libtiff

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Library for manipulation of TIFF images
Version 4.0.10-1 [extra]

Open

Group Affected Fixed Severity Status Ticket
AVG-886 4.0.10-1 4.0.10-2 Medium Vulnerable
Issue Group Severity Remote Type Description
CVE-2019-7663 AVG-886 Medium Yes Denial of service
An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the...
CVE-2019-6128 AVG-886 Medium Yes Information disclosure
The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.

Resolved

Group Affected Fixed Severity Status Ticket
AVG-816 4.0.9-1 4.0.10-1 Medium Not affected FS#60599
AVG-814 4.0.8-1 4.0.9-1 Medium Fixed
AVG-813 4.0.9-1 4.0.9-2 High Fixed
AVG-790 4.0.9-2 4.0.10-1 High Fixed FS#60599
AVG-237 4.0.7-2 4.0.7-3 Medium Fixed
AVG-85 4.0.6-2 4.0.7-1 Critical Fixed
AVG-5 4.0.8-1 4.0.8-2 Critical Fixed FS#54842
Issue Group Severity Remote Type Description
CVE-2018-8905 AVG-813 High Yes Arbitrary code execution
In LibTIFF before 4.0.10, a heap-based buffer overflow (out-of-bounds write) occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as...
CVE-2018-7456 AVG-813 Medium Yes Denial of service
A null pointer dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF before 4.0.10 when using the tiffinfo tool to print crafted...
CVE-2018-5784 AVG-813 Medium Yes Denial of service
In LibTIFF before 4.0.10, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this...
CVE-2018-18661 AVG-790 Medium Yes Denial of service
A null-pointer dereference has been found in LibTIFF before 4.0.10 in the LZWDecode() function in the file tif_lzw.c.
CVE-2018-18557 AVG-790 High Yes Arbitrary code execution
LibTIFF before 4.0.10 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode...
CVE-2018-10963 AVG-813 Medium Yes Denial of service
The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF before 4.0.10 allows remote attackers to cause a denial of service (assertion failure and...
CVE-2018-10779 AVG-816 Medium Yes Information disclosure
A heap-based out-of-bounds read has been found in libtiff before 4.0.10, in the TIFFWriteScanline() function. The issue is caused by a uint32_t overflow on...
CVE-2017-9935 AVG-790 High Yes Arbitrary code execution
In LibTIFF before 4.0.10, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to...
CVE-2017-7602 AVG-237 Medium Yes Denial of service
A security issue has been found in libtiff before 4.0.8, where a crafted TIFF file can trigger an undefined behavior in TIFFReadRawStrip1().
CVE-2017-7601 AVG-237 Medium Yes Denial of service
A security issue has been found in libtiff before 4.0.8, where a crafted TIFF file can trigger an undefined behavior (invalid shift exponent) in JPEGSetupEncode().
CVE-2017-7600 AVG-237 Medium Yes Denial of service
A security issue has been found in libtiff before 4.0.8, where a crafted TIFF file can trigger an undefined behavior.
CVE-2017-7599 AVG-237 Medium Yes Denial of service
A security issue has been found in libtiff before 4.0.8, where a crafted TIFF file can trigger an undefined behavior.
CVE-2017-7598 AVG-237 Medium Yes Denial of service
A security issue has been found in libtiff before 4.0.8, where a crafted TIFF file can trigger a division by zero in TIFFReadDirEntryCheckedRational() or...
CVE-2017-7597 AVG-237 Medium Yes Denial of service
A security issue has been found in libtiff before 4.0.8, where a crafted TIFF file can trigger an undefined behavior.
CVE-2017-7596 AVG-237 Medium Yes Denial of service
A security issue has been found in libtiff before 4.0.8, where a crafted TIFF file can trigger an undefined behavior.
CVE-2017-7595 AVG-237 Medium Yes Denial of service
A security issue has been found in libtiff before 4.0.8, where a crafted tiff image can cause a division by zero in JPEGSetupEncode(), leading to denial of service.
CVE-2017-7594 AVG-237 Medium Yes Denial of service
A security issue has been found in libtiff < 4.0.7, where a crafted tiff image can cause a memory leak in OJPEGReadHeaderInfoSecTablesAcTable().
CVE-2017-7593 AVG-237 Medium Yes Information disclosure
A security issue has been found in libtiff < 4.0.7, where a crafted tiff image can cause a unitialized-memory access in tif_rawdata(), leading to...
CVE-2017-7592 AVG-237 Medium Yes Denial of service
A security issue has been found in libtiff <= 4.0.7, where a crafted TIFF file can trigger an undefined behavior in putagreytile().
CVE-2017-18013 AVG-813 Medium Yes Denial of service
A null-pointer dereference issue has been found in libtiff before 4.0.10, in the TIFFPrintDirectory() function in tiffinfo.c, while parsing the "1 Strips: "...
CVE-2017-13726 AVG-814 Medium Yes Denial of service
There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF before 4.0.9, related to tif_dirwrite.c and a SubIFD tag. A crafted...
CVE-2017-11613 AVG-790 Medium Yes Denial of service
In LibTIFF before 4.0.10, there is a denial of service vulnerability in the TIFFOpen function triggered by resource consumption via crafted input files....
CVE-2016-9540 AVG-85 High Yes Arbitrary code execution
