6586 matches found
CVE-2026-33582 Apache Answer: Uploading specially crafted TIFF files causes an Out-of-Memory error
Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. A crafted TIFF image could trigger excessive memory allocation during image decoding, allowing an authenticated user to cause the server process to crash. Users are...
CVE-2026-33582 Apache Answer: Uploading specially crafted TIFF files causes an Out-of-Memory error
Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. A crafted TIFF image could trigger excessive memory allocation during image decoding, allowing an authenticated user to cause the server process to crash. Users are...
Adobe Acrobat Reader DC TIF File Parsing Integer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...
PT-2026-47715
Name of the Vulnerable Software and Affected Versions Apache Answer versions prior to 2.0.1 Description An unrestricted upload of files with dangerous types allows an authenticated user to cause a server process crash. This occurs when a crafted TIFF image triggers excessive memory allocation...
CVE-2026-46599
A flaw was found in the golang.org/x/image/tiff package's TIFF decoder. This vulnerability occurs because the decoder does not properly limit the size of PackBits-compressed data. A remote attacker could exploit this by providing a maliciously-crafted image, leading to the decoder processing...
CVE-2026-5755
Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.2, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate the TIFF IFD offset in the image header before allocating memory, which allows authenticated users with file upload or posting permissions to cause a denial of service serve...
MiracleLinux 8 : compat-libtiff3-3.9.4-15.el8_10 (AXSA:2026-739:01)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2026-739:01 advisory. libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing CVE-2026-4775 Tenable has extracted the...
Ubuntu 14.04 LTS / 16.04 LTS : GDAL vulnerability (USN-8345-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8345-1 advisory. It was discovered that the vendored LibTIFF in GDAL incorrectly handled memory when parsing malformed TIFF image metadata. An attacker could possibly...
Linux Distros Unpatched Vulnerability : CVE-2026-46599
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image both in ter...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of limits on the size of PackBits-compressed data during decompression. An attacker can cause excessive resource consumption by submitting a specially crafted image...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of limits on the size of PackBits-compressed data during decompression. An attacker can cause excessive resource consumption by submitting a specially crafted image...
DEBIAN-CVE-2026-46599
The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image both in terms of pixel width/height and encoded size to make the decoder decode large amounts of compressed data...
CVE-2026-46599
The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image both in terms of pixel width/height and encoded size to make the decoder decode large amounts of compressed data...
CVE-2026-46599
The CVE-2026-46599 entry corresponds to excessive resource consumption in the TIFF PackBits decompression in golang.org/x/image/tiff. The root cause is that the TIFF decoder does not place a limit on the size of PackBits-compressed data, enabling a malicious image (even small in dimensions) to dr...
CVE-2026-46599 Excessive resource consumption in PackBits decompression in golang.org/x/image/tiff
The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image both in terms of pixel width/height and encoded size to make the decoder decode large amounts of compressed data...
GO-2026-5032 Excessive resource consumption in PackBits decompression in golang.org/x/image/tiff
The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image both in terms of pixel width/height and encoded size to make the decoder decode large amounts of compressed data...
RLSA-2026:19150 Important: libtiff security update
The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing CVE-2026-4775 For more details about the security issues,...
RLSA-2026:20585 Important: compat-libtiff3 security update
The libtiff3 package provides libtiff 3, an older version of libtiff library for manipulating TIFF Tagged Image File Format image format files. This version should be used only if you are unable to use the current version of libtiff. Security Fixes: libtiff: libtiff: Arbitrary code execution or...
Autodesk 3ds Max 2026.x < 2026.1 / 2027.x < 2027.1 Multiple Vulnerabilities (ADSK-SA-2026-0006)
The version of Autodesk 3ds Max installed on the remote Windows host is 2026.x prior to 2026.1 or 2027.x prior to 2027.1. It is, therefore, affected by multiple vulnerabilities: - A maliciously crafted TIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability....
RockyLinux 8 : compat-libtiff3 (RLSA-2026:20585)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:20585 advisory. libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing CVE-2026-4775 Tenable has extracted the...