Vulnerabilities > Libtiff > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-06 | CVE-2016-5652 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libtiff 4.0.6 An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. | 7.0 |
| 2016-12-06 | CVE-2015-8870 | Integer Overflow or Wraparound vulnerability in Libtiff Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file. | 7.4 |
| 2016-10-28 | CVE-2016-8331 | Unspecified vulnerability in Libtiff 4.0.6 An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. | 8.1 |
| 2016-10-03 | CVE-2016-3658 | Out-of-bounds Read vulnerability in Libtiff The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving the ma variable. | 7.5 |
| 2016-10-03 | CVE-2016-3634 | Out-of-bounds Read vulnerability in Libtiff The tagCompare function in tif_dirinfo.c in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to field_tag matching. | 7.5 |
| 2016-10-03 | CVE-2016-3633 | Out-of-bounds Read vulnerability in Libtiff The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the src variable. | 7.5 |
| 2016-10-03 | CVE-2016-3631 | Out-of-bounds Read vulnerability in Libtiff The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the bytecounts[] array variable. | 7.5 |
| 2016-10-03 | CVE-2016-3624 | Out-of-bounds Write vulnerability in Libtiff The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the "-v" option to -1. | 7.5 |
| 2016-10-03 | CVE-2016-3623 | Divide By Zero vulnerability in multiple products The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0. | 7.5 |
| 2016-10-03 | CVE-2016-3621 | Out-of-bounds Read vulnerability in Libtiff The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c lzw" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image. | 8.8 |