It was found that tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds heap write on tiled images with odd tile width versus image width. This has also been...
CVE-2016-9539 AVG-85 Medium Yes Information disclosure
It was found that tools/tiffcrop.c in libtiff 4.0.6 has an out-of- bounds read in readContigTilesIntoBuffer() leading to possible information disclosure.
CVE-2016-9538 AVG-85 Low Yes Denial of service
It was found that tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow.
CVE-2016-9537 AVG-85 High No Arbitrary code execution
It was found that tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers.
CVE-2016-9536 AVG-85 High No Arbitrary code execution
It was found that tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip().
CVE-2016-9535 AVG-85 High Yes Arbitrary code execution
tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode,...
CVE-2016-9534 AVG-85 High Yes Arbitrary code execution
tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. Reported as MSVR...
CVE-2016-9533 AVG-85 High Yes Arbitrary code execution
tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka "PixarLog...
CVE-2016-9532 AVG-85 Critical Yes Arbitrary code execution
Multiple uint32 overflows have been discovered that are leading to a heap buffer overflow in writeBufferToSeparateStrips(). A maliciously crafted TIFF file...
CVE-2016-9453 AVG-85 High No Arbitrary code execution
An out-of-bounds write vulnerability has been discovered caused by a memcpy call without proper bounds checks. A malicious tiff file handled by tiff2pdf...
CVE-2016-9448 AVG-85 Low Yes Denial of service
A null pointer dereference vulnerability in TIFFFetchNormalTag() occurs when values of tags with TIFF_SETGET_C16_ASCII / TIFF_SETGET_C32_ASCII access are...
CVE-2016-9297 AVG-85 Medium Yes Denial of service
A buffer read overflow has been discovered in libtiff. The function TIFFFetchNormalTag() in libtiff/tif_dirread.c did not make sure that values of tags with...
CVE-2016-9273 AVG-85 Medium Yes Denial of service
A heap buffer overflow has been discovered resulting in a read outside of the array boundaries leading to an application crash.
CVE-2016-6223 AVG-85 Medium Yes Information disclosure
An out-of-bounds read vulnerability on memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1() when stripoffset is beyond tmsize_t max value was...
CVE-2016-5875 AVG-85 Critical Yes Arbitrary code execution
There is a heap-based buffer overflow on libtiff/tif_pixarlog.c. The vulnerability allows an attacker to control the size of the allocated heap-buffer while...
CVE-2016-5652 AVG-85 High No Arbitrary code execution
An exploitable heap based buffer overflow exists in the handling of TIFF images in LibTIFF’s TIFF2PDF tool. A crafted TIFF document can lead to a heap based...
CVE-2016-5323 AVG-85 Low Yes Denial of service
When using the tiffcrop command and a crafted TIFF image, the function _TIFFFax3fill() runs without checking the value of the divisor and causes a divide by...
CVE-2016-5322 AVG-85 Medium Yes Denial of service
An out-of-bounds read vulnerability was found in the extractContigSamplesBytes() function in libtiff. A maliciously crafted TIFF file could cause the...
CVE-2016-5321 AVG-85 Medium Yes Denial of service
An out-of-bounds read vulnerability was found in the DumpModeDecode() function in libtiff. A maliciously crafted TIFF file could cause the application to...
CVE-2016-5320 AVG-85 Critical Yes Arbitrary code execution
An out-of-bounds write vulnerability was found in the PixarLogDecode() function in libtiff. A maliciously crafted TIFF file could cause the application to...
CVE-2016-5319 AVG-85 High No Arbitrary code execution
Heap-based buffer overflow vulnerability was found in tif_packbits.c in PackBitsEncode function. Memory corruption can be triggered when bmp2tiff is...
CVE-2016-5318 AVG-85 High No Arbitrary code execution
A stack-based buffer overflow vulnerability was reported in thumbnail's _TIFFVGetField() function. Memory corruption can be triggered when handling...
CVE-2016-5317 AVG-85 Critical Yes Arbitrary code execution
An out-of-bounds write vulnerability was found in the PixarLogDecode() function in libtiff. A maliciously crafted TIFF file could cause the application to...
CVE-2016-5316 AVG-85 Medium Yes Denial of service
An out-of-bounds read vulnerability was found in the PixarLogCleanup() function in libtiff. A maliciously crafted TIFF file could cause the application to...
CVE-2016-5315 AVG-85 Medium Yes Denial of service
An out-of-bounds read vulnerability was found in in the setByteArray() function inlibtiff. A maliciously crafted TIFF file could cause the application to...
CVE-2016-5314 AVG-85 High No Arbitrary code execution
A vulnerability was found in libtiff. A maliciously crafted TIFF file could cause the application to crash when using rgb2ycbcr command via an out-of-bounds...
CVE-2016-5102 AVG-85 Medium No Denial of service
A vulnerability was found in libtiff. A maliciously crafted file could cause the application to crash via buffer overflow in gif2tiff tool.
CVE-2016-3991 AVG-85 High Yes Arbitrary code execution
