pkg:Debian/tiff
340 total CVEsCRITICAL13HIGH85MEDIUM153LOW1
✅ Check your installed version
All known vulnerabilities
- CRITICAL9.8CVE-2017-9117In LibTIFF 4.0.6 and possibly other versions, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-in…from 0, < 4.0.7-1
- CRITICAL9.8CVE-2017-5225LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerS…from 0, < 4.0.7-5
- CRITICAL9.8CVE-2016-9540tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width.from 0, < 4.0.7-1
- CRITICAL9.8CVE-2016-9539tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer().from 0, < 4.0.7-1
- CRITICAL9.8CVE-2016-9538tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow.from 0, < 4.0.7-1
- CRITICAL9.8CVE-2016-9537tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers.from 0, < 4.0.7-1
- CRITICAL9.8CVE-2016-9536tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip().from 0, < 4.0.7-1
- CRITICAL9.8CVE-2016-9535tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in…from 0, < 4.0.7-1
- CRITICAL9.8CVE-2016-9534tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members.from 0, < 4.0.7-1
- CRITICAL9.8CVE-2016-9533tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers.from 0, < 4.0.7-1
- CRITICAL9.8CVE-2015-8668Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attac…from 0, < 4.0.6-3
- from 0, < 4.0.7-7
- CRITICAL9.1CVE-2016-6223The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of ser…from 0, < 4.0.6-2
- from 0, < 4.5.0-6+deb12u3
- from 0, < 4.2.0-1+deb11u7
- HIGH8.8CVE-2023-25434libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215.from 0, < 4.2.0-1+deb11u4
- from 0, < 4.2.0-1+deb11u3
- from 0, < 4.0.10+git190818-1
- HIGH8.8CVE-2019-6128The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.from 0, < 4.0.10-4
- HIGH8.8CVE-2018-18557LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta,…from 0, < 4.0.9+git181026-1
- HIGH8.8CVE-2018-17795The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buff…from 0, < 4.0.9-2
- from 0, < 4.0.9+git181026-1
- from 0, < 4.0.3-12.3+deb8u7
- from 0, < 4.0.9+git181026-1
- HIGH8.8CVE-2018-16335newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service…from 0, < 4.0.9-5
- HIGH8.8CVE-2018-15209ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer ove…from 0, < 4.0.9-5
- from 0, < 4.0.10-4
- from 0, < 4.0.8-2+deb9u5
- from 0, < 4.0.2-6+deb7u20
- from 0, < 4.0.9-6
- HIGH8.8CVE-2016-5314Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of…from 0, < 4.0.6-2
- HIGH8.8CVE-2014-8129LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a cr…from 0, < 4.0.3-12.1
- HIGH8.8CVE-2018-5360LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function i…from 0, < 4.0.6-3
- HIGH8.8CVE-2017-17942In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c.from 0, < 4.0.6-3
- from 0, < 4.0.3-12.3+deb8u10
- from 0, < 4.0.9-5
- from 0, < 4.0.2-6+deb7u16
- from 0, < 4.0.3-12.3+deb8u5
- from 0, < 4.0.8-4
- from 0, < 4.0.2-6+deb7u17
- from 0, < 4.0.9-2
- HIGH8.8CVE-2017-5563LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp imag…from 0, < 4.0.7-1
- HIGH8.8CVE-2016-3621The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c lzw" option is used, allows remote atta…from 0, < 4.0.6-3
- HIGH8.1CVE-2016-8331An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6.from 0, < 4.0.6-3
- from 0, < 4.2.0-1+deb11u8
- from 0
- from 0
- HIGH7.8CVE-2020-35524A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool.from 0, < 4.1.0+git201212-1
- from 0, < 4.1.0+git201212-1
- from 0, < 4.1.0+git191117-2~deb10u2
- from 0, < 4.0.8-2+deb9u6
- HIGH7.8CVE-2017-7602LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibl…from 0, < 4.0.7-6
- HIGH7.8CVE-2017-7601LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a…from 0, < 4.0.7-6
- HIGH7.8CVE-2017-7600LibTIFF 4.0.7 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote a…from 0, < 4.0.7-6
- HIGH7.8CVE-2017-7599LibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers…from 0, < 4.0.7-6
