Libtiff@4.0.7 Security Vulnerabilities and Issues — Libtiff@4.0.7 CVE List

Lucene search

LibtiffLibtiff4.0.7

30 matches found

CVE•added 2023/05/09 4:15 p.m.•290 views

CVE-2023-30086

Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c.

5.5CVSS5.1AI score0.00063EPSS

CVE•added 2017/03/01 3:59 p.m.•138 views

CVE-2016-10095

Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7 and 4.0.8 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file.

5.5CVSS5.8AI score0.00349EPSS

CVE•added 2017/01/12 11:59 a.m.•134 views

CVE-2017-5225

LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value.

9.8CVSS8AI score0.0098EPSS

Web

CVE•added 2017/04/09 2:59 p.m.•129 views

CVE-2017-7596

LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

7.8CVSS7.2AI score0.00363EPSS

CVE•added 2017/04/09 2:59 p.m.•124 views

CVE-2017-7594

The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image.

5.5CVSS5.8AI score0.00441EPSS

CVE•added 2017/04/09 2:59 p.m.•124 views

CVE-2017-7598

tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.

7.8CVSS6.4AI score0.00699EPSS

CVE•added 2017/04/09 2:59 p.m.•123 views

CVE-2017-7595

The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.

5.5CVSS5.8AI score0.00433EPSS

CVE•added 2017/04/09 2:59 p.m.•121 views

CVE-2017-7592

The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

7.8CVSS7.2AI score0.00351EPSS

CVE•added 2017/04/09 2:59 p.m.•118 views

CVE-2017-7593

tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image.

5.5CVSS5.8AI score0.00361EPSS

CVE•added 2017/04/09 2:59 p.m.•117 views

CVE-2017-7601

LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

7.8CVSS7.2AI score0.00515EPSS

CVE•added 2017/06/02 7:29 p.m.•115 views

CVE-2017-9404

In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file.

6.5CVSS6.2AI score0.00962EPSS

CVE•added 2017/03/24 7:59 p.m.•113 views

CVE-2016-10270

LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 8" and libtiff/tif_read.c:523:22.

7.8CVSS7.3AI score0.00342EPSS

CVE•added 2017/04/09 2:59 p.m.•111 views

CVE-2017-7602

LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

7.8CVSS7.2AI score0.00515EPSS

CVE•added 2017/03/24 7:59 p.m.•101 views

CVE-2016-10266

LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22.

5.5CVSS5.8AI score0.00551EPSS

CVE•added 2017/03/24 7:59 p.m.•100 views

CVE-2016-10267

LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8.

5.5CVSS5.9AI score0.00413EPSS

CVE•added 2017/03/01 3:59 p.m.•97 views

CVE-2016-10092

Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impac...

7.8CVSS7.8AI score0.02091EPSS

CVE•added 2017/06/02 7:29 p.m.•97 views

CVE-2017-9403

In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.

6.5CVSS6.2AI score0.00962EPSS

CVE•added 2017/04/09 2:59 p.m.•94 views

CVE-2017-7599

LibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

7.8CVSS7.2AI score0.00309EPSS

CVE•added 2017/04/09 2:59 p.m.•93 views

CVE-2017-7597

tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

7.8CVSS7.2AI score0.00363EPSS

CVE•added 2017/05/22 6:29 p.m.•93 views

CVE-2017-9147

LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file.

6.5CVSS6.3AI score0.04347EPSS

Web

CVE•added 2017/05/21 7:29 p.m.•92 views

CVE-2017-9117

In LibTIFF 4.0.6 and possibly other versions, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, as demonstrated by a heap-based buffer over-read in bmp2tiff. NOTE: mentioning bmp2tiff does not imply that the activat...

9.8CVSS6.8AI score0.00098EPSS

CVE•added 2017/04/09 2:59 p.m.•91 views

CVE-2017-7600

LibTIFF 4.0.7 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

7.8CVSS7.2AI score0.00354EPSS

CVE•added 2017/03/01 3:59 p.m.•85 views

CVE-2016-10093

Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image, which triggers a heap-base...

7.8CVSS7.8AI score0.00986EPSS

CVE•added 2017/03/24 7:59 p.m.•81 views

CVE-2016-10269

LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6 and 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of ...

7.8CVSS7.3AI score0.00572EPSS

CVE•added 2017/03/01 3:59 p.m.•80 views

CVE-2016-10094

Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image.

7.8CVSS7.5AI score0.0049EPSS

CVE•added 2017/01/23 7:59 a.m.•70 views

CVE-2017-5563

LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff.

8.8CVSS8.1AI score0.00457EPSS

CVE•added 2017/03/24 7:59 p.m.•69 views

CVE-2016-10272

LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "WRITE of size 2048" and libtiff/tif_next.c:64:9.

7.8CVSS7.3AI score0.00486EPSS

CVE•added 2017/03/24 7:59 p.m.•63 views

CVE-2016-10268

tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 78490" and libtiff/tif_unix.c:115:23.

7.8CVSS7.3AI score0.00338EPSS

CVE•added 2017/03/24 7:59 p.m.•58 views

CVE-2016-10271

tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 1" and libtiff/tif_fax3.c:413:13.

7.8CVSS7.2AI score0.00419EPSS

CVE•added 2017/06/22 3:29 p.m.•49 views

CVE-2017-9815

In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a denial of service (memory leak within the function _TIFFmalloc in tif_unix.c) via a crafted file.

6.5CVSS6.2AI score0.00467EPSS