19 matches found
EUVD-2026-40151
A flaw was found in libtiff. A remote attacker could exploit this vulnerability by providing a specially crafted PixarLog-compressed TIFF image. This issue occurs when decoding Pixarlog codec images with the PIXARLOGDATAFMT8BITABGR output format and a specific stride value, leading to a heap-base...
PT-2026-29396
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a null-pointer dereference NPD in CIccTagLut16::Write can be triggered when processing a crafted ICC profile embedded in a TIFF and extracted during iccTiffDump. This issue has...
OESA-2025-2401 libtiff security update
This provides support for the Tag Image File Format TIFF, a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff...
OESA-2025-2400 libtiff security update
This provides support for the Tag Image File Format TIFF, a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff...
The vulnerability of the TIFF Image development platform QNX SDP allows attackers to disclose protected information.
The vulnerability of the TIFF Image development platform QNX SDP is related to an off-by-one error. Exploiting this vulnerability can allow a remote attacker to disclose sensitive information that is protected by the system’s security measures...
Debian: Security Advisory (DLA-3513-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-221-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OESA-2022-1669 libtiff security update
This libtiff provides support for the Tag Image File Format TIFF, a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libti...
OESA-2022-1586 libtiff security update
This provides support for the Tag Image File Format TIFF, a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff...
libTIFF: Denial of service
Background The TIFF library contains encoding and decoding routines for the Tag Image File Format. It is called by numerous programs, including GNOME and KDE applications, to interpret TIFF images. Description Please review the CVE identifier referenced below for details. Impact Please review the...
Memory Corruption Vulnerability in Nikon ViewNX-i in Japan
Nikon is a famous camera manufacturer in Japan.ViewNX-i is an image processing software from Nikon. A memory corruption vulnerability exists in Nikon ViewNX-i when processing TIFF images. An attacker can cause the program to crash by constructing a malformed TIFF image, which if successfully...
libTIFF: Multiple vulnerabilities
Background The TIFF library contains encoding and decoding routines for the Tag Image File Format. It is called by numerous programs, including GNOME and KDE applications, to interpret TIFF images. Description Multiple vulnerabilities have been discovered in LibTIFF. Please review the referenced...
The vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat, allow attackers to execute arbitrary code.
The vulnerability in the PDF file rendering engine of programs like Adobe Reader, Document Cloud, and Adobe Acrobat lies in the execution of code outside of the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by parsing TIFF files remotely...
libtiff: TIFFFlushData1 heap-buffer-overflow
tifwrite.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1 that didn't reset the tifrawcc and tifrawcp members. Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow."...
Silicon Graphics LibTiff 'extractContigSamplesBytes' Function Denial of Service Vulnerability
Silicon Graphics LibTiff is a library for reading and writing TIFF files. A security vulnerability in the 'extractContigSamplesBytes' function of Silicon Graphics LibTiff allows remote attackers to exploit the vulnerability to construct special TIFF images that can be tricked into being parsed by...
Debian Security Advisory DSA 2965-1 (tiff - security update)
Murray McAllister discovered a heap-based buffer overflow in the gif2tiff command line tool. Executing gif2tiff on a malicious tiff image could result in arbitrary code execution. OpenVAS Vulnerability Test $Id: deb2965.nasl 6692 2017-07-12 09:57:43Z teissa $ Auto-generated from advisory DSA 2965...
(gif2tiff): GIF LZW decoder missing datasize value check
Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service out-of-bounds write via a crafted 1 extension block in a GIF image or 2 GIF raster image to tools/gif2tiff.c or 3 a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are...
Debian Security Advisory DSA 2744-1 (tiff - several vulnerabilities)
Pedro Ribeiro and Huzaifa S. Sidhpurwala discovered multiple vulnerabilities in various tools shipped by the tiff library. Processing a malformed file may lead to denial of service or the execution of arbitrary code. OpenVAS Vulnerability Test $Id: deb2744.nasl 6611 2017-07-07 12:07:20Z cfischer ...
security flaw
Integer overflow in 1 tifdirread.c and 2 tiffax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFFASCII or TIFFUNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow...