Vulnerabilities > Libtiff

DATE CVE VULNERABILITY TITLE RISK
2017-01-23 CVE-2017-5563 Out-of-bounds Read vulnerability in Libtiff 4.0.7
LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff.
network
low complexity
libtiff CWE-125
8.8
2017-01-20 CVE-2016-5323 Divide By Zero vulnerability in multiple products
The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image.
network
low complexity
libtiff opensuse CWE-369
7.5
2017-01-20 CVE-2016-5321 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image.
network
low complexity
opensuse libtiff CWE-119
6.5
2017-01-20 CVE-2016-5319 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libtiff
Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file.
network
low complexity
libtiff CWE-119
6.5
2017-01-20 CVE-2016-5318 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libtiff
Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff.
network
low complexity
libtiff CWE-119
6.5
2017-01-20 CVE-2016-5317 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file.
network
low complexity
libtiff opensuse-project opensuse CWE-119
6.5
2017-01-20 CVE-2016-5316 Out-of-bounds Read vulnerability in multiple products
Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool.
network
low complexity
libtiff opensuse-project opensuse CWE-125
6.5
2017-01-18 CVE-2016-9297 Out-of-bounds Read vulnerability in Libtiff 4.0.6
The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values.
network
low complexity
libtiff CWE-125
7.5
2017-01-18 CVE-2016-9273 Out-of-bounds Read vulnerability in Libtiff 4.0.6
tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode.
local
low complexity
libtiff CWE-125
5.5
2017-01-12 CVE-2017-5225 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libtiff 4.0.7
LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value.
network
low complexity
libtiff CWE-119
critical
9.8