Libtiff

Libtiff

258 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2020-35523

  • EPSS 0.26%
  • Published 09.03.2021 20:15:12
  • Last modified 21.11.2024 05:27:29

An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidenti...

6.5

CVE-2014-8128

  • EPSS 0.7%
  • Published 12.02.2020 03:15:10
  • Last modified 21.11.2024 02:18:36

LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image.

8.8

CVE-2019-17546

  • EPSS 0.4%
  • Published 14.10.2019 02:15:11
  • Last modified 20.12.2024 13:15:16

tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.

6.5

CVE-2019-14973

  • EPSS 0.74%
  • Published 14.08.2019 06:15:10
  • Last modified 21.11.2024 04:27:48

_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application cras...

7.5

CVE-2017-16232

  • EPSS 1.74%
  • Published 21.03.2019 15:59:56
  • Last modified 21.11.2024 03:16:05

LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue

6.5

CVE-2019-7663

Exploit
  • EPSS 0.52%
  • Published 09.02.2019 16:29:00
  • Last modified 21.11.2024 04:48:29

An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cau...

8.8

CVE-2019-6128

Exploit
  • EPSS 1.21%
  • Published 11.01.2019 05:29:01
  • Last modified 21.11.2024 04:45:59

The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.

6.5

CVE-2018-19210

Exploit
  • EPSS 2.37%
  • Published 12.11.2018 19:29:00
  • Last modified 21.11.2024 03:57:33

In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset.

6.5

CVE-2018-18661

Exploit
  • EPSS 0.3%
  • Published 26.10.2018 14:29:02
  • Last modified 21.11.2024 03:56:20

An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.

8.8

CVE-2018-18557

Exploit
  • EPSS 39.63%
  • Published 22.10.2018 16:29:00
  • Last modified 21.11.2024 03:56:09

LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignorin...