15 matches found
libtiff: LibTIFF Use-After-Free Vulnerability
A flaw was found in libtiff. The gethistogram function in file/tiffmedian.c exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial o...
libtiff: LibTIFF Use-After-Free Vulnerability
A flaw was found in libtiff. The gethistogram function in file/tiffmedian.c exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial o...
libtiff: LibTIFF Use-After-Free Vulnerability
A flaw was found in libtiff. The gethistogram function in file/tiffmedian.c exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial o...
libtiff: LibTIFF Use-After-Free Vulnerability
A flaw was found in libtiff. The gethistogram function in file/tiffmedian.c exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial o...
CLSA-2025-1758823373 libtiff: Fix of 2 CVEs
CVE-2025-8176: fix use after free vulnerability in gethistogram function that prevents proper scanline reading and processing in tools/tiffmedian.c - CVE-2025-8177: fix array overflow in thumbnail generation that could cause buffer overflow when processing malformed TIFF files in tools/thumbnail....
LibTIFF tiffmedian.c get_histogram use after free
...
Amazon Linux 2 : libtiff (ALAS-2025-2965)
The version of libtiff installed on the remote host is prior to 4.0.3-35. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2965 advisory. A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the functi...
Linux Distros Unpatched Vulnerability : CVE-2025-8176
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function gethistogram of the file...
Use After Free
libtiff.so is vulnerable to Use After Free. The vulnerability is due to improper memory handling in the gethistogram function of tools/tiffmedian.c, which can be exploited locally to execute arbitrary code...
SUSE CVE-2025-8176
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function gethistogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the publi...
AZL-65981 CVE-2025-8176 affecting package libtiff for versions less than 4.6.0-8
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function gethistogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the publi...
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free in the gethistogram function when processing a specially crafted TIFF file. An attacker can cause memory corruption, causing a denial of service and potentially impacting confidentiality and integrity, by supplying a...
SUSE CVE-2018-18409
A stack-based buffer over-read exists in setbit at iptree.h of TCPFLOW 1.5.0, due to received incorrect values causing incorrect computation, leading to denial of service during an addresshistogram call or a gethistogram call...
TCPFLOW Stack Buffer Overflow Vulnerability
TCPFLOW is a network monitoring tool that records TCP sessions. A stack buffer overflow vulnerability exists in the 'setbit' function of the iptree.h file in TCPFLOW version 1.5.0, which originates from a program receiving an incorrect value, which results in a computation error. An attacker can...
ALPINE-CVE-2018-18409
A stack-based buffer over-read exists in setbit at iptree.h of TCPFLOW 1.5.0, due to received incorrect values causing incorrect computation, leading to denial of service during an addresshistogram call or a gethistogram call...