Filtered by vendor Libtiff
Subscribe
Total
250 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-2088 | 1 Libtiff | 1 Libtiff | 2023-12-10 | 7.5 HIGH | N/A |
Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow. | |||||
CVE-2013-4244 | 1 Libtiff | 1 Libtiff | 2023-12-10 | 6.8 MEDIUM | N/A |
The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image. | |||||
CVE-2012-1173 | 1 Libtiff | 1 Libtiff | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow. | |||||
CVE-2012-4564 | 5 Canonical, Debian, Libtiff and 2 more | 8 Ubuntu Linux, Debian Linux, Libtiff and 5 more | 2023-12-10 | 6.8 MEDIUM | N/A |
ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow. | |||||
CVE-2012-3401 | 1 Libtiff | 1 Libtiff | 2023-12-10 | 6.8 MEDIUM | N/A |
The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow. | |||||
CVE-2012-4447 | 1 Libtiff | 1 Libtiff | 2023-12-10 | 6.8 MEDIUM | N/A |
Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format. | |||||
CVE-2012-5581 | 1 Libtiff | 1 Libtiff | 2023-12-10 | 6.8 MEDIUM | N/A |
Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image. | |||||
CVE-2012-2113 | 1 Libtiff | 1 Libtiff | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. | |||||
CVE-2010-2595 | 1 Libtiff | 1 Libtiff | 2023-12-10 | 4.3 MEDIUM | N/A |
The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to "downsampled OJPEG input." | |||||
CVE-2010-2233 | 1 Libtiff | 1 Libtiff | 2023-12-10 | 7.5 HIGH | N/A |
tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to "downsampled OJPEG input." | |||||
CVE-2010-2483 | 1 Libtiff | 1 Libtiff | 2023-12-10 | 4.3 MEDIUM | N/A |
The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values. | |||||
CVE-2010-2443 | 1 Libtiff | 1 Libtiff | 2023-12-10 | 5.0 MEDIUM | N/A |
The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an OJPEG image with undefined strip offsets, related to the TIFFVGetField function. | |||||
CVE-2010-2630 | 1 Libtiff | 1 Libtiff | 2023-12-10 | 4.3 MEDIUM | N/A |
The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481. | |||||
CVE-2010-2481 | 1 Libtiff | 1 Libtiff | 2023-12-10 | 4.3 MEDIUM | N/A |
The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file. | |||||
CVE-2010-2482 | 1 Libtiff | 1 Libtiff | 2023-12-10 | 4.3 MEDIUM | N/A |
LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443. | |||||
CVE-2010-3087 | 2 Libtiff, Opensuse | 2 Libtiff, Opensuse | 2023-12-10 | 6.8 MEDIUM | N/A |
LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF image. | |||||
CVE-2010-2597 | 1 Libtiff | 1 Libtiff | 2023-12-10 | 4.3 MEDIUM | N/A |
The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image, related to "downsampled OJPEG input" and possibly related to a compiler optimization that triggers a divide-by-zero error. | |||||
CVE-2010-2067 | 2 Canonical, Libtiff | 2 Ubuntu Linux, Libtiff | 2023-12-10 | 6.8 MEDIUM | N/A |
Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file. | |||||
CVE-2010-2631 | 1 Libtiff | 1 Libtiff | 2023-12-10 | 4.3 MEDIUM | N/A |
LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during the second stage, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481. | |||||
CVE-2010-2596 | 1 Libtiff | 1 Libtiff | 2023-12-10 | 4.3 MEDIUM | N/A |
The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2, as used in tiff2ps, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF image, related to "downsampled OJPEG input." |