- HIGH7.8CVE-2017-7598tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a…from 0, < 4.0.7-6
- HIGH7.8CVE-2017-7597tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow…from 0, < 4.0.7-6
- HIGH7.8CVE-2017-7596LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers…from 0, < 4.0.7-6
- from 0, < 4.0.2-6+deb7u12
- from 0, < 4.0.7-6
- HIGH7.8CVE-2016-10272LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact v…from 0, < 4.0.7-2
- HIGH7.8CVE-2016-10271tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or…from 0, < 4.0.7-2
- HIGH7.8CVE-2016-10270LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact…from 0, < 4.0.7-2
- HIGH7.8CVE-2016-10269LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6 and 4.0.7 allows remo…from 0, < 4.0.7-2
- HIGH7.8CVE-2016-10268tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) o…from 0, < 4.0.7-2
- HIGH7.8CVE-2016-10094Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have unspecif…from 0, < 4.0.7-4
- HIGH7.8CVE-2016-10093Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7,…from 0, < 4.0.7-2
- from 0, < 4.0.7-2
- from 0, < 4.0.2-6+deb7u9
- from 0, < 4.0.3-12.3+deb8u2
- HIGH7.8CVE-2016-9453The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash) o…from 0, < 4.0.6-3
- from 0, < 4.0.2-6+deb7u6
- from 0, < 4.0.7-1
- HIGH7.8CVE-2016-3990Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to…from 0, < 4.0.7-1
- HIGH7.8CVE-2016-3945Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -…from 0, < 4.0.7-1
- HIGH7.8CVE-2016-3632The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-boun…from 0, < 4.0.6-3
- from 0, < 4.2.0-1+deb11u6
- HIGH7.5CVE-2023-52356A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API.from 0, < 4.2.0-1+deb11u6
- HIGH7.5CVE-2023-52355An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API.from 0
- HIGH7.5CVE-2020-19131Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcro…from 0, < 4.0.10+git190814-1
- HIGH7.5CVE-2017-16232LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonst…from 0
- HIGH7.5CVE-2017-12944The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attacke…from 0, < 4.0.8-6
- from 0, < 4.0.3-12.3+deb8u4
- from 0, < 4.0.2-6+deb7u15
- from 0, < 4.0.8-3
- HIGH7.5CVE-2016-5323The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and appli…from 0, < 4.0.6-2
- HIGH7.5CVE-2016-9297The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF…from 0, < 4.0.7-1
- HIGH7.5CVE-2016-3658The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers…from 0, < 4.0.6-3
- HIGH7.5CVE-2016-3634The tagCompare function in tif_dirinfo.c in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of se…from 0, < 4.0.6-3
- HIGH7.5CVE-2016-3633The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds…from 0, < 4.0.6-3
- HIGH7.5CVE-2016-3631The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of s…from 0, < 4.0.6-3
- HIGH7.5CVE-2016-3624The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bound…from 0, < 4.0.6-3
- HIGH7.5CVE-2016-3623The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v…from 0, < 4.0.6-3
- HIGH7.5CVE-2016-3620The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c zip" option is used, allows remote atta…from 0, < 4.0.6-3
- HIGH7.4CVE-2015-8870Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-r…from 0, < 4.0.3-12
- HIGH7.3CVE-2025-61144libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function.from 0
- HIGH7.1CVE-2022-0891A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or…from 0, < 4.2.0-1+deb11u1
- HIGH7.0CVE-2016-5652An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool.from 0, < 4.0.6-3
- from 0
- MEDIUM6.5CVE-2023-41175A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c.from 0, < 4.2.0-1+deb11u5
- from 0, < 4.2.0-1+deb11u5
- MEDIUM6.5CVE-2022-40090An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF f…from 0
- from 0, < 4.2.0-1+deb11u6
- MEDIUM6.5CVE-2023-3316A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissi…from 0, < 4.2.0-1+deb11u6
