Vulnerabilities > Libtiff

DATE CVE VULNERABILITY TITLE RISK
2018-01-01 CVE-2017-18013 NULL Pointer Dereference vulnerability in Libtiff 4.0.9
In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.
network
low complexity
libtiff CWE-476
6.5
2017-12-29 CVE-2017-17973 Use After Free vulnerability in Libtiff 4.0.8
In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c.
network
low complexity
libtiff CWE-416
8.8
2017-12-28 CVE-2017-17942 Out-of-bounds Read vulnerability in Libtiff 4.0.9
In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c.
network
low complexity
libtiff CWE-125
8.8
2017-12-02 CVE-2017-17095 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libtiff 4.0.9
tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.
network
low complexity
libtiff CWE-119
8.8
2017-08-29 CVE-2017-13727 Reachable Assertion vulnerability in Libtiff 4.0.8
There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag.
network
low complexity
libtiff CWE-617
6.5
2017-08-29 CVE-2017-13726 Reachable Assertion vulnerability in Libtiff 4.0.8
There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag.
network
low complexity
libtiff CWE-617
6.5
2017-08-18 CVE-2017-12944 Allocation of Resources Without Limits or Throttling vulnerability in Libtiff 4.0.8
The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation.
network
low complexity
libtiff CWE-770
7.5
2017-07-26 CVE-2017-11613 Improper Input Validation vulnerability in Libtiff 4.0.8
In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function.
network
low complexity
libtiff CWE-20
6.5
2017-07-17 CVE-2017-11335 Out-of-bounds Write vulnerability in Libtiff 4.0.8
There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c).
network
low complexity
libtiff CWE-787
8.8
2017-06-29 CVE-2017-10688 Improper Input Validation vulnerability in Libtiff 4.0.8
In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c.
network
low complexity
libtiff CWE-20
7.5