libtiff

A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp...

A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file...

LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.

Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file.

A division by zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file.

Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to...

Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file.

A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds...

Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file.

Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead...

Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could...

An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the...

The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.

A null-pointer dereference has been found in LibTIFF before 4.0.10 in the LZWDecode() function in the file tif_lzw.c.

LibTIFF before 4.0.10 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode...

The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF before 4.0.10 allows remote attackers to cause a denial of service (assertion failure and...

A heap-based out-of-bounds read has been found in libtiff before 4.0.10, in the TIFFWriteScanline() function. The issue is caused by a uint32_t overflow on...

In LibTIFF before 4.0.10, a heap-based buffer overflow (out-of-bounds write) occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as...

A null pointer dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF before 4.0.10 when using the tiffinfo tool to print crafted...

In LibTIFF before 4.0.10, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this...

A null-pointer dereference issue has been found in libtiff before 4.0.10, in the TIFFPrintDirectory() function in tiffinfo.c, while parsing the "1 Strips: "...

There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF before 4.0.9, related to tif_dirwrite.c and a SubIFD tag. A crafted...

In LibTIFF before 4.0.10, there is a denial of service vulnerability in the TIFFOpen function triggered by resource consumption via crafted input files....

In LibTIFF before 4.0.10, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to...

A security issue has been found in libtiff before 4.0.8, where a crafted TIFF file can trigger an undefined behavior in TIFFReadRawStrip1().

A security issue has been found in libtiff before 4.0.8, where a crafted TIFF file can trigger an undefined behavior (invalid shift exponent) in JPEGSetupEncode().

A security issue has been found in libtiff before 4.0.8, where a crafted TIFF file can trigger an undefined behavior.

A security issue has been found in libtiff before 4.0.8, where a crafted TIFF file can trigger an undefined behavior.

A security issue has been found in libtiff before 4.0.8, where a crafted TIFF file can trigger a division by zero in TIFFReadDirEntryCheckedRational() or...

A security issue has been found in libtiff before 4.0.8, where a crafted TIFF file can trigger an undefined behavior.

A security issue has been found in libtiff before 4.0.8, where a crafted TIFF file can trigger an undefined behavior.

A security issue has been found in libtiff before 4.0.8, where a crafted tiff image can cause a division by zero in JPEGSetupEncode(), leading to denial of service.

A security issue has been found in libtiff < 4.0.7, where a crafted tiff image can cause a memory leak in OJPEGReadHeaderInfoSecTablesAcTable().

A security issue has been found in libtiff < 4.0.7, where a crafted tiff image can cause a unitialized-memory access in tif_rawdata(), leading to...

A security issue has been found in libtiff <= 4.0.7, where a crafted TIFF file can trigger an undefined behavior in putagreytile().

A stack-based buffer overflow vulnerability was found in libtiff, in the _TIFFVGetField function in tif_dir.c, when running tiffslpit on crafted tiff file.

It was found that tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds heap write on tiled images with odd tile width versus image width. This has also been...

It was found that tools/tiffcrop.c in libtiff 4.0.6 has an out-of- bounds read in readContigTilesIntoBuffer() leading to possible information disclosure.

It was found that tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow.

It was found that tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers.

It was found that tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip().

tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode,...

tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. Reported as MSVR...

tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka "PixarLog...

Multiple uint32 overflows have been discovered that are leading to a heap buffer overflow in writeBufferToSeparateStrips(). A maliciously crafted TIFF file...

An out-of-bounds write vulnerability has been discovered caused by a memcpy call without proper bounds checks. A malicious tiff file handled by tiff2pdf...

A null pointer dereference vulnerability in TIFFFetchNormalTag() occurs when values of tags with TIFF_SETGET_C16_ASCII / TIFF_SETGET_C32_ASCII access are...

A buffer read overflow has been discovered in libtiff. The function TIFFFetchNormalTag() in libtiff/tif_dirread.c did not make sure that values of tags with...

A heap buffer overflow has been discovered resulting in a read outside of the array boundaries leading to an application crash.

An out-of-bounds read vulnerability on memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1() when stripoffset is beyond tmsize_t max value was...

There is a heap-based buffer overflow on libtiff/tif_pixarlog.c. The vulnerability allows an attacker to control the size of the allocated heap-buffer while...

An exploitable heap based buffer overflow exists in the handling of TIFF images in LibTIFF’s TIFF2PDF tool. A crafted TIFF document can lead to a heap based...

