CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Libtiff : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-13727 20 DoS 2017-08-29 2017-08-31
4.3
None Remote Medium Not required None None Partial
There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack.
2 CVE-2017-13726 20 DoS 2017-08-29 2017-08-31
4.3
None Remote Medium Not required None None Partial
There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack.
3 CVE-2017-12944 399 DoS 2017-08-18 2017-08-25
5.0
None Remote Low Not required None None Partial
The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation.
4 CVE-2017-11613 20 DoS 2017-07-26 2017-07-31
4.3
None Remote Medium Not required None None Partial
In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If we set the value of td_imagelength close to the amount of system memory, it will hang the system or trigger the OOM killer.
5 CVE-2017-11335 787 DoS Exec Code Overflow 2017-07-17 2017-07-20
6.8
None Remote Medium Not required Partial Partial Partial
There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack.
6 CVE-2017-10688 20 DoS 2017-06-29 2017-08-11
5.0
None Remote Low Not required None None Partial
In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A crafted input will lead to a remote denial of service attack.
7 CVE-2017-9937 119 DoS Overflow 2017-06-26 2017-06-29
4.3
None Remote Medium Not required None None Partial
In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack.
8 CVE-2017-9936 119 DoS Overflow 2017-06-26 2017-08-11
4.3
None Remote Medium Not required None None Partial
In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack.
9 CVE-2017-9935 119 Exec Code Overflow Mem. Corr. 2017-06-26 2017-06-29
6.8
None Remote Medium Not required Partial Partial Partial
In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution.
10 CVE-2017-9815 119 DoS Overflow 2017-06-22 2017-06-27
4.3
None Remote Medium Not required None None Partial
In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a denial of service (memory leak within the function _TIFFmalloc in tif_unix.c) via a crafted file.
11 CVE-2017-9404 119 DoS Overflow 2017-06-02 2017-06-06
4.3
None Remote Medium Not required None None Partial
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file.
12 CVE-2017-9403 119 DoS Overflow 2017-06-02 2017-09-27
4.3
None Remote Medium Not required None None Partial
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.
13 CVE-2017-9147 125 DoS 2017-05-22 2017-08-11
4.3
None Remote Medium Not required None None Partial
LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file.
14 CVE-2017-9117 119 Overflow 2017-05-21 2017-05-24
7.5
None Remote Low Not required Partial Partial Partial
In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff.
15 CVE-2017-7602 190 DoS Overflow 2017-04-09 2017-09-27
6.8
None Remote Medium Not required Partial Partial Partial
LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
16 CVE-2017-7601 20 DoS 2017-04-09 2017-09-27
6.8
None Remote Medium Not required Partial Partial Partial
LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
17 CVE-2017-7600 20 DoS 2017-04-09 2017-09-27
6.8
None Remote Medium Not required Partial Partial Partial
LibTIFF 4.0.7 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
18 CVE-2017-7599 20 DoS 2017-04-09 2017-09-27
6.8
None Remote Medium Not required Partial Partial Partial
LibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
19 CVE-2017-7598 369 DoS 2017-04-09 2017-09-27
4.3
None Remote Medium Not required None None Partial
tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.
20 CVE-2017-7597 20 DoS 2017-04-09 2017-09-27
6.8
None Remote Medium Not required Partial Partial Partial
tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
21 CVE-2017-7596 20 DoS 2017-04-09 2017-09-27
6.8
None Remote Medium Not required Partial Partial Partial
LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
22 CVE-2017-7595 369 DoS 2017-04-09 2017-09-27
4.3
None Remote Medium Not required None None Partial
The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.
23 CVE-2017-7594 400 DoS 2017-04-09 2017-09-27
4.3
None Remote Medium Not required None None Partial
The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image.
24 CVE-2017-7593 119 Overflow +Info 2017-04-09 2017-09-27
4.3
None Remote Medium Not required Partial None None
tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image.
25 CVE-2017-7592 20 DoS 2017-04-09 2017-09-27
6.8
None Remote Medium Not required Partial Partial Partial
The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
26 CVE-2017-5563 119 Exec Code Overflow 2017-01-23 2017-09-27
6.8
None Remote Medium Not required Partial Partial Partial
LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff.
