Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of limits on the size of PackBits-compressed data during decompression. An attacker can cause excessive resource consumption by submitting a specially crafted image...

CVE-2026-5755

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.2, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate the TIFF IFD offset in the image header before allocating memory, which allows authenticated users with file upload or posting permissions to cause a denial of service serve...

CVE-2026-5755 Denial of service via crafted TIFF file upload

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.2, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate the TIFF IFD offset in the image header before allocating memory, which allows authenticated users with file upload or posting permissions to cause a denial of service serve...

CVE-2026-5755

CVE-2026-5755 affects Mattermost releases 11.6.x up to 11.6.0, 11.5.x up to 11.5.2/11.5.3, 11.4.x up to 11.4.4, and 10.11.x up to 10.11.14. The issue arises from failure to validate the TIFF IFD offset in the image header before memory allocation, allowing authenticated users with file upload or ...

EUVD-2026-31427

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.2, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate the TIFF IFD offset in the image header before allocating memory, which allows authenticated users with file upload or posting permissions to cause a denial of service serve...

mingw-libtiff security update

An update is available for mingw-libtiff. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libtiff package contains a library of functions for manipulating TI...

Astra Linux - уязвимость в tiff

A null source pointer passed as an argument to the memcopy function within TIFFReadDirectory in tifdirread.c in libtiff versions from 4.0 to 4.3.0 could lead to a Denial of Service attack through a crafted TIFF file. For users who compile libtiff from source code, a fix is available in the commit...

Astra Linux - уязвимость в tiff

A flaw was discovered in Libtiff. This vulnerability operates under the “write-what-where” condition, and is triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file’s metadata, an attacker can trick the library into...

CVE-2026-34539

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile and TIFF input can trigger a heap-buffer-overflow HBO in CTiffImg::WriteLine. The issue is observable under AddressSanitizer as an out-of-bounds heap read...

SUSE CVE-2026-33809

A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error...

Linux Distros Unpatched Vulnerability : CVE-2026-33809

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an...

CVE-2026-31797

ICCDev contains a heap out-of-bounds read in CTiffImg::ReadLine() that can occur when iccApplyProfiles processes a crafted TIFF image, leading to memory disclosure or crash. Affected versions are prior to 2.3.1.5; the vulnerability is fixed in 2.3.1.5. The CVSS-based impact is low confidentiality...

CVE-2026-31797 iccDEV has a heap out-of-bounds read in CTiffImg::ReadLine()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CTiffImg::ReadLine when iccApplyProfiles processes a crafted TIFF image, causing memory disclosure or crash. This vulnerability is fixed in 2.3.1.5...

CVE-2026-31797

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CTiffImg::ReadLine when iccApplyProfiles processes a crafted TIFF image, causing memory disclosure or crash. This vulnerability is fixed in 2.3.1.5...

MiracleLinux 8 : python-pillow-5.1.1-16.el8 (AXSA:2021-2760:01)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-2760:01 advisory. python-pillow: Out-of-bounds read in J2K image reader CVE-2021-25287 python-pillow: Out-of-bounds read in J2K image reader CVE-2021-25288...

MiracleLinux 3 : libtiff-3.8.2-7.4.1AXS3 (AXSA:2009-380:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2009-380:01 advisory. The libtiff package contains a library of functions for manipulating TIFF Tagged Image File Format image format files. TIFF is a widely used file...

MiracleLinux 3 : libtiff-3.8.2-7.6.0.1.AXS3 (AXSA:2011-76:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-76:01 advisory. The libtiff package contains a library of functions for manipulating TIFF Tagged Image File Format image format files. TIFF is a widely used file format for...

MiracleLinux 4 : libtiff-3.9.4-1.AXS4.1 (AXSA:2011-77:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-77:01 advisory. The libtiff package contains a library of functions for manipulating TIFF Tagged Image File Format image format files. TIFF is a widely used file format for...

CVE-2011-0194

Integer overflow in ImageIO in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted TIFF image with JPEG encoding...

CVE-2026-21495

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to division by zero in the TIFF Image Reader. This issue has been patched in version 2.3.1.2...