Buffer Access with Incorrect Length Value

Overview Affected versions of this package are vulnerable to Buffer Access with Incorrect Length Value via the readSeparateStripsIntoBuffer function in tiffcrop component. A process can crash on malformed TIFF directory that triggers a stack overflow. Remediation Upgrade libtiff to version 4.7.1 ...

JLSEC-2025-274 Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via ...

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010...

SUSE-SU-2025:3989-1 Security update for tiff

This update for tiff fixes the following issues: - CVE-2025-8851: Fixed stack-based buffer overflow vulnerability in tools/tiffcrop.c function readSeparateStripsIntoBuffer by implementing additional error handling bsc1248278...

Memory Corruption

libtiff.so is vulnerable to memory corruption. The vulnerability is due to improper handling in the May function of tiffcrop.c within the tiffcrop component, which allows an attacker to exploit it locally leading to memory corruption...

CVE-2025-8851

A stack based buffer overflow flaw has been discovered in libTIFF. An attacker with local access may be able to craft input to the readSeparateStripsetoBuffer function in the file tools/tiffcrop.c that triggers this flaw. This issue could allow an attacker to achieve local code execution in the...

The vulnerability of the tiffcrop utility in the libtiff library, which allows a hacker to cause a service failure.

The vulnerability of the tiffcrop tool exists due to insufficient validation of input data. Exploiting this vulnerability could allow a hacker to cause service failures...

SUSE CVE-2022-3597

LibTIFF 4.4.0 has an out-of-bounds write in TIFFmemcpy in libtiff/tifunix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit...

libtiff: heap buffer overflow in extractImageSection

A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other...

UBUNTU-CVE-2022-3570

Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact...

UBUNTU-CVE-2022-3598

LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b...

LibTIFF 缓冲区错误漏洞

LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains a number of command line tools for processing TIFF files.LibTIFF suffers from a buffer overflow vulnerability that stems from an out-of-bounds write in extractContigSamplesShifted24bits in...

LibTIFF tools/tiffcrop.c out-of-bounds write buffer overflow vulnerability

Silicon Graphics LibTIFF is a library for reading and writing TIFF Tagged Image File Format files from Silicon Graphics, USA. The library contains a number of command-line tools for processing TIFF files. A security vulnerability exists in libtiff version 4.0.6 in tools/tiffcrop.c, which can be...