AVG-85

Package libtiff
Status Fixed
Severity Critical
Type multiple issues
Affected 4.0.6-2
Fixed 4.0.7-1
Current 4.0.9-1 [extra]
Ticket None
Created Wed Nov 23 19:00:47 2016
Issue Severity Remote Type Description
CVE-2016-9540 High Yes Arbitrary code execution
It was found that tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds heap write on tiled images with odd tile width versus image width. This has also been...
CVE-2016-9539 Medium Yes Information disclosure
It was found that tools/tiffcrop.c in libtiff 4.0.6 has an out-of- bounds read in readContigTilesIntoBuffer() leading to possible information disclosure.
CVE-2016-9538 Low Yes Denial of service
It was found that tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow.
CVE-2016-9537 High No Arbitrary code execution
It was found that tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers.
CVE-2016-9536 High No Arbitrary code execution
It was found that tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip().
CVE-2016-9535 High Yes Arbitrary code execution
tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode,...
CVE-2016-9534 High Yes Arbitrary code execution
tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. Reported as MSVR...
CVE-2016-9533 High Yes Arbitrary code execution
tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka "PixarLog...
CVE-2016-9532 Critical Yes Arbitrary code execution
Multiple uint32 overflows have been discovered that are leading to a heap buffer overflow in writeBufferToSeparateStrips(). A maliciously crafted TIFF file...
CVE-2016-9453 High No Arbitrary code execution
An out-of-bounds write vulnerability has been discovered caused by a memcpy call without proper bounds checks. A malicious tiff file handled by tiff2pdf...
CVE-2016-9448 Low Yes Denial of service
A null pointer dereference vulnerability in TIFFFetchNormalTag() occurs when values of tags with TIFF_SETGET_C16_ASCII / TIFF_SETGET_C32_ASCII access are...
CVE-2016-9297 Medium Yes Denial of service
A buffer read overflow has been discovered in libtiff. The function TIFFFetchNormalTag() in libtiff/tif_dirread.c did not make sure that values of tags with...
CVE-2016-9273 Medium Yes Denial of service
A heap buffer overflow has been discovered resulting in a read outside of the array boundaries leading to an application crash.
CVE-2016-6223 Medium Yes Information disclosure
An out-of-bounds read vulnerability on memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1() when stripoffset is beyond tmsize_t max value was...
CVE-2016-5875 Critical Yes Arbitrary code execution
There is a heap-based buffer overflow on libtiff/tif_pixarlog.c. The vulnerability allows an attacker to control the size of the allocated heap-buffer while...
CVE-2016-5652 High No Arbitrary code execution
An exploitable heap based buffer overflow exists in the handling of TIFF images in LibTIFF’s TIFF2PDF tool. A crafted TIFF document can lead to a heap based...
CVE-2016-5323 Low Yes Denial of service
When using the tiffcrop command and a crafted TIFF image, the function _TIFFFax3fill() runs without checking the value of the divisor and causes a divide by...
CVE-2016-5322 Medium Yes Denial of service
An out-of-bounds read vulnerability was found in the extractContigSamplesBytes() function in libtiff. A maliciously crafted TIFF file could cause the...
CVE-2016-5321 Medium Yes Denial of service
An out-of-bounds read vulnerability was found in the DumpModeDecode() function in libtiff. A maliciously crafted TIFF file could cause the application to...
CVE-2016-5320 Critical Yes Arbitrary code execution
An out-of-bounds write vulnerability was found in the PixarLogDecode() function in libtiff. A maliciously crafted TIFF file could cause the application to...
CVE-2016-5319 High No Arbitrary code execution
Heap-based buffer overflow vulnerability was found in tif_packbits.c in PackBitsEncode function. Memory corruption can be triggered when bmp2tiff is...
CVE-2016-5318 High No Arbitrary code execution
A stack-based buffer overflow vulnerability was reported in thumbnail's _TIFFVGetField() function. Memory corruption can be triggered when handling...
CVE-2016-5317 Critical Yes Arbitrary code execution
An out-of-bounds write vulnerability was found in the PixarLogDecode() function in libtiff. A maliciously crafted TIFF file could cause the application to...
CVE-2016-5316 Medium Yes Denial of service
An out-of-bounds read vulnerability was found in the PixarLogCleanup() function in libtiff. A maliciously crafted TIFF file could cause the application to...
CVE-2016-5315 Medium Yes Denial of service
An out-of-bounds read vulnerability was found in in the setByteArray() function inlibtiff. A maliciously crafted TIFF file could cause the application to...
