12 matches found
Security update for tiff
This update for tiff fixes the following issues: CVE-2025-9165: local execution manipulation leading to memory leak bsc1248330. CVE-2025-8534: null pointer dereference in function PSLvl2page bsc1247582. CVE-2025-8961: segmentation fault via main function of tiffcrop utility bsc1248117. Patch...
Memory Corruption
libtiff.so is vulnerable to memory corruption. The vulnerability is due to improper handling in the May function of tiffcrop.c within the tiffcrop component, which allows an attacker to exploit it locally leading to memory corruption...
Medium: compat-libtiff3
Issue Overview: A vulnerability was determined in LibTIFF up to 4.5.1. Affected by this issue is the function readSeparateStripsetoBuffer of the file tools/tiffcrop.c of the component tiffcrop. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack...
Amazon Linux 2 : compat-libtiff3, --advisory ALAS2-2025-2986 (ALAS-2025-2986)
The version of compat-libtiff3 installed on the remote host is prior to 3.9.4-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2986 advisory. A vulnerability was determined in LibTIFF up to 4.5.1. Affected by this issue is the function readSeparateStripsetoBuffer ...
CVE-2025-8961
LibTIFF 4.7.0 contains a local-only memory corruption vulnerability in tiffcrop.c (function main) that attackers can exploit via crafted TIFF files; a public exploit is available. Multiple advisories confirm patches in newer libtiff packages across distros (e.g., ALAS2-2025-3039, ALAS2025-1212, A...
PT-2025-33266
Name of the Vulnerable Software and Affected Versions: LibTIFF version 4.7.0 Description: A memory corruption issue was identified in the tiffcrop.c component, specifically within the May function. The issue can be triggered locally. The exploit has been publicly disclosed. Recommendations: At th...
ALPINE-CVE-2023-0798
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e...
PT-2023-5350 · Libtiff +8 · Libtiff +8
Name of the Vulnerable Software and Affected Versions: LibTIFF version 4.4.0 Description: The issue is related to an out-of-bounds read in the tiffcrop function, specifically in libtiff/tif unix.c:368, which can be invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921. This allows attackers ...
PT-2022-6484 · Libtiff +9 · Libtiff +9
Name of the Vulnerable Software and Affected Versions: libtiff version 4.4.0 Description: The issue is related to a Divide By Zero error in the tiffcrop function of libtiff, which can be exploited by attackers to cause a denial-of-service via a crafted tiff file. This can be achieved by a remote...
PT-2022-6477 · Libtiff +9 · Libtiff +9
Name of the Vulnerable Software and Affected Versions: libtiff version 4.4.0 Description: The issue is related to a Divide By Zero error in the tiffcrop function of the LibTIFF library. This error can be exploited by a remote attacker to cause a denial-of-service using a specially crafted tiff...
PT-2022-4800 · Libtiff +4 · Libtiff +4
Name of the Vulnerable Software and Affected Versions: libtiff version 4.3.0 Description: The issue is related to errors in pointer dereferencing, allowing a remote attacker to cause a denial-of-service using a specially crafted tiff file. This can be achieved through the tiffcrop function in...
UBUNTU-CVE-2016-9532
Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service out-of-bounds read via a crafted tif file...