Vulnerabilities > Libtiff

DATE CVE VULNERABILITY TITLE RISK
2017-06-26 CVE-2014-8127 Out-of-bounds Read vulnerability in multiple products
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.
network
low complexity
libtiff opensuse CWE-125
6.5
2017-06-26 CVE-2017-9937 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libtiff
In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c.
network
low complexity
libtiff CWE-119
6.5
2017-06-26 CVE-2017-9936 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c.
network
low complexity
libtiff debian canonical CWE-772
6.5
2017-06-26 CVE-2017-9935 Out-of-bounds Read vulnerability in multiple products
In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c.
network
low complexity
libtiff canonical debian CWE-125
8.8
2017-06-22 CVE-2017-9815 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a denial of service (memory leak within the function _TIFFmalloc in tif_unix.c) via a crafted file.
network
low complexity
libtiff canonical CWE-772
6.5
2017-06-02 CVE-2017-9404 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file.
network
low complexity
libtiff debian canonical CWE-772
6.5
2017-06-02 CVE-2017-9403 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.
network
low complexity
libtiff debian canonical CWE-772
6.5
2017-05-22 CVE-2017-9147 Out-of-bounds Read vulnerability in Libtiff 4.0.7
LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file.
network
low complexity
libtiff CWE-125
6.5
2017-05-21 CVE-2017-9117 Out-of-bounds Read vulnerability in multiple products
In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff.
network
low complexity
libtiff canonical CWE-125
critical
9.8
2017-05-10 CVE-2016-10371 Improper Input Validation vulnerability in Libtiff 4.0.6
The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file.
local
low complexity
libtiff CWE-20
5.5