CVE-2016-5314 High No Arbitrary code execution
A vulnerability was found in libtiff. A maliciously crafted TIFF file could cause the application to crash when using rgb2ycbcr command via an out-of-bounds...
CVE-2016-5102 Medium No Denial of service
A vulnerability was found in libtiff. A maliciously crafted file could cause the application to crash via buffer overflow in gif2tiff tool.
CVE-2016-3991 High Yes Arbitrary code execution
An out-of-bounds write caused by a heap overflow when using tiffcrop tool. The vulnerability is located in the loadImage() function of tiffcrop.c....
CVE-2016-3990 High Yes Arbitrary code execution
An out-of-bounds write flaw was found in libtiff v4.0.6 when using tiffcp command to handle malicious tiff file. The vulnerability exists in the function...
CVE-2016-3945 High No Arbitrary code execution
When libtiff's tiff2rgba handles a maliciously-crafted tiff file(width= 8388640, height=31) an illegal write happens. This vulnerability exists in the...
CVE-2016-3658 Medium Yes Denial of service
An out-of-bounds read vulnerability was found in the TIFFWriteDirectoryTagLongLong8Array function in the libtiff library. Using a tiffset command on a...
CVE-2016-3634 Medium No Denial of service
A vulnerability was found in the libtiff library. Using the tagCompare function with the thumbnail command on a maliciously crafted tiff file could cause an...
CVE-2016-3633 Medium No Denial of service
An out-of-bounds read vulnerability was found in the _setrow function in the libtiff library. Using a thumbnail command on a maliciously crafted image could...
CVE-2016-3632 High Yes Arbitrary code execution
An out-of-bounds write vulnerability was found in _TIFFVGetField function in tif_dirinfo.c, allowing attacker to cause a denial of service or code execution...
CVE-2016-3631 Medium No Denial of service
The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of service...
CVE-2016-3625 Medium No Denial of service
An out-of-bounds read vulnerability was found in tif_read.c in tiff2bw, allowing attacker to cause a denial of service via a crafted TIFF image.
CVE-2016-3624 High Yes Arbitrary code execution
An out-of-bounds write vulnerability was found in cvtClump function in rgb2ycybr.c, allowing attacker to cause a denial of service or possibly execute...
CVE-2016-3623 Low Yes Denial of service
Division by zero vulnerability was found in cvtRaster function in rgb2ycybr.c, allowing attacker to cause a denial of service via a crafted TIFF image.
CVE-2016-3622 Low No Denial of service
Division by zero vulnerability was found in fpAcc function in tif_predict.c in tiff2rgba, allowing attacker to cause a denial of service via a crafted TIFF image.
CVE-2016-3621 Low No Denial of service
The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c lzw" option is used, allows remote attackers to cause a...
CVE-2016-3620 Low No Denial of service
An out-of-bounds read vulnerability has been discovered in ZIPEncode function in tif_zip.c. Running bmp2tiff on a specially crafted BMP file results in an...
CVE-2016-3619 Medium No Denial of service
An out-of-bounds read vulnerability has been discovered in the DumpModeEncode function when handling maliciously crafted BMP files, while doing operation...
CVE-2016-3186 Medium No Denial of service
A buffer overflow vulnerability was reported in libtiff library, in the readextension function in the gif2tiff component. A maliciously crafted GIF file...
CVE-2015-8683 Medium Yes Denial of service
An out-bounds-read flaw was found in the way libtiff processed CIE Lab image format files. A attacker could create a specially-crafted CIE Lab image format...
CVE-2015-8668 High No Arbitrary code execution
Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute...
CVE-2015-8665 Low Yes Denial of service
tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image.
CVE-2015-7313 Medium Yes Denial of service
A denial of service flaw was found in the way libtiff parsed certain tiff files. An attacker could use this flaw to create a specially crafted TIFF file...
CVE-2014-8130 Low No Denial of service
A floating point exception due to a division by zero in the tiffdither tool can be triggered with a malformed TIFF file leading to denial of service.
CVE-2014-8127 Medium Yes Information disclosure
LibTIFF provides support for the Tag Image File Format (TIFF), a widely used format for storing image data. It is composed of a library for working with...
CVE-2010-2596 Medium No Denial of service
The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2, as used in tiff2ps, allows remote attackers to cause a denial of service (assertion...
Date Advisory Package Description
25 Nov 2016 ASA-201611-26 libtiff multiple issues
References
http://www.simplesystems.org/libtiff/v4.0.7.html