Vulnerabilities > Libtiff > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-08-31 CVE-2022-2520 Incorrect Calculation of Buffer Size vulnerability in multiple products
A flaw was found in libtiff 4.4.0rc1.
network
low complexity
libtiff debian CWE-131
6.5
6.5
2022-08-31 CVE-2022-2521 Release of Invalid Pointer or Reference vulnerability in multiple products
It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input.
network
low complexity
libtiff debian CWE-763
6.5
6.5
2022-08-29 CVE-2022-2953 Out-of-bounds Read vulnerability in multiple products
LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file.
local
low complexity
libtiff netapp debian CWE-125
5.5
5.5
2022-08-17 CVE-2022-2867 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write.
local
low complexity
libtiff fedoraproject debian CWE-191
5.5
5.5
2022-08-17 CVE-2022-2868 Improper Validation of Specified Quantity in Input vulnerability in multiple products
libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop.
local
low complexity
libtiff fedoraproject debian CWE-1284
5.5
5.5
2022-08-17 CVE-2022-2869 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine.
local
low complexity
libtiff fedoraproject debian CWE-191
5.5
5.5
2022-07-29 CVE-2022-34526 Out-of-bounds Write vulnerability in multiple products
A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0.
network
low complexity
libtiff fedoraproject netapp debian CWE-787
6.5
6.5
2022-07-19 CVE-2022-34266 Use of Uninitialized Resource vulnerability in Libtiff 4.0.335
The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 allows attackers to cause a denial of service (application crash), a different vulnerability than CVE-2022-0562.
local
low complexity
libtiff CWE-908
5.5
5.5
2022-06-30 CVE-2022-2056 Divide By Zero vulnerability in multiple products
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file.
network
low complexity
libtiff netapp fedoraproject debian CWE-369
6.5
6.5
2022-06-30 CVE-2022-2057 Divide By Zero vulnerability in multiple products
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file.
network
low complexity
libtiff netapp fedoraproject debian CWE-369
6.5
6.5