lib32-libtiff

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Library for manipulation of TIFF images (32-bit)
Version 4.0.9-1 [multilib]

Open

Group Affected Fixed Severity Status Ticket
AVG-791 4.0.9-1 High Vulnerable FS#60599
Issue Group Severity Remote Type Description
CVE-2018-18557 AVG-791 High Yes Arbitrary code execution
libtiff up to and including 4.0.9 decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size. The issue occurs because JBIGDecode() entirely...

Resolved

Group Affected Fixed Severity Status Ticket
AVG-87 4.0.7-1 4.0.8-1 Critical Fixed FS#54842
AVG-86 4.0.6-2 4.0.7-1 Critical Fixed
Issue Group Severity Remote Type Description
CVE-2016-9540 AVG-86 High Yes Arbitrary code execution
It was found that tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds heap write on tiled images with odd tile width versus image width. This has also been...
CVE-2016-9539 AVG-86 Medium Yes Information disclosure
It was found that tools/tiffcrop.c in libtiff 4.0.6 has an out-of- bounds read in readContigTilesIntoBuffer() leading to possible information disclosure.
CVE-2016-9538 AVG-86 Low Yes Denial of service
It was found that tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow.
CVE-2016-9537 AVG-86 High No Arbitrary code execution
It was found that tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers.
CVE-2016-9536 AVG-86 High No Arbitrary code execution
It was found that tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip().
CVE-2016-9535 AVG-86 High Yes Arbitrary code execution
tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode,...
CVE-2016-9534 AVG-86 High Yes Arbitrary code execution
tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. Reported as MSVR...
CVE-2016-9533 AVG-86 High Yes Arbitrary code execution
tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka "PixarLog...
CVE-2016-9532 AVG-86 Critical Yes Arbitrary code execution
Multiple uint32 overflows have been discovered that are leading to a heap buffer overflow in writeBufferToSeparateStrips(). A maliciously crafted TIFF file...
CVE-2016-9453 AVG-86 High No Arbitrary code execution
An out-of-bounds write vulnerability has been discovered caused by a memcpy call without proper bounds checks. A malicious tiff file handled by tiff2pdf...
CVE-2016-9448 AVG-86 Low Yes Denial of service
A null pointer dereference vulnerability in TIFFFetchNormalTag() occurs when values of tags with TIFF_SETGET_C16_ASCII / TIFF_SETGET_C32_ASCII access are...
CVE-2016-9297 AVG-86 Medium Yes Denial of service
A buffer read overflow has been discovered in libtiff. The function TIFFFetchNormalTag() in libtiff/tif_dirread.c did not make sure that values of tags with...
CVE-2016-9273 AVG-86 Medium Yes Denial of service
A heap buffer overflow has been discovered resulting in a read outside of the array boundaries leading to an application crash.
CVE-2016-6223 AVG-86 Medium Yes Information disclosure
An out-of-bounds read vulnerability on memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1() when stripoffset is beyond tmsize_t max value was...
CVE-2016-5875 AVG-86 Critical Yes Arbitrary code execution
There is a heap-based buffer overflow on libtiff/tif_pixarlog.c. The vulnerability allows an attacker to control the size of the allocated heap-buffer while...
CVE-2016-5652 AVG-86 High No Arbitrary code execution
An exploitable heap based buffer overflow exists in the handling of TIFF images in LibTIFF’s TIFF2PDF tool. A crafted TIFF document can lead to a heap based...
CVE-2016-5323 AVG-86 Low Yes Denial of service
When using the tiffcrop command and a crafted TIFF image, the function _TIFFFax3fill() runs without checking the value of the divisor and causes a divide by...
CVE-2016-5322 AVG-86 Medium Yes Denial of service
An out-of-bounds read vulnerability was found in the extractContigSamplesBytes() function in libtiff. A maliciously crafted TIFF file could cause the...
CVE-2016-5321 AVG-86 Medium Yes Denial of service
An out-of-bounds read vulnerability was found in the DumpModeDecode() function in libtiff. A maliciously crafted TIFF file could cause the application to...
CVE-2016-5320 AVG-86 Critical Yes Arbitrary code execution
An out-of-bounds write vulnerability was found in the PixarLogDecode() function in libtiff. A maliciously crafted TIFF file could cause the application to...
CVE-2016-5319 AVG-86 High No Arbitrary code execution
Heap-based buffer overflow vulnerability was found in tif_packbits.c in PackBitsEncode function. Memory corruption can be triggered when bmp2tiff is...
CVE-2016-5318 AVG-86 High No Arbitrary code execution
A stack-based buffer overflow vulnerability was reported in thumbnail's _TIFFVGetField() function. Memory corruption can be triggered when handling...
CVE-2016-5317 AVG-86 Critical Yes Arbitrary code execution
An out-of-bounds write vulnerability was found in the PixarLogDecode() function in libtiff. A maliciously crafted TIFF file could cause the application to...
CVE-2016-5316 AVG-86 Medium Yes Denial of service
An out-of-bounds read vulnerability was found in the PixarLogCleanup() function in libtiff. A maliciously crafted TIFF file could cause the application to...
CVE-2016-5315 AVG-86 Medium Yes Denial of service
An out-of-bounds read vulnerability was found in in the setByteArray() function inlibtiff. A maliciously crafted TIFF file could cause the application to...
