Vulnerabilities > Libtiff

DATE CVE VULNERABILITY TITLE RISK
2018-10-26 CVE-2018-18661 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in LibTIFF 4.0.9.
network
low complexity
libtiff canonical CWE-476
6.5
2018-10-22 CVE-2018-18557 Out-of-bounds Write vulnerability in multiple products
LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.
network
low complexity
libtiff debian canonical CWE-787
8.8
2018-09-30 CVE-2018-17795 Out-of-bounds Write vulnerability in Libtiff 4.0.9
The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935.
network
low complexity
libtiff CWE-787
8.8
2018-09-16 CVE-2018-17101 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in LibTIFF 4.0.9.
network
low complexity
debian libtiff canonical CWE-787
8.8
2018-09-16 CVE-2018-17100 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in LibTIFF 4.0.9.
network
low complexity
debian libtiff canonical CWE-190
8.8
2018-09-13 CVE-2018-17000 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction) in LibTIFF 4.0.9 allows an attacker to cause a denial-of-service through a crafted tiff file.
network
low complexity
libtiff debian canonical CWE-476
6.5
2018-09-02 CVE-2018-16335 Out-of-bounds Write vulnerability in multiple products
newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf.
network
low complexity
libtiff debian CWE-787
8.8
2018-08-08 CVE-2018-15209 Out-of-bounds Write vulnerability in multiple products
ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf.
network
low complexity
libtiff debian CWE-787
8.8
2018-06-26 CVE-2018-12900 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.
network
low complexity
libtiff canonical CWE-787
8.8
2018-05-10 CVE-2018-10963 Reachable Assertion vulnerability in multiple products
The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726.
network
low complexity
libtiff debian canonical CWE-617
6.5