An out-of-bounds write caused by a heap overflow when using tiffcrop tool. The vulnerability is located in the loadImage() function of tiffcrop.c....
CVE-2016-3990 AVG-85 High Yes Arbitrary code execution
An out-of-bounds write flaw was found in libtiff v4.0.6 when using tiffcp command to handle malicious tiff file. The vulnerability exists in the function...
CVE-2016-3945 AVG-85 High No Arbitrary code execution
When libtiff's tiff2rgba handles a maliciously-crafted tiff file(width= 8388640, height=31) an illegal write happens. This vulnerability exists in the...
CVE-2016-3658 AVG-85 Medium Yes Denial of service
An out-of-bounds read vulnerability was found in the TIFFWriteDirectoryTagLongLong8Array function in the libtiff library. Using a tiffset command on a...
CVE-2016-3634 AVG-85 Medium No Denial of service
A vulnerability was found in the libtiff library. Using the tagCompare function with the thumbnail command on a maliciously crafted tiff file could cause an...
CVE-2016-3633 AVG-85 Medium No Denial of service
An out-of-bounds read vulnerability was found in the _setrow function in the libtiff library. Using a thumbnail command on a maliciously crafted image could...
CVE-2016-3632 AVG-85 High Yes Arbitrary code execution
An out-of-bounds write vulnerability was found in _TIFFVGetField function in tif_dirinfo.c, allowing attacker to cause a denial of service or code execution...
CVE-2016-3631 AVG-85 Medium No Denial of service
The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of service...
CVE-2016-3625 AVG-85 Medium No Denial of service
An out-of-bounds read vulnerability was found in tif_read.c in tiff2bw, allowing attacker to cause a denial of service via a crafted TIFF image.
CVE-2016-3624 AVG-85 High Yes Arbitrary code execution
An out-of-bounds write vulnerability was found in cvtClump function in rgb2ycybr.c, allowing attacker to cause a denial of service or possibly execute...
CVE-2016-3623 AVG-85 Low Yes Denial of service
Division by zero vulnerability was found in cvtRaster function in rgb2ycybr.c, allowing attacker to cause a denial of service via a crafted TIFF image.
CVE-2016-3622 AVG-85 Low No Denial of service
Division by zero vulnerability was found in fpAcc function in tif_predict.c in tiff2rgba, allowing attacker to cause a denial of service via a crafted TIFF image.
CVE-2016-3621 AVG-85 Low No Denial of service
The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c lzw" option is used, allows remote attackers to cause a...
CVE-2016-3620 AVG-85 Low No Denial of service
An out-of-bounds read vulnerability has been discovered in ZIPEncode function in tif_zip.c. Running bmp2tiff on a specially crafted BMP file results in an...
CVE-2016-3619 AVG-85 Medium No Denial of service
An out-of-bounds read vulnerability has been discovered in the DumpModeEncode function when handling maliciously crafted BMP files, while doing operation...
CVE-2016-3186 AVG-85 Medium No Denial of service
A buffer overflow vulnerability was reported in libtiff library, in the readextension function in the gif2tiff component. A maliciously crafted GIF file...
CVE-2016-10095 AVG-5 High No Arbitrary code execution
A stack-based buffer overflow vulnerability was found in libtiff, in the _TIFFVGetField function in tif_dir.c, when running tiffslpit on crafted tiff file.
CVE-2015-8683 AVG-85 Medium Yes Denial of service
An out-bounds-read flaw was found in the way libtiff processed CIE Lab image format files. A attacker could create a specially-crafted CIE Lab image format...
CVE-2015-8668 AVG-85 High No Arbitrary code execution
Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute...
CVE-2015-8665 AVG-85 Low Yes Denial of service
tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image.
CVE-2015-7554 AVG-5 Critical Yes Arbitrary code execution
An Invalid memory write flaw was found in libtiff in the way it parsed certain extension tags when reading TIFF format files. An attacker could use this...
CVE-2015-7313 AVG-85 Medium Yes Denial of service
A denial of service flaw was found in the way libtiff parsed certain tiff files. An attacker could use this flaw to create a specially crafted TIFF file...
CVE-2014-8130 AVG-85 Low No Denial of service
A floating point exception due to a division by zero in the tiffdither tool can be triggered with a malformed TIFF file leading to denial of service.
CVE-2014-8127 AVG-85 Medium Yes Information disclosure
LibTIFF provides support for the Tag Image File Format (TIFF), a widely used format for storing image data. It is composed of a library for working with...
CVE-2010-2596 AVG-85 Medium No Denial of service
The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2, as used in tiff2ps, allows remote attackers to cause a denial of service (assertion...

Advisories

Date Advisory Group Severity Description
20 Nov 2018 ASA-201811-17 AVG-790 High multiple issues
18 Jul 2017 ASA-201707-17 AVG-5 Critical arbitrary code execution
28 Apr 2017 ASA-201704-10 AVG-237 Medium multiple issues
25 Nov 2016 ASA-201611-26 AVG-85 Critical multiple issues