Vulnerabilities > Libtiff
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-07-02 | CVE-2010-2596 | Improper Input Validation vulnerability in Libtiff 3.9.0/3.9.2 The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2, as used in tiff2ps, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF image, related to "downsampled OJPEG input." | 4.3 |
2010-07-02 | CVE-2010-2595 | Improper Input Validation vulnerability in Libtiff 3.9.0/3.9.2 The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to "downsampled OJPEG input." | 4.3 |
2010-06-24 | CVE-2010-2443 | Unspecified vulnerability in Libtiff The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an OJPEG image with undefined strip offsets, related to the TIFFVGetField function. | 5.0 |
2010-06-24 | CVE-2010-2065 | Numeric Errors vulnerability in Libtiff Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF file that triggers a buffer overflow. | 6.8 |
2009-07-14 | CVE-2009-2347 | Numeric Errors vulnerability in Libtiff Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr. | 9.3 |
2009-07-01 | CVE-2009-2285 | Buffer Errors vulnerability in Libtiff 3.8.2 Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327. | 4.3 |
2008-08-27 | CVE-2008-2327 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libtiff Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code. | 6.8 |
2006-08-03 | CVE-2006-3465 | Denial of Service vulnerability in LibTIFF Library Anonymous Field Merging Unspecified vulnerability in the custom tag support for the TIFF library (libtiff) before 3.8.2 allows remote attackers to cause a denial of service (instability or crash) and execute arbitrary code via unknown vectors. | 7.5 |
2006-08-03 | CVE-2006-3464 | Numeric Errors vulnerability in Libtiff TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecified vectors involving "unchecked arithmetic operations". | 7.5 |
2006-08-03 | CVE-2006-3463 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libtiff The EstimateStripByteCounts function in TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, which allows context-dependent attackers to cause a denial of service via a large td_nstrips value, which triggers an infinite loop. | 7.8 |