Vulnerabilities > Libtiff

DATE CVE VULNERABILITY TITLE RISK
2018-05-08 CVE-2018-10801 Missing Release of Resource after Effective Lifetime vulnerability in Libtiff 3.8.2
TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory leaks, as demonstrated by bmp2tiff.
network
low complexity
libtiff CWE-772
6.5
2018-05-07 CVE-2018-10779 Out-of-bounds Read vulnerability in multiple products
TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff.
network
low complexity
libtiff canonical CWE-125
6.5
2018-04-21 CVE-2018-10126 NULL Pointer Dereference vulnerability in Libtiff 4.0.9
ijg-libjpeg before 9d, as used in tiff2pdf (from LibTIFF) and other products, does not check for a NULL pointer at a certain place in jpeg_fdct_16x16 in jfdctint.c.
network
low complexity
libtiff CWE-476
6.5
2018-03-22 CVE-2018-8905 Out-of-bounds Write vulnerability in multiple products
In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.
network
low complexity
libtiff debian canonical redhat CWE-787
8.8
2018-03-12 CVE-2016-5314 Out-of-bounds Write vulnerability in multiple products
Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr.
network
low complexity
libtiff opensuse redhat debian CWE-787
8.8
2018-03-12 CVE-2014-8130 Divide By Zero vulnerability in multiple products
The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.
network
low complexity
libtiff redhat apple CWE-369
6.5
2018-03-12 CVE-2014-8129 Out-of-bounds Write vulnerability in multiple products
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c.
network
low complexity
libtiff debian redhat apple CWE-787
8.8
2018-02-24 CVE-2018-7456 NULL Pointer Dereference vulnerability in multiple products
A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013.
network
low complexity
libtiff debian canonical CWE-476
6.5
2018-01-19 CVE-2018-5784 Resource Exhaustion vulnerability in multiple products
In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c.
network
low complexity
libtiff debian canonical CWE-400
6.5
2018-01-14 CVE-2018-5360 Out-of-bounds Read vulnerability in multiple products
LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27.
network
low complexity
libtiff graphicsmagick CWE-125
8.8