When using the tiffcrop command and a crafted TIFF image, the function _TIFFFax3fill() runs without checking the value of the divisor and causes a divide by...

An out-of-bounds read vulnerability was found in the extractContigSamplesBytes() function in libtiff. A maliciously crafted TIFF file could cause the...

An out-of-bounds read vulnerability was found in the DumpModeDecode() function in libtiff. A maliciously crafted TIFF file could cause the application to...

An out-of-bounds write vulnerability was found in the PixarLogDecode() function in libtiff. A maliciously crafted TIFF file could cause the application to...

Heap-based buffer overflow vulnerability was found in tif_packbits.c in PackBitsEncode function. Memory corruption can be triggered when bmp2tiff is...

A stack-based buffer overflow vulnerability was reported in thumbnail's _TIFFVGetField() function. Memory corruption can be triggered when handling...

An out-of-bounds write vulnerability was found in the PixarLogDecode() function in libtiff. A maliciously crafted TIFF file could cause the application to...

An out-of-bounds read vulnerability was found in the PixarLogCleanup() function in libtiff. A maliciously crafted TIFF file could cause the application to...

An out-of-bounds read vulnerability was found in in the setByteArray() function inlibtiff. A maliciously crafted TIFF file could cause the application to...

A vulnerability was found in libtiff. A maliciously crafted TIFF file could cause the application to crash when using rgb2ycbcr command via an out-of-bounds...

A vulnerability was found in libtiff. A maliciously crafted file could cause the application to crash via buffer overflow in gif2tiff tool.

An out-of-bounds write caused by a heap overflow when using tiffcrop tool. The vulnerability is located in the loadImage() function of tiffcrop.c....

An out-of-bounds write flaw was found in libtiff v4.0.6 when using tiffcp command to handle malicious tiff file. The vulnerability exists in the function...

When libtiff's tiff2rgba handles a maliciously-crafted tiff file(width= 8388640, height=31) an illegal write happens. This vulnerability exists in the...

An out-of-bounds read vulnerability was found in the TIFFWriteDirectoryTagLongLong8Array function in the libtiff library. Using a tiffset command on a...

A vulnerability was found in the libtiff library. Using the tagCompare function with the thumbnail command on a maliciously crafted tiff file could cause an...

An out-of-bounds read vulnerability was found in the _setrow function in the libtiff library. Using a thumbnail command on a maliciously crafted image could...

An out-of-bounds write vulnerability was found in _TIFFVGetField function in tif_dirinfo.c, allowing attacker to cause a denial of service or code execution...

The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of service...

An out-of-bounds read vulnerability was found in tif_read.c in tiff2bw, allowing attacker to cause a denial of service via a crafted TIFF image.

An out-of-bounds write vulnerability was found in cvtClump function in rgb2ycybr.c, allowing attacker to cause a denial of service or possibly execute...

Division by zero vulnerability was found in cvtRaster function in rgb2ycybr.c, allowing attacker to cause a denial of service via a crafted TIFF image.

Division by zero vulnerability was found in fpAcc function in tif_predict.c in tiff2rgba, allowing attacker to cause a denial of service via a crafted TIFF image.

The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c lzw" option is used, allows remote attackers to cause a...

An out-of-bounds read vulnerability has been discovered in ZIPEncode function in tif_zip.c. Running bmp2tiff on a specially crafted BMP file results in an...

An out-of-bounds read vulnerability has been discovered in the DumpModeEncode function when handling maliciously crafted BMP files, while doing operation...

A buffer overflow vulnerability was reported in libtiff library, in the readextension function in the gif2tiff component. A maliciously crafted GIF file...

An out-bounds-read flaw was found in the way libtiff processed CIE Lab image format files. A attacker could create a specially-crafted CIE Lab image format...

Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute...

tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image.

An Invalid memory write flaw was found in libtiff in the way it parsed certain extension tags when reading TIFF format files. An attacker could use this...

A denial of service flaw was found in the way libtiff parsed certain tiff files. An attacker could use this flaw to create a specially crafted TIFF file...

A floating point exception due to a division by zero in the tiffdither tool can be triggered with a malformed TIFF file leading to denial of service.

LibTIFF provides support for the Tag Image File Format (TIFF), a widely used format for storing image data. It is composed of a library for working with...

The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2, as used in tiff2ps, allows remote attackers to cause a denial of service (assertion...