- MEDIUM6.5CVE-2022-3627LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:68…from 0, < 4.2.0-1+deb11u3
- MEDIUM6.5CVE-2022-3626LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:…from 0, < 4.2.0-1+deb11u3
- MEDIUM6.5CVE-2022-3599LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via…from 0, < 4.2.0-1+deb11u3
- MEDIUM6.5CVE-2022-3598LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denia…from 0, < 4.2.0-1+deb11u3
- MEDIUM6.5CVE-2022-3597LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:68…from 0, < 4.2.0-1+deb11u3
- MEDIUM6.5CVE-2022-2521It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:252…from 0, < 4.2.0-1+deb11u3
- from 0, < 4.2.0-1+deb11u3
- MEDIUM6.5CVE-2022-2519There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1from 0, < 4.2.0-1+deb11u3
- MEDIUM6.5CVE-2022-34526A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0.from 0, < 4.2.0-1+deb11u3
- MEDIUM6.5CVE-2022-2058Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file.from 0, < 4.2.0-1+deb11u3
- MEDIUM6.5CVE-2022-2057Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file.from 0, < 4.2.0-1+deb11u3
- MEDIUM6.5CVE-2022-2056Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file.from 0, < 4.2.0-1+deb11u3
- from 0
- MEDIUM6.5CVE-2022-0865Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file.from 0, < 4.2.0-1+deb11u1
- MEDIUM6.5CVE-2020-19144Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'in _TIFFmemcpy' funtion in the component 'tif_uni…from 0, < 4.0.10+git190814-1
- from 0, < 4.1.0+git191117-2~deb10u3
- from 0, < 4.1.0+git201212-1
- from 0, < 4.0.3-12.3
- from 0, < 3.9.4-5+squeeze12
- from 0, < 4.0.2-6+deb7u7
- from 0, < 4.1.0+git191117-2~deb10u1
- from 0, < 4.0.10+git190814-1
- from 0, < 4.0.3-12.3+deb8u9
- MEDIUM6.5CVE-2019-7663An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecti…from 0, < 4.0.10-4
- MEDIUM6.5CVE-2018-19210In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of…from 0, < 4.0.10-4
- from 0, < 4.0.10-1
- from 0, < 4.0.10-4
- from 0, < 4.0.3-12.3+deb8u8
- MEDIUM6.5CVE-2018-10963The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (asser…from 0, < 4.0.9-6
- MEDIUM6.5CVE-2018-10801TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory leaks, as demonstrated by bmp2tiff.from 0, < 4.0.6-3
- MEDIUM6.5CVE-2018-10779TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff.from 0, < 4.0.6-3
- MEDIUM6.5CVE-2018-10126ijg-libjpeg before 9d, as used in tiff2pdf (from LibTIFF) and other products, does not check for a NULL pointer at a certain place in jpeg_…from 0
- MEDIUM6.5CVE-2014-8130The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of ser…from 0, < 4.0.5-1
- from 0, < 4.0.9-5
- from 0, < 4.0.2-6+deb7u19
- MEDIUM6.5CVE-2018-5784In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c.from 0, < 4.0.9-4
- from 0, < 4.0.2-6+deb7u18
- from 0, < 4.0.9-3
- MEDIUM6.5CVE-2017-13727There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD…from 0, < 4.0.8-5
- MEDIUM6.5CVE-2017-13726There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag.from 0, < 4.0.8-5
- from 0, < 4.0.2-6+deb7u21
- from 0, < 4.0.3-12.3+deb8u6
- from 0, < 4.0.9-5
- from 0, < 4.0.8-2+deb9u4
- from 0, < 4.0.6-3
- from 0, < 4.0.2-6+deb7u4
- from 0, < 4.0.8-3
- MEDIUM6.5CVE-2017-9815In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to…from 0, < 4.0.8-1
- MEDIUM6.5CVE-2017-9404In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows att…from 0, < 4.0.8-1
- MEDIUM6.5CVE-2017-9403In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers…from 0, < 4.0.8-1
- MEDIUM6.5CVE-2017-9147LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of serv…from 0, < 4.0.8-2
- MEDIUM6.5CVE-2016-5321The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a craft…from 0, < 4.0.6-2
- MEDIUM6.5CVE-2016-5319Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bm…from 0, < 4.0.6-3
- MEDIUM6.5CVE-2016-5318Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application vi…from 0, < 4.0.6-3
