Vulnerabilities > Libtiff

DATE CVE VULNERABILITY TITLE RISK
2017-04-09 CVE-2017-7593 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libtiff 4.0.7
tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image.
local
low complexity
libtiff CWE-119
5.5
2017-04-09 CVE-2017-7592 Improper Input Validation vulnerability in Libtiff 4.0.7
The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
local
low complexity
libtiff CWE-20
7.8
2017-03-24 CVE-2016-10272 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libtiff 4.0.7
LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "WRITE of size 2048" and libtiff/tif_next.c:64:9.
local
low complexity
libtiff CWE-119
7.8
2017-03-24 CVE-2016-10271 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libtiff 4.0.7
tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 1" and libtiff/tif_fax3.c:413:13.
local
low complexity
libtiff CWE-119
7.8
2017-03-24 CVE-2016-10270 Out-of-bounds Read vulnerability in Libtiff 4.0.7
LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 8" and libtiff/tif_read.c:523:22.
local
low complexity
libtiff CWE-125
7.8
2017-03-24 CVE-2016-10269 Out-of-bounds Read vulnerability in Libtiff 4.0.7
LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6 and 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 512" and libtiff/tif_unix.c:340:2.
local
low complexity
libtiff CWE-125
7.8
2017-03-24 CVE-2016-10268 Integer Underflow (Wrap or Wraparound) vulnerability in Libtiff 4.0.7
tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 78490" and libtiff/tif_unix.c:115:23.
local
low complexity
libtiff CWE-191
7.8
2017-03-24 CVE-2016-10267 Divide By Zero vulnerability in Libtiff 4.0.7
LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8.
local
low complexity
libtiff CWE-369
5.5
2017-03-24 CVE-2016-10266 Divide By Zero vulnerability in Libtiff 4.0.7
LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22.
local
low complexity
libtiff CWE-369
5.5
2017-03-17 CVE-2015-7313 Resource Management Errors vulnerability in Libtiff
LibTIFF allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted tiff file.
local
low complexity
libtiff CWE-399
5.5