Vulnerabilities > Libtiff

DATE CVE VULNERABILITY TITLE RISK
2017-01-06 CVE-2016-5652 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libtiff 4.0.6
An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool.
local
high complexity
libtiff CWE-119
7.0
2016-12-06 CVE-2015-8870 Integer Overflow or Wraparound vulnerability in Libtiff
Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file.
network
high complexity
libtiff CWE-190
7.4
2016-11-22 CVE-2016-9540 Out-of-bounds Write vulnerability in Libtiff 4.0.6
tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width.
network
low complexity
libtiff CWE-787
critical
9.8
2016-11-22 CVE-2016-9539 Out-of-bounds Read vulnerability in Libtiff 4.0.6
tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer().
network
low complexity
libtiff CWE-125
critical
9.8
2016-11-22 CVE-2016-9538 Integer Overflow or Wraparound vulnerability in Libtiff 4.0.6
tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow.
network
low complexity
libtiff CWE-190
critical
9.8
2016-11-22 CVE-2016-9537 Out-of-bounds Write vulnerability in Libtiff 4.0.6
tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers.
network
low complexity
libtiff CWE-787
critical
9.8
2016-11-22 CVE-2016-9536 Out-of-bounds Write vulnerability in Libtiff 4.0.6
tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip().
network
low complexity
libtiff CWE-787
critical
9.8
2016-11-22 CVE-2016-9535 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libtiff 4.0.6
tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling.
network
low complexity
libtiff CWE-119
critical
9.8
2016-11-22 CVE-2016-9534 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libtiff 4.0.6
tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members.
network
low complexity
libtiff CWE-119
critical
9.8
2016-11-22 CVE-2016-9533 Out-of-bounds Write vulnerability in Libtiff 4.0.6
tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers.
network
low complexity
libtiff CWE-787
critical
9.8