Vulnerabilities > Libtiff > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-22 | CVE-2017-9815 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a denial of service (memory leak within the function _TIFFmalloc in tif_unix.c) via a crafted file. | 4.3 |
| 2017-06-02 | CVE-2017-9404 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file. | 4.3 |
| 2017-06-02 | CVE-2017-9403 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file. | 4.3 |
| 2017-05-22 | CVE-2017-9147 | Out-of-bounds Read vulnerability in Libtiff 4.0.7 LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file. | 4.3 |
| 2017-05-10 | CVE-2016-10371 | Improper Input Validation vulnerability in Libtiff 4.0.6 The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file. | 4.3 |
| 2017-04-11 | CVE-2016-5322 | Out-of-bounds Read vulnerability in multiple products The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. | 4.3 |
| 2017-04-09 | CVE-2017-7602 | Integer Overflow or Wraparound vulnerability in Libtiff 4.0.7 LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. | 6.8 |
| 2017-04-09 | CVE-2017-7601 | Improper Input Validation vulnerability in Libtiff 4.0.7 LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. | 6.8 |
| 2017-04-09 | CVE-2017-7600 | Improper Input Validation vulnerability in Libtiff 4.0.7 LibTIFF 4.0.7 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. | 6.8 |
| 2017-04-09 | CVE-2017-7599 | Improper Input Validation vulnerability in Libtiff 4.0.7 LibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. | 6.8 |