Vulnerabilities > Libtiff > Libtiff > 4.5.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-25 | CVE-2023-52355 | Out-of-bounds Write vulnerability in multiple products An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. | 7.5 |
| 2023-11-02 | CVE-2023-3164 | Out-of-bounds Write vulnerability in multiple products A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. | 5.5 |
| 2023-10-05 | CVE-2023-40745 | Integer Overflow or Wraparound vulnerability in multiple products LibTIFF is vulnerable to an integer overflow. | 6.5 |
| 2023-10-05 | CVE-2023-41175 | Integer Overflow or Wraparound vulnerability in multiple products A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. | 6.5 |
| 2023-10-04 | CVE-2023-3576 | Memory Leak vulnerability in multiple products A memory leak flaw was found in Libtiff's tiffcrop utility. | 5.5 |
| 2023-07-12 | CVE-2023-3618 | Classic Buffer Overflow vulnerability in multiple products A flaw was found in libtiff. | 6.5 |
| 2023-06-29 | CVE-2023-25433 | Classic Buffer Overflow vulnerability in Libtiff 4.5.0 libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. | 5.5 |
| 2023-06-29 | CVE-2023-26966 | Classic Buffer Overflow vulnerability in Libtiff 4.5.0 libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian. | 5.5 |
| 2023-06-21 | CVE-2023-25435 | Classic Buffer Overflow vulnerability in Libtiff 4.5.0 libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753. | 5.5 |
| 2023-06-19 | CVE-2023-3316 | NULL Pointer Dereference vulnerability in Libtiff A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones. | 6.5 |