Filtered by vendor Libtiff
Subscriptions
Total
251 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2013-4232 | 3 Debian, Libtiff, Redhat | 3 Debian Linux, Libtiff, Enterprise Linux | 2024-11-21 | N/A |
Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted TIFF image. | ||||
CVE-2013-4231 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2024-11-21 | N/A |
Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size. | ||||
CVE-2012-5581 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2024-11-21 | N/A |
Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image. | ||||
CVE-2012-4564 | 5 Canonical, Debian, Libtiff and 2 more | 9 Ubuntu Linux, Debian Linux, Libtiff and 6 more | 2024-11-21 | N/A |
ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow. | ||||
CVE-2012-4447 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2024-11-21 | N/A |
Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format. | ||||
CVE-2012-3401 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2024-11-21 | N/A |
The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow. | ||||
CVE-2012-2113 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2024-11-21 | N/A |
Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. | ||||
CVE-2012-2088 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2024-11-21 | N/A |
Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow. | ||||
CVE-2012-1173 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2024-11-21 | N/A |
Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow. | ||||
CVE-2011-1167 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2024-11-21 | N/A |
Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value. | ||||
CVE-2010-4665 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2024-11-21 | N/A |
Integer overflow in the ReadDirectory function in tiffdump.c in tiffdump in LibTIFF before 3.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF file containing a directory data structure with many directory entries. | ||||
CVE-2010-3087 | 2 Libtiff, Opensuse | 2 Libtiff, Opensuse | 2024-11-21 | N/A |
LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF image. | ||||
CVE-2010-2631 | 1 Libtiff | 1 Libtiff | 2024-11-21 | N/A |
LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during the second stage, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481. | ||||
CVE-2010-2630 | 1 Libtiff | 1 Libtiff | 2024-11-21 | N/A |
The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481. | ||||
CVE-2010-2597 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2024-11-21 | N/A |
The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image, related to "downsampled OJPEG input" and possibly related to a compiler optimization that triggers a divide-by-zero error. | ||||
CVE-2010-2596 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2024-11-21 | N/A |
The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2, as used in tiff2ps, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF image, related to "downsampled OJPEG input." | ||||
CVE-2010-2595 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2024-11-21 | N/A |
The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to "downsampled OJPEG input." | ||||
CVE-2010-2483 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2024-11-21 | N/A |
The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values. | ||||
CVE-2010-2482 | 1 Libtiff | 1 Libtiff | 2024-11-21 | N/A |
LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443. | ||||
CVE-2010-2481 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2024-11-21 | N/A |
The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file. |