Libtiff : Security Vulnerabilities, CVEs, Published In 2016 (Overflow)
tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow."
Max CVSS
9.8
EPSS Score
2.23%
Published
2016-11-22
Updated
2018-01-05
tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092.
Max CVSS
9.8
EPSS Score
0.40%
Published
2016-11-22
Updated
2016-12-10
tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100.
Max CVSS
9.8
EPSS Score
0.55%
Published
2016-11-22
Updated
2017-11-04
tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096, and MSVR 35097.
Max CVSS
9.8
EPSS Score
2.23%
Published
2016-11-22
Updated
2018-01-05
tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka "t2p_process_jpeg_strip heap-buffer-overflow."
Max CVSS
9.8
EPSS Score
2.23%
Published
2016-11-22
Updated
2018-01-05
tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."
Max CVSS
9.8
EPSS Score
1.30%
Published
2016-11-22
Updated
2018-01-05
tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow."
Max CVSS
9.8
EPSS Score
2.16%
Published
2016-11-22
Updated
2018-01-05
tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka "PixarLog horizontalDifference heap-buffer-overflow."
Max CVSS
9.8
EPSS Score
2.23%
Published
2016-11-22
Updated
2018-01-05
Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles.
Max CVSS
7.8
EPSS Score
0.45%
Published
2016-09-21
Updated
2018-10-30
Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp.
Max CVSS
7.8
EPSS Score
0.90%
Published
2016-09-21
Updated
2018-10-30
Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write.
Max CVSS
7.8
EPSS Score
0.37%
Published
2016-09-21
Updated
2018-10-30
Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file.
Max CVSS
6.2
EPSS Score
1.88%
Published
2016-04-19
Updated
2018-10-30
Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file.
Max CVSS
7.4
EPSS Score
0.74%
Published
2016-12-06
Updated
2018-01-05
The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image.
Max CVSS
5.5
EPSS Score
3.00%
Published
2016-04-13
Updated
2018-01-05
Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image.
Max CVSS
9.8
EPSS Score
5.71%
Published
2016-01-08
Updated
2023-12-20
tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image.
Max CVSS
5.5
EPSS Score
2.17%
Published
2016-04-13
Updated
2018-01-05
The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif.
Max CVSS
6.5
EPSS Score
4.36%
Published
2016-04-13
Updated
2018-01-05
17 vulnerabilities found