A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.
Max CVSS
7.5
EPSS Score
0.12%
Published
2024-01-25
Updated
2024-03-11
An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.
Max CVSS
7.5
EPSS Score
0.12%
Published
2024-01-25
Updated
2024-02-04
A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.
Max CVSS
6.5
EPSS Score
0.06%
Published
2023-10-05
Updated
2023-10-10
LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.
Max CVSS
6.5
EPSS Score
0.08%
Published
2023-10-05
Updated
2024-01-21
A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-05-19
Updated
2023-07-03
A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.
Max CVSS
5.5
EPSS Score
0.05%
Published
2023-05-19
Updated
2024-01-09
Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-05-09
Updated
2023-06-16
libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-06-29
Updated
2023-08-01
loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-06-14
Updated
2023-08-01
libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-06-21
Updated
2023-06-28
libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215.
Max CVSS
8.8
EPSS Score
0.09%
Published
2023-06-14
Updated
2023-06-23
libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-06-29
Updated
2023-08-01
An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.
Max CVSS
6.5
EPSS Score
0.18%
Published
2023-11-24
Updated
2024-01-19
An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-12-18
Updated
2023-12-29
A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.
Max CVSS
6.5
EPSS Score
0.11%
Published
2023-07-12
Updated
2024-03-23
A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-10-04
Updated
2024-03-11
A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-06-19
Updated
2023-08-01
A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-11-02
Updated
2024-03-08
A null pointer dereference issue was found in Libtiff's tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial of service.
Max CVSS
5.5
EPSS Score
0.05%
Published
2023-06-30
Updated
2023-08-02
A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.
Max CVSS
5.5
EPSS Score
0.06%
Published
2023-05-17
Updated
2023-07-03
A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x.
Max CVSS
6.1
EPSS Score
0.04%
Published
2023-04-10
Updated
2023-12-23
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
Max CVSS
6.8
EPSS Score
0.05%
Published
2023-02-13
Updated
2023-09-01
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
Max CVSS
6.8
EPSS Score
0.05%
Published
2023-02-13
Updated
2023-05-30
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
Max CVSS
6.8
EPSS Score
0.05%
Published
2023-02-13
Updated
2023-05-30
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
Max CVSS
6.8
EPSS Score
0.05%
Published
2023-02-13
Updated
2023-05-30
250 vulnerabilities found
1 2 3 4 5 6 7 8 9 10
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!