- MEDIUM6.5CVE-2016-5317Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME…from 0, < 4.0.6-2
- MEDIUM6.5CVE-2016-5316Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the appl…from 0, < 4.0.6-2
- MEDIUM6.5CVE-2016-3625tif_read.c in the tiff2bw tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a…from 0, < 4.0.3-1
- MEDIUM6.5CVE-2016-3622The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service…from 0, < 4.0.7-1
- MEDIUM6.5CVE-2016-3619The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c none" option is used, allows…from 0, < 4.0.6-3
- MEDIUM6.5CVE-2015-8784The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted T…from 0, < 4.0.6-1
- MEDIUM6.5CVE-2015-1547The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a c…from 0, < 4.0.3-12.1
- MEDIUM6.5CVE-2014-9655The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to…from 0, < 4.0.3-12.1
- MEDIUM6.5CVE-2015-8783tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image.from 0, < 4.0.6-1
- MEDIUM6.5CVE-2015-8782tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerabili…from 0, < 4.0.6-1
- from 0, < 3.9.4-5+squeeze14
- from 0, < 4.0.6-1
- MEDIUM6.2CVE-2016-3186Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (applicat…from 0, < 4.0.6-3
- from 0
- MEDIUM6.1CVE-2022-1355A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function.from 0, < 4.2.0-1+deb11u3
- MEDIUM5.5CVE-2025-61143libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tif_open.c.from 0
- MEDIUM5.5CVE-2023-3164A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801.from 0
- from 0, < 4.2.0-1+deb11u5
- from 0, < 4.2.0-1+deb11u5
- from 0, < 4.1.0+git191117-2~deb10u9
- from 0, < 4.0.10+git190814-1
- from 0, < 4.0.8-2+deb9u7
- from 0, < 4.2.0-1+deb11u6
- MEDIUM5.5CVE-2023-26966libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the outp…from 0, < 4.2.0-1+deb11u6
- from 0, < 4.1.0+git191117-2~deb10u8
- from 0, < 4.2.0-1+deb11u6
- from 0, < 4.2.0-1+deb11u6
- MEDIUM5.5CVE-2023-25435libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753.from 0, < 4.2.0-1+deb11u4
- MEDIUM5.5CVE-2023-26965loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.from 0, < 4.2.0-1+deb11u6
- from 0
- from 0, < 4.2.0-1+deb11u3
- MEDIUM5.5CVE-2023-2731A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file.from 0, < 4.5.0-6
- MEDIUM5.5CVE-2023-30086Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiff…from 0, < 4.2.0-1+deb11u3
- MEDIUM5.5CVE-2022-4645LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff…from 0, < 4.2.0-1+deb11u3
- MEDIUM5.5CVE-2023-0804LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafte…from 0, < 4.2.0-1+deb11u4
- MEDIUM5.5CVE-2023-0803LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafte…from 0, < 4.2.0-1+deb11u4
- MEDIUM5.5CVE-2023-0802LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafte…from 0, < 4.2.0-1+deb11u4
- MEDIUM5.5CVE-2023-0801LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778,…from 0, < 4.2.0-1+deb11u4
- MEDIUM5.5CVE-2023-0800LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafte…from 0, < 4.2.0-1+deb11u4
- MEDIUM5.5CVE-2023-0799LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted…from 0, < 4.2.0-1+deb11u4
- MEDIUM5.5CVE-2023-0798LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted…from 0, < 4.2.0-1+deb11u4
- MEDIUM5.5CVE-2023-0797LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921,…from 0, < 4.2.0-1+deb11u4
- MEDIUM5.5CVE-2023-0796LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted…from 0, < 4.2.0-1+deb11u4
- from 0, < 4.2.0-1+deb11u4
- from 0, < 4.1.0+git191117-2~deb10u7
- from 0, < 4.2.0-1+deb11u4
- from 0, < 4.2.0-1+deb11u3
- from 0, < 4.1.0+git191117-2~deb10u6
- MEDIUM5.5CVE-2022-3570Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds me…from 0, < 4.2.0-1+deb11u3
- from 0, < 4.2.0-1+deb11u3
- from 0, < 4.1.0+git191117-2~deb10u5
- from 0, < 4.2.0-1+deb11u3
- MEDIUM5.5CVE-2022-2953LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service vi…from 0, < 4.2.0-1+deb11u3
