3.9.7

DATE	CVE	VULNERABILITY TITLE	RISK
2022-03-10	CVE-2022-0891	Out-of-bounds Write vulnerability in multiple products A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact network low complexity libtiff debian fedoraproject netapp CWE-787	7.1
2022-02-11	CVE-2022-0561	NULL Pointer Dereference vulnerability in multiple products Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. local low complexity libtiff redhat fedoraproject debian netapp CWE-476	5.5
2021-03-09	CVE-2020-35524	Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. local low complexity libtiff debian fedoraproject netapp redhat CWE-787	7.8
2021-03-09	CVE-2020-35523	Integer Overflow or Wraparound vulnerability in multiple products An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. local low complexity libtiff debian netapp redhat CWE-190	7.8
2021-03-09	CVE-2020-35522	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. local low complexity libtiff netapp fedoraproject redhat CWE-119	5.5
2021-03-09	CVE-2020-35521	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A flaw was found in libtiff. local low complexity libtiff redhat fedoraproject netapp CWE-119	5.5
2020-02-12	CVE-2014-8128	Out-of-bounds Write vulnerability in Libtiff LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image. network libtiff apple CWE-787	4.3
2019-10-14	CVE-2019-17546	Integer Overflow or Wraparound vulnerability in multiple products tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition. network low complexity libtiff osgeo CWE-190	8.8
2019-08-14	CVE-2019-14973	Integer Overflow or Wraparound vulnerability in multiple products _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. network low complexity libtiff debian fedoraproject opensuse CWE-190	6.5
2018-05-10	CVE-2018-10963	Reachable Assertion vulnerability in multiple products The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726. network libtiff debian canonical CWE-617	4.3