Debian Tiff vulnerabilities

CVE-2026-4775 [HIGH] CVE-2026-4775: tiff - A flaw was found in the libtiff library. A remote attacker could exploit a signe... A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code e

CVE-2025-9900 [HIGH] CVE-2025-9900: tiff - A flaw was found in Libtiff. This vulnerability is a "write-what-where" conditio... A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be

CVE-2025-9165 [LOW] CVE-2025-9165: tiff - A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt... A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attack is restricted to local execution. This attack is characterized by high complexity. It is indicated that the exploitability is difficu

CVE-2025-8534 [LOW] CVE-2025-8534: tiff - A vulnerability classified as problematic was found in libtiff 4.6.0. This vulne... A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PS_Lvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The e

CVE-2025-61145 [MEDIUM] CVE-2025-61145: tiff - libtiff up to v4.7.1 was discovered to contain a double free via the component t... libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 4.7.1-1) sid: resolved (fixed in 4.7.1-1) trixie: open

CVE-2025-61144 [HIGH] CVE-2025-61144: tiff - libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSepa... libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 4.7.1-1) sid: resolved (fixed in 4.7.1-1) trixie: open

CVE-2025-8851 [MEDIUM] CVE-2025-8851: tiff - A vulnerability was determined in LibTIFF up to 4.5.1. Affected by this issue is... A vulnerability was determined in LibTIFF up to 4.5.1. Affected by this issue is the function readSeparateStripsetoBuffer of the file tools/tiffcrop.c of the component tiffcrop. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The patch is identified as 8a7a48d7a645992ca83062b3a1873c951661e2b3. It is recommended t

CVE-2025-8177 [MEDIUM] CVE-2025-8177: tiff - A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical.... A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to apply a patch to fix this issue. This vulnerability onl

CVE-2025-8176 [MEDIUM] CVE-2025-8176: tiff - A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critic... A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as fe10872e53efba9cc36c66ac4ab

CVE-2025-61143 [MEDIUM] CVE-2025-61143: tiff - libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via th... libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tif_open.c. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 4.7.1-1) sid: resolved (fixed in 4.7.1-1) trixie: open

CVE-2025-8961 [MEDIUM] CVE-2025-8961: tiff - A weakness has been identified in LibTIFF 4.7.0. This affects the function main ... A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 4.7

CVE-2024-7006 [HIGH] CVE-2024-7006: tiff - A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This i... A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service. Scope: local bookworm: resolved (f

CVE-2024-13978 [LOW] CVE-2024-13978: tiff - A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as proble... A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as problematic. Affected by this vulnerability is the function t2p_read_tiff_init of the file tools/tiff2pdf.c of the component fax2ps. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears t

CVE-2023-52356 [HIGH] CVE-2023-52356: tiff - A segment fault (SEGV) flaw was found in libtiff that could be triggered by pass... A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. Scope: local bookworm: resolved (fixed in 4.5.0-6+deb12u2) bullseye: resolved (fixed in 4.2.0-1+deb11u6) forky: resolved (fixed in 4.

CVE-2023-52355 [HIGH] CVE-2023-52355: tiff - An out-of-memory flaw was found in libtiff that could be triggered by passing a ... An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 4.5.1+git230720-4) sid: resolved (fixed in 4.5.1

CVE-2023-25434 [HIGH] CVE-2023-25434: tiff - libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() a... libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215. Scope: local bookworm: resolved (fixed in 4.5.0-5) bullseye: resolved (fixed in 4.2.0-1+deb11u4) forky: resolved (fixed in 4.5.0-5) sid: resolved (fixed in 4.5.0-5) trixie: resolved (fixed in 4.5.0-5)

CVE-2023-0795 [MEDIUM] CVE-2023-0795: tiff - LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, al... LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Scope: local bookworm: resolved (fixed in 4.5.0-5) bullseye: resolved (fixed in 4.2.0-1+deb11u4) forky: resolved (fixed in 4.5.0-5)

CVE-2023-0796 [MEDIUM] CVE-2023-0796: tiff - LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, al... LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Scope: local bookworm: resolved (fixed in 4.5.0-5) bullseye: resolved (fixed in 4.2.0-1+deb11u4) forky: resolved (fixed in 4.5.0-5)

CVE-2023-0803 [MEDIUM] CVE-2023-0803: tiff - LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, a... LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Scope: local bookworm: resolved (fixed in 4.5.0-5) bullseye: resolved (fixed in 4.2.0-1+deb11u4) forky: resolved (fixed in 4.5.0-5)

CVE-2023-40745 [MEDIUM] CVE-2023-40745: tiff - LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers ... LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 4.5.0-6+deb12u1) bullseye: resolved (fixed in 4.2.0-1+deb11u5) forky: resolved (fixed in