- MEDIUM5.5CVE-2022-2869libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine.from 0, < 4.2.0-1+deb11u3
- MEDIUM5.5CVE-2022-2868libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an atta…from 0, < 4.2.0-1+deb11u3
- MEDIUM5.5CVE-2022-2867libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write.from 0, < 4.2.0-1+deb11u3
- MEDIUM5.5CVE-2022-1623LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via…from 0, < 4.2.0-1+deb11u3
- MEDIUM5.5CVE-2022-1622LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via…from 0, < 4.2.0-1+deb11u3
- MEDIUM5.5CVE-2022-1056Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file.from 0
- MEDIUM5.5CVE-2022-0924Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file.from 0, < 4.2.0-1+deb11u1
- MEDIUM5.5CVE-2022-0909Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file.from 0, < 4.2.0-1+deb11u1
- MEDIUM5.5CVE-2022-0908Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.…from 0, < 4.2.0-1+deb11u1
- MEDIUM5.5CVE-2022-0907Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted…from 0, < 4.2.0-1+deb11u1
- MEDIUM5.5CVE-2022-0562Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to…from 0, < 4.2.0-1+deb11u1
- from 0, < 4.0.8-2+deb9u8
- from 0, < 4.1.0+git191117-2~deb10u4
- from 0, < 4.2.0-1+deb11u1
- MEDIUM5.5CVE-2022-22844LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second…from 0, < 4.2.0-1+deb11u1
- from 0, < 4.1.0+git201212-1
- from 0, < 4.1.0+git201212-1
- from 0, < 4.0.2-6+deb7u13
- from 0, < 4.0.7-7
- MEDIUM5.5CVE-2016-5322The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds rea…from 0, < 4.0.7-1
- MEDIUM5.5CVE-2017-7595The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and…from 0, < 4.0.7-6
- MEDIUM5.5CVE-2017-7594The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memo…from 0, < 4.0.7-6
- from 0, < 4.0.7-6
- MEDIUM5.5CVE-2016-10267LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, r…from 0, < 4.0.7-2
- from 0, < 4.0.7-2
- from 0, < 4.0.2-6+deb7u11
- from 0, < 4.0.3-12.3+deb8u3
- MEDIUM5.5CVE-2015-7313LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted tiff file.from 0, < 4.0.7-1
- MEDIUM5.5CVE-2016-5315The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds rea…from 0, < 4.0.6-2
- from 0, < 4.0.2-6+deb7u14
- from 0, < 4.0.8-2
- MEDIUM5.5CVE-2016-9532Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denia…from 0, < 4.0.7-1
- MEDIUM5.5CVE-2016-5102Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial…from 0, < 4.0.6-3
- from 0, < 4.0.2-6+deb7u8
- from 0, < 4.0.7-1
- MEDIUM5.5CVE-2015-8683The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds rea…from 0, < 4.0.6-1
- from 0, < 4.0.2-6+deb7u5
- from 0, < 4.0.6-1
- from 0, < 3.9.4-5+squeeze13
- MEDIUM5.0CVE-2025-61145libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c.from 0
- LOW3.3CVE-2023-6228An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based…from 0
- from 0
- from 0
- from 0
- from 0
- from 0, < 4.2.0-1+deb11u7
- from 0, < 4.2.0-1+deb11u7
- from 0
- —CVE-2014-9330Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) via crafted BMP…from 0, < 4.0.3-12
- from 0, < 4.0.3-2
- from 0, < 3.9.4-5+squeeze10
- —CVE-2013-4244The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out…from 0, < 4.0.3-3
- from 0, < 3.9.4-5+squeeze11
- from 0, < 4.0.3-9
- from 0, < 4.0.2-6+deb7u3
- —CVE-2013-4232Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause…from 0, < 4.0.3-2
- —CVE-2013-1961Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denia…from 0, < 4.0.2-6+nmu1
- from 0, < 4.0.2-6+nmu1
- from 0, < 3.9.4-5+squeeze9
- from 0, < 3.9.4-5+squeeze8
- from 0, < 4.0.2-1
- from 0, < 3.9.4-5+squeeze7
- from 0, < 4.0.2-5
- from 0, < 3.9.4-5+squeeze6
- from 0, < 4.0.2-4
- —CVE-2012-3401The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context st…from 0, < 4.0.2-2
- —CVE-2012-2113Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or p…from 0, < 4.0.2-1
