Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-05-07	CVE-2018-10779	Out-of-bounds Read vulnerability in multiple products TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff. network libtiff canonical CWE-125	4.3
2018-04-21	CVE-2018-10126	NULL Pointer Dereference vulnerability in Libtiff 4.0.9 LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c. network low complexity libtiff CWE-476	6.5
2018-03-12	CVE-2016-5314	Out-of-bounds Write vulnerability in multiple products Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr. network libtiff opensuse redhat debian CWE-787	6.8
2018-03-12	CVE-2014-8130	Divide By Zero vulnerability in multiple products The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither. network libtiff redhat apple CWE-369	4.3
2018-02-24	CVE-2018-7456	NULL Pointer Dereference vulnerability in multiple products A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. network libtiff debian canonical CWE-476	4.3
2018-01-19	CVE-2018-5784	Resource Exhaustion vulnerability in multiple products In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. network libtiff debian canonical CWE-400	4.3
2018-01-14	CVE-2018-5360	Out-of-bounds Read vulnerability in multiple products LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27. network libtiff graphicsmagick CWE-125	6.8
2018-01-01	CVE-2017-18013	NULL Pointer Dereference vulnerability in Libtiff 4.0.9 In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash. network libtiff CWE-476	4.3
2017-12-28	CVE-2017-17942	Out-of-bounds Read vulnerability in Libtiff 4.0.9 In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c. network libtiff CWE-125	6.8
2017-12-02	CVE-2017-17095	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libtiff 4.0.9 tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file. network libtiff CWE-119	6.8