | CVE-2010-2595 | Improper Input Validation vulnerability in Libtiff 3.9.0/3.9.2 The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to "downsampled OJPEG input." | 4.3 |
| 2010-06-24 | CVE-2010-2443 | Unspecified vulnerability in Libtiff The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an OJPEG image with undefined strip offsets, related to the TIFFVGetField function. | 5.0 |
| 2010-06-24 | CVE-2010-2065 | Numeric Errors vulnerability in Libtiff Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF file that triggers a buffer overflow. | 6.8 |