- —CVE-2012-2088Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a…from 0, < 4.0-1
- from 0, < 3.9.4-5+squeeze4
- from 0, < 4.0.1-2
- from 0, < 3.9.5-1
- from 0, < 3.9.4-5+squeeze2
- —CVE-2011-1167Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers t…from 0, < 3.9.4-9
- —CVE-2011-0192Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and o…from 0, < 3.9.4-7
- from 0, < 3.9.4-5+squeeze1
- from 0, < 3.9.4-1
- —CVE-2010-3087LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execu…from 0, < 3.9.4-5
- —CVE-2010-2631LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during th…from 0, < 3.9.4-1
- —CVE-2010-2630The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order…from 0, < 3.9.6-1
- —CVE-2010-2483The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service (out-of-bounds read and application cra…from 0, < 3.9.4-4
- from 0, < 3.9.4-1
- from 0, < 3.9.4-5+squeeze5
- —CVE-2010-2481The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote…from 0, < 3.9.4-1
- —CVE-2010-2598LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the requir…from 0, < 3.9.4-1
- —CVE-2010-2597The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remo…from 0, < 3.9.6-1
- from 0, < 4.0.6-1
- —CVE-2010-2595The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values…from 0, < 3.9.6-1
- —CVE-2010-2233tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allo…from 0, < 3.9.4-2
- —CVE-2010-2443The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (NULL pointer…from 0, < 3.9.4-1
- —CVE-2010-2067Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to ca…from 0, < 3.9.4-1
- —CVE-2010-2065Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (application crash)…from 0, < 3.9.4-1
- from 0, < 3.8.2-11.3
- from 0, < 3.9.4-1
- —CVE-2009-2347Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attack…from 0, < 3.8.2-13
- from 0, < 3.8.2-12
- from 0, < 3.8.2-7+etch3
- from 0, < 3.8.2-11
- from 0, < 3.8.2-10+lenny1
- from 0, < 3.8.2-7+etch1
- —CVE-2006-3462Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to ex…from 0, < 3.8.2-6
- —CVE-2006-3461Heap-based buffer overflow in the PixarLog decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to ex…from 0, < 3.8.2-6
- from 0, < 3.7.2-7
- —CVE-2006-3464TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger…from 0, < 3.8.2-6
- —CVE-2006-3463The EstimateStripByteCounts function in TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32…from 0, < 3.8.2-6
- —CVE-2006-3460Heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to cause a den…from 0, < 3.8.2-6
- —CVE-2006-3465Unspecified vulnerability in the custom tag support for the TIFF library (libtiff) before 3.8.2 allows remote attackers to cause a denial o…from 0, < 3.8.2-6
- from 0, < 3.8.2-6
- from 0, < 3.5.5-7woody2
- from 0, < 3.8.2-4
- —CVE-2006-2656Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via…from 0, < 3.8.2-3
- from 0, < 3.8.1
- from 0, < 3.7.2-4
- —CVE-2006-2026Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and…from 0, < 3.8.1
- from 0, < 3.5.5-7woody1
- —CVE-2006-2025Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a deni…from 0, < 3.8.1
- from 0, < 3.8.1
- —CVE-2006-0405The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 allows remote attackers to cause a denial of service (application crash)…from 0, < 3.8.0-2
- —CVE-2005-2452libtiff up to 3.7.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image header with a zero "YCbCr sub…from 0, < 3.7.0-1
- from 0, < 3.7.2-3
- from 0, < 3.5.5-7
- —CVE-2004-0886Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) vi…from 0, < 3.6.1-2
- from 0, < 3.6.1-4
- from 0, < 3.5.5-6.woody3
- from 0, < 3.6.1-5
- from 0, < 3.5.5-6.woody5
- from 0, < 3.6.1-2
- from 0, < 3.5.5-6woody1
- —CVE-2004-1307Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code v…from 0, < 3.7.0
- —CVE-2004-0804Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a denial of service (application crash) via a TIFF image that c…from 0, < 3.6.1-2