CVE-2026-46599 Excessive resource consumption in PackBits decompression in golang.org/x/image/tiff

The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image both in terms of pixel width/height and encoded size to make the decoder decode large amounts of compressed data...

PT-2026-44992

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The TIFF decoder fails to impose a limit on the size of PackBits-compressed data. This allows a maliciously crafted image, even one with small pixel dimensions a...

RLSA-2026:14929 Important: mingw-libtiff security update

The libtiff package contains a library of functions for manipulating TIFF Tagged Image File Format image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if yo...

Important: mingw-libtiff security update

The libtiff package contains a library of functions for manipulating TIFF Tagged Image File Format image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if yo...

CVE-2026-34539

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile and TIFF input can trigger a heap-buffer-overflow HBO in CTiffImg::WriteLine. The issue is observable under AddressSanitizer as an out-of-bounds heap read...

CVE-2026-33809 OOM from malicious IFD offset in golang.org/x/image/tiff

A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from specially crafted TIFF files that may cause excessive memory allocation during image...

USN-8113-1 tiff vulnerabilities

It was discovered that LibTIFF did not properly handle memory when processing certain images. An attacker could possibly use this issue to cause LibTIFF to crash, resulting in a denial of service. CVE-2025-61143 It was discovered that LibTIFF did not properly handle memory when processing malform...

MiracleLinux 7 : libtiff-4.0.3-27.el7 (AXSA:2017-1282:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-1282:01 advisory. The libtiff package contains a library of functions for manipulating TIFF Tagged Image File Format image format files. TIFF is a widely used file...

JLSEC-2025-255 A flaw was found in libtiff

A flaw was found in libtiff. Due to a memory allocation failure in tifread.c, a crafted TIFF file can lead to an abort, resulting in denial of service...

JLSEC-2025-258 A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's T...

A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

RHEL 9 : libtiff (RHSA-2025:21506)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:21506 advisory. The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: Libtiff...

RLSA-2025:20034 Important: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: LibTIFF Use-After-Free Vulnerability CVE-2025-8176 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

libtiff security update

An update is available for libtiff. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libtiff packages contain a library of functions for manipulating Tagged...

Security update for tiff

This update for tiff fixes the following issues: Update to 4.7.1: CVE-2025-8851: Fixed stack-based buffer overflow bsc1248278. CVE-2025-9900: Fixed write-what-where via TIFFReadRGBAImageOriented bsc1250413. Patch Instructions: To install this SUSE update use the SUSE recommended installation...

libtiff security update

An update is available for libtiff. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libtiff packages contain a library of functions for manipulating Tagged...

OESA-2025-2403 libtiff security update

This provides support for the Tag Image File Format TIFF, a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff...

EUVD-2023-34192

Malicious code in bioql PyPI...

K000156692: Multiple ImageMagick vulnerabilities

Security Advisory Description CVE-2016-5010 coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to cause a denial of service out-of-bounds read via a crafted TIFF file. CVE-2016-5687 The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4...

Write-what-where Condition

Overview Affected versions of this package are vulnerable to Write-what-where Condition in the TIFFReadRGBAImageOriented function while processing paletted images with malformed metadata. TIFF file. An attacker can achieve arbitrary memory write by convincing a user to open a specially crafted TI...