CVE-2026-34546

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted TIFF input can trigger Undefined Behavior UB due to division by zero in the TIFF handling code paths used by iccTiffDump. This issue has been patched in version 2.3.1.6...

CVE-2026-34546

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted TIFF input can trigger Undefined Behavior UB due to division by zero in the TIFF handling code paths used by iccTiffDump. This issue has been patched in version 2.3.1.6...

CVE-2026-34539

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile and TIFF input can trigger a heap-buffer-overflow HBO in CTiffImg::WriteLine. The issue is observable under AddressSanitizer as an out-of-bounds heap read...

CVE-2026-34546 iccDEV: UB at TiffImg.h

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted TIFF input can trigger Undefined Behavior UB due to division by zero in the TIFF handling code paths used by iccTiffDump. This issue has been patched in version 2.3.1.6...

CVE-2026-34546

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted TIFF input can trigger Undefined Behavior UB due to division by zero in the TIFF handling code paths used by iccTiffDump. This issue has been patched in version 2.3.1.6...

CVE-2026-34546

iccDEV vulnerability CVE-2026-34546 affects iccTiffDump in TIFF handling prior to version 2.3.1.6, where crafted TIFF input can trigger Undefined Behavior via division by zero. Root cause is division by zero in TIFF code paths. The issue is fixed in 2.3.1.6. No exploitation details are provided i...

CVE-2026-34539

Summary of CVE-2026-34539 iccDEV’s ICC color management library is affected prior to version 2.3.1.6. A crafted ICC profile together with a malicious TIFF input can trigger a heap-buffer-overflow in CTiffImg::WriteLine(), observed as an out-of-bounds heap read under AddressSanitizer while running...

EUVD-2026-17703

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile and TIFF input can trigger a heap-buffer-overflow HBO in CTiffImg::WriteLine. The issue is observable under AddressSanitizer as an out-of-bounds heap read...

UBUNTU-CVE-2025-29769

libvips is a demand-driven, horizontally threaded image processing library. The heifsave operation could incorrectly determine the presence of an alpha channel in an input when it was not possible to determine the colour interpretation, known internally within libvips as "multiband". There aren't...

The vulnerability of the TIFFInput::read_native_scanlines() function in the src/tiff.imageio/tiffinput.cpp module of the OpenImageIO library allows an attacker to compromise the integrity and accessibility of the protected information.

The vulnerability of the TIFFInput::readnativescanlines function in the src/tiff.imageio/tiffinput.cpp module of the OpenImageIO library is related to integer overflow. Exploiting this vulnerability could allow an attacker to compromise the integrity and accessibility of the protected information...

The vulnerability of the TIFFInput::read_native_tile() function in the src/tiff.imageio/tiffinput.cpp module of the OpenImageIO library allows a attacker to cause a service failure.

The vulnerability of the TIFFInput::readnativetile function in the src/tiff.imageio/tiffinput.cpp module of the OpenImageIO library is related to improper memory allocation. Exploiting this vulnerability may allow an attacker to cause a service failure...

Important: libtiff

Issue Overview: An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB. CVE-2023-6277 Affected Packages: libtiff Issue Correction: Run dnf update libtiff...

Important: compat-libtiff3

Issue Overview: An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB. CVE-2023-6277 Affected Packages: compat-libtiff3 Note: This advisory is applicable to...

AZL-34953 CVE-2023-6277 affecting package libtiff for versions less than 4.6.0-3

An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB...

UBUNTU-CVE-2023-6277

An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB...

Pillow TIFF Input Validation Error Vulnerability

Pillow is a Python based image processing library. An input validation error vulnerability exists in the libImaging/TiffDecode.c file in versions of Pillow prior to 6.2.2, which stems from the program failing to properly allocate memory. A remote attacker could exploit this vulnerability to crash...