Vulnerabilities > Libtiff

DATE CVE VULNERABILITY TITLE RISK
2021-03-09 CVE-2020-35523 An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file.
local
low complexity
libtiff debian netapp redhat
7.8
2021-03-09 CVE-2020-35522 In LibTIFF, there is a memory malloc failure in tif_pixarlog.c.
local
low complexity
libtiff netapp fedoraproject redhat
5.5
2021-03-09 CVE-2020-35521 A flaw was found in libtiff.
local
low complexity
libtiff redhat fedoraproject netapp
5.5
2020-02-12 CVE-2014-8128 Out-of-bounds Write vulnerability in Libtiff
LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image.
network
low complexity
libtiff CWE-787
6.5
2019-10-14 CVE-2019-17546 Integer Overflow or Wraparound vulnerability in multiple products
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.
network
low complexity
libtiff osgeo CWE-190
8.8
2019-08-14 CVE-2019-14973 Integer Overflow or Wraparound vulnerability in multiple products
_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards.
network
low complexity
libtiff debian fedoraproject opensuse CWE-190
6.5
2019-03-21 CVE-2017-16232 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c.
network
low complexity
libtiff opensuse suse CWE-772
7.5
2019-02-09 CVE-2019-7663 An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c.
network
low complexity
libtiff debian canonical opensuse
6.5
2019-01-11 CVE-2019-6128 Memory Leak vulnerability in multiple products
The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.
network
low complexity
libtiff canonical opensuse debian CWE-401
8.8
2018-11-12 CVE-2018-19210 NULL Pointer Dereference vulnerability in multiple products
In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset.
network
low complexity
libtiff debian canonical CWE-476
6.5