27 CVE-2017-5225 119 Exec Code Overflow 2017-01-12 2017-09-27
7.5
None Remote Low Not required Partial Partial Partial
LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value.
28 CVE-2016-10371 20 DoS 2017-05-10 2017-05-15
4.3
None Remote Medium Not required None None Partial
The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file.
29 CVE-2016-10272 119 DoS Overflow 2017-03-24 2017-03-30
6.8
None Remote Medium Not required Partial Partial Partial
LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "WRITE of size 2048" and libtiff/tif_next.c:64:9.
30 CVE-2016-10271 119 DoS Overflow 2017-03-24 2017-03-30
6.8
None Remote Medium Not required Partial Partial Partial
tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 1" and libtiff/tif_fax3.c:413:13.
31 CVE-2016-10270 125 DoS 2017-03-24 2017-03-30
6.8
None Remote Medium Not required Partial Partial Partial
LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 8" and libtiff/tif_read.c:523:22.
32 CVE-2016-10269 125 DoS 2017-03-24 2017-03-30
6.8
None Remote Medium Not required Partial Partial Partial
LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 512" and libtiff/tif_unix.c:340:2.
33 CVE-2016-10268 191 DoS 2017-03-24 2017-09-27
6.8
None Remote Medium Not required Partial Partial Partial
tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 78490" and libtiff/tif_unix.c:115:23.
34 CVE-2016-10267 369 DoS 2017-03-24 2017-09-27
4.3
None Remote Medium Not required None None Partial
LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8.
35 CVE-2016-10266 369 DoS 2017-03-24 2017-03-28
4.3
None Remote Medium Not required None None Partial
LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22.
36 CVE-2016-10095 119 DoS Overflow 2017-03-01 2017-03-02
4.3
None Remote Medium Not required None None Partial
Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file.
37 CVE-2016-10094 189 2017-03-01 2017-03-02
6.8
None Remote Medium Not required Partial Partial Partial
Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image.
38 CVE-2016-10093 190 Overflow 2017-03-01 2017-03-02
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image, which triggers a heap-based buffer overflow.
39 CVE-2016-10092 119 Overflow 2017-03-01 2017-03-02
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image.
40 CVE-2016-9540 787 Overflow 2016-11-22 2016-12-09
7.5
None Remote Low Not required Partial Partial Partial
tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow."
41 CVE-2016-9539 125 2016-11-22 2016-12-09
7.5
None Remote Low Not required Partial Partial Partial
tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092.
42 CVE-2016-9538 190 Overflow 2016-11-22 2016-12-09
7.5
None Remote Low Not required Partial Partial Partial
tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100.
43 CVE-2016-9537 787 2016-11-22 2016-12-09
7.5
None Remote Low Not required Partial Partial Partial
tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096, and MSVR 35097.
44 CVE-2016-9536 787 Overflow 2016-11-22 2016-12-09
7.5
None Remote Low Not required Partial Partial Partial
tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka "t2p_process_jpeg_strip heap-buffer-overflow."
45 CVE-2016-9535 119 Overflow 2016-11-22 2016-12-09
7.5
None Remote Low Not required Partial Partial Partial
tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."
46 CVE-2016-9534 119 Overflow 2016-11-22 2016-12-09
7.5
None Remote Low Not required Partial Partial Partial
tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow."
47 CVE-2016-9533 787 Overflow 2016-11-22 2016-12-09
7.5
None Remote Low Not required Partial Partial Partial
tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka "PixarLog horizontalDifference heap-buffer-overflow."
48 CVE-2016-9532 125 DoS Overflow 2017-02-06 2017-02-08
4.3
None Remote Medium Not required None None Partial
Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file.
49 CVE-2016-9453 787 DoS Exec Code 2017-01-27 2017-06-30
6.8
None Remote Medium Not required Partial Partial Partial
The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one.
50 CVE-2016-9448 476 DoS 2017-01-27 2017-06-30
5.0
None Remote Low Not required None None Partial
The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting the tags TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII to values that access 0-byte arrays. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9297.
Total number of vulnerabilities : 134   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.