CVE-2016-5314 AVG-86 High No Arbitrary code execution
A vulnerability was found in libtiff. A maliciously crafted TIFF file could cause the application to crash when using rgb2ycbcr command via an out-of-bounds...
CVE-2016-5102 AVG-86 Medium No Denial of service
A vulnerability was found in libtiff. A maliciously crafted file could cause the application to crash via buffer overflow in gif2tiff tool.
CVE-2016-3991 AVG-86 High Yes Arbitrary code execution
An out-of-bounds write caused by a heap overflow when using tiffcrop tool. The vulnerability is located in the loadImage() function of tiffcrop.c....
CVE-2016-3990 AVG-86 High Yes Arbitrary code execution
An out-of-bounds write flaw was found in libtiff v4.0.6 when using tiffcp command to handle malicious tiff file. The vulnerability exists in the function...
CVE-2016-3945 AVG-86 High No Arbitrary code execution
When libtiff's tiff2rgba handles a maliciously-crafted tiff file(width= 8388640, height=31) an illegal write happens. This vulnerability exists in the...
CVE-2016-3658 AVG-86 Medium Yes Denial of service
An out-of-bounds read vulnerability was found in the TIFFWriteDirectoryTagLongLong8Array function in the libtiff library. Using a tiffset command on a...
CVE-2016-3634 AVG-86 Medium No Denial of service
A vulnerability was found in the libtiff library. Using the tagCompare function with the thumbnail command on a maliciously crafted tiff file could cause an...
CVE-2016-3633 AVG-86 Medium No Denial of service
An out-of-bounds read vulnerability was found in the _setrow function in the libtiff library. Using a thumbnail command on a maliciously crafted image could...
CVE-2016-3632 AVG-86 High Yes Arbitrary code execution
An out-of-bounds write vulnerability was found in _TIFFVGetField function in tif_dirinfo.c, allowing attacker to cause a denial of service or code execution...
CVE-2016-3631 AVG-86 Medium No Denial of service
The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of service...
CVE-2016-3625 AVG-86 Medium No Denial of service
An out-of-bounds read vulnerability was found in tif_read.c in tiff2bw, allowing attacker to cause a denial of service via a crafted TIFF image.
CVE-2016-3624 AVG-86 High Yes Arbitrary code execution
An out-of-bounds write vulnerability was found in cvtClump function in rgb2ycybr.c, allowing attacker to cause a denial of service or possibly execute...
CVE-2016-3623 AVG-86 Low Yes Denial of service
Division by zero vulnerability was found in cvtRaster function in rgb2ycybr.c, allowing attacker to cause a denial of service via a crafted TIFF image.
CVE-2016-3622 AVG-86 Low No Denial of service
Division by zero vulnerability was found in fpAcc function in tif_predict.c in tiff2rgba, allowing attacker to cause a denial of service via a crafted TIFF image.
CVE-2016-3621 AVG-86 Low No Denial of service
The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c lzw" option is used, allows remote attackers to cause a...
CVE-2016-3620 AVG-86 Low No Denial of service
An out-of-bounds read vulnerability has been discovered in ZIPEncode function in tif_zip.c. Running bmp2tiff on a specially crafted BMP file results in an...
CVE-2016-3619 AVG-86 Medium No Denial of service
An out-of-bounds read vulnerability has been discovered in the DumpModeEncode function when handling maliciously crafted BMP files, while doing operation...
CVE-2016-3186 AVG-86 Medium No Denial of service
A buffer overflow vulnerability was reported in libtiff library, in the readextension function in the gif2tiff component. A maliciously crafted GIF file...
CVE-2016-10095 AVG-87 High No Arbitrary code execution
A stack-based buffer overflow vulnerability was found in libtiff, in the _TIFFVGetField function in tif_dir.c, when running tiffslpit on crafted tiff file.
CVE-2015-8683 AVG-86 Medium Yes Denial of service
An out-bounds-read flaw was found in the way libtiff processed CIE Lab image format files. A attacker could create a specially-crafted CIE Lab image format...
CVE-2015-8668 AVG-86 High No Arbitrary code execution
Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute...
CVE-2015-8665 AVG-86 Low Yes Denial of service
tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image.
CVE-2015-7554 AVG-87 Critical Yes Arbitrary code execution
An Invalid memory write flaw was found in libtiff in the way it parsed certain extension tags when reading TIFF format files. An attacker could use this...
CVE-2015-7313 AVG-86 Medium Yes Denial of service
A denial of service flaw was found in the way libtiff parsed certain tiff files. An attacker could use this flaw to create a specially crafted TIFF file...
CVE-2014-8130 AVG-86 Low No Denial of service
A floating point exception due to a division by zero in the tiffdither tool can be triggered with a malformed TIFF file leading to denial of service.
CVE-2014-8127 AVG-86 Medium Yes Information disclosure
LibTIFF provides support for the Tag Image File Format (TIFF), a widely used format for storing image data. It is composed of a library for working with...
CVE-2010-2596 AVG-86 Medium No Denial of service
The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2, as used in tiff2ps, allows remote attackers to cause a denial of service (assertion...

Advisories

Date Advisory Group Severity Description
18 Jul 2017 ASA-201707-18 AVG-87 Critical arbitrary code execution
25 Nov 2016 ASA-201611-27 AVG-86 Critical multiple issues