Vulnerabilities > Libtiff > High

DATE CVE VULNERABILITY TITLE RISK
2018-03-22 CVE-2018-8905 Out-of-bounds Write vulnerability in multiple products
In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.
network
low complexity
libtiff debian canonical redhat CWE-787
8.8
8.8
2018-03-12 CVE-2014-8129 Out-of-bounds Write vulnerability in multiple products
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c.
network
low complexity
libtiff debian redhat apple CWE-787
8.8
8.8
2017-12-29 CVE-2017-17973 Use After Free vulnerability in Libtiff 4.0.8
In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c.
network
low complexity
libtiff CWE-416
8.8
8.8
2017-05-21 CVE-2017-9117 Out-of-bounds Read vulnerability in multiple products
In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff.
network
low complexity
libtiff canonical CWE-125
7.5
7.5
2017-01-12 CVE-2017-5225 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libtiff 4.0.7
LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value.
network
low complexity
libtiff CWE-119
7.5
7.5
2016-11-22 CVE-2016-9540 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libtiff 4.0.6
tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width.
network
low complexity
libtiff CWE-119
7.5
7.5
2016-11-22 CVE-2016-9539 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libtiff 4.0.6
tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer().
network
low complexity
libtiff CWE-119
7.5
7.5
2016-11-22 CVE-2016-9538 Integer Overflow or Wraparound vulnerability in Libtiff 4.0.6
tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow.
network
low complexity
libtiff CWE-190
7.5
7.5
2016-11-22 CVE-2016-9537 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libtiff 4.0.6
tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers.
network
low complexity
libtiff CWE-119
7.5
7.5
2016-11-22 CVE-2016-9536 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libtiff 4.0.6
tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip().
network
low complexity
libtiff CWE-119
7.5
7.5