CVE-2026-46599 Excessive resource consumption in PackBits decompression in golang.org/x/image/tiff

The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image both in terms of pixel width/height and encoded size to make the decoder decode large amounts of compressed data...

RLSA-2026:19363 Important: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing CVE-2026-4775 For more details about the security issues,...

libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing

A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations,...

Astra Linux - уязвимость в exiv2

In Exiv2 0.26, there is a null pointer dereference in the Exiv2::DataValue::toLong function located in value.cpp. This issue is related to crafted metadata in a TIFF file...

Important: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing CVE-2026-4775 For more details about the security issues,...

RLSA-2026:12271 Important: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing CVE-2026-4775 For more details about the security issues,...

RHEL 10 : libtiff (RHSA-2026:7304)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:7304 advisory. The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: Segment fault in...

CVE-2026-5342 LibRaw TIFF/NEF decoders_libraw.cpp nikon_load_padded_packed_raw out-of-bounds

A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikonloadpaddedpackedraw of the file src/decoders/decoderslibraw.cpp of the component TIFF/NEF. Executing a manipulation of the argument loadflags/rawwidth can lead to out-of-bounds read. It is possible to launch the...

CVE-2026-33809

A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error...

EUVD-2026-14467

XnSoft NConvert 7.230 is vulnerable to Stack Buffer Overrun via a crafted .tiff file...

JLSEC-2025-306 loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a craft...

loadImage in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image...

libtiff: TIFFRasterScanlineSize64 produce too-big size and could cause OOM

An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64 API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB...

DEBIAN-CVE-2025-9900

A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controll...

Linux Distros Unpatched Vulnerability : CVE-2023-36308

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - disintegration Imaging 1.6.2 allows attackers to cause a panic because of an integer index out of range during a Grayscale call via a crafted TIFF file to the...

Linux Distros Unpatched Vulnerability : CVE-2024-28566

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer Overflow vulnerability in open source FreeImage v.3.19.0 r1909 allows a local attacker to execute arbitrary code via the AssignPixel function when readin...

Heap-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

[SECURITY] Fedora 42 Update: libtiff-4.7.0-6.fc42

The libtiff package contains a library of functions for manipulating TIFF Tagged Image File Format image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if yo...

DEBIAN-CVE-2024-28568

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 r1909 allows a local attacker to cause a denial of service DoS via the readiptcprofile function when reading images in TIFF format...

DEBIAN-CVE-2024-28566

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 r1909 allows a local attacker to execute arbitrary code via the AssignPixel function when reading images in TIFF format...

UBUNTU-CVE-2023-3576

A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denia...