Debian Tiff vulnerabilities

CVE-2016-3625 [MEDIUM] CVE-2016-3625: tiff - tif_read.c in the tiff2bw tool in LibTIFF 4.0.6 and earlier allows remote attack... tif_read.c in the tiff2bw tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image. Scope: local bookworm: resolved (fixed in 4.0.3-1) bullseye: resolved (fixed in 4.0.3-1) forky: resolved (fixed in 4.0.3-1) sid: resolved (fixed in 4.0.3-1) trixie: resolved (fixed in 4.0.3-1)

CVE-2016-10266 [MEDIUM] CVE-2016-10266: tiff - LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-ze... LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22. Scope: local bookworm: resolved (fixed in 4.0.7-2) bullseye: resolved (fixed in 4.0.7-2) forky: resolved (fixed in 4.0.7-2) sid: resolved (fixed in 4.0.7-2) trixie: resolved (fixed in 4.0.7-2)

CVE-2016-5318 [MEDIUM] CVE-2016-5318: tiff - Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and ... Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff. Scope: local bookworm: resolved (fixed in 4.0.6-3) bullseye: resolved (fixed in 4.0.6-3) forky: resolved (fixed in 4.0.6-3) sid: resolved (fixed in 4.0.6-3) trixie: resolved (fixed in 4.0.6-3)

CVE-2016-3619 [MEDIUM] CVE-2016-3619: tiff - The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.... The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c none" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image. Scope: local bookworm: resolved (fixed in 4.0.6-3) bullseye: resolved (fixed in 4.0.6-3) forky: resolved (fixed in 4.0.6-3) sid: resolved (fix

CVE-2016-9539 [CRITICAL] CVE-2016-9539: tiff - tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIn... tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092. Scope: local bookworm: resolved (fixed in 4.0.7-1) bullseye: resolved (fixed in 4.0.7-1) forky: resolved (fixed in 4.0.7-1) sid: resolved (fixed in 4.0.7-1) trixie: resolved (fixed in 4.0.7-1)

CVE-2016-3622 [MEDIUM] CVE-2016-3622: tiff - The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and e... The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image. Scope: local bookworm: resolved (fixed in 4.0.7-1) bullseye: resolved (fixed in 4.0.7-1) forky: resolved (fixed in 4.0.7-1) sid: resolved (fixed in 4.0.7-1) trixie: resolved (fixed i

CVE-2016-10268 [HIGH] CVE-2016-10268: tiff - tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of ser... tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 78490" and libtiff/tif_unix.c:115:23. Scope: local bookworm: resolved (fixed in 4.0.7-2) bullseye: resolved (fixed in 4.0.7-2) forky: resolv

CVE-2016-3623 [HIGH] CVE-2016-3623: tiff - The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause... The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0. Scope: local bookworm: resolved (fixed in 4.0.6-3) bullseye: resolved (fixed in 4.0.6-3) forky: resolved (fixed in 4.0.6-3) sid: resolved (fixed in 4.0.6-3) trixie: resolved (fixed in 4.0.6-3)

CVE-2016-5323 [HIGH] CVE-2016-5323: tiff - The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers t... The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image. Scope: local bookworm: resolved (fixed in 4.0.6-2) bullseye: resolved (fixed in 4.0.6-2) forky: resolved (fixed in 4.0.6-2) sid: resolved (fixed in 4.0.6-2) trixie: resolved (fixed in 4.0.6-2)

CVE-2016-3658 [HIGH] CVE-2016-3658: tiff - The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffse... The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving the ma variable. Scope: local bookworm: resolved (fixed in 4.0.6-3) bullseye: resolved (fixed in 4.0.6-3) forky: resolved (fixed in 4.0.6-3) sid: resolved (fixed

CVE-2016-10371 [MEDIUM] CVE-2016-10371: tiff - The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4... The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file. Scope: local bookworm: resolved (fixed in 4.0.7-7) bullseye: resolved (fixed in 4.0.7-7) forky: resolved (fixed in 4.0.7-7) sid: resolved (fixed in 4.0.7-7) trixie:

CVE-2016-3620 [HIGH] CVE-2016-3620: tiff - The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4.0.6 and ea... The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c zip" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image. Scope: local bookworm: resolved (fixed in 4.0.6-3) bullseye: resolved (fixed in 4.0.6-3) forky: resolved (fixed in 4.0.6-3) sid: resolved (fixed in 4.0.6-3

CVE-2016-9448 [HIGH] CVE-2016-9448: tiff - The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to caus... The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting the tags TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII to values that access 0-byte arrays. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9297. Scope: local bookworm: resolved bullseye: resolved

CVE-2016-3621 [HIGH] CVE-2016-3621: tiff - The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and ea... The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c lzw" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image. Scope: local bookworm: resolved (fixed in 4.0.6-3) bullseye: resolved (fixed in 4.0.6-3) forky: resolved (fixed in 4.0.6-3) sid: resolved (fixed in 4.0.6-3

CVE-2015-7554 [CRITICAL] CVE-2015-7554: tiff - The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to ca... The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image. Scope: local bookworm: resolved (fixed in 4.0.7-7) bullseye: resolved (fixed in 4.0.7-7) forky: resolved (fixed in 4.0.7-7) sid: r

CVE-2015-8668 [CRITICAL] CVE-2015-8668: tiff - Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c i... Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image. Scope: local bookworm: resolved (fixed in 4.0.6-3) bullseye: resolved (fixed in 4.0.6-3) forky: resolved (fixed in 4.0.6-3) sid: r

CVE-2015-8870 [HIGH] CVE-2015-8870: tiff - Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attac... Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file. Scope: local bookworm: resolved (fixed in 4.0.3-12) bullseye: resolved (fixed in 4.0.3-12) for

CVE-2015-7313 [MEDIUM] CVE-2015-7313: tiff - LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (memor... LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted tiff file. Scope: local bookworm: resolved (fixed in 4.0.7-1) bullseye: resolved (fixed in 4.0.7-1) forky: resolved (fixed in 4.0.7-1) sid: resolved (fixed in 4.0.7-1) trixie: resolved (fixed in 4.0.7-1)

CVE-2015-8782 [MEDIUM] CVE-2015-8782: tiff - tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bound... tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781. Scope: local bookworm: resolved (fixed in 4.0.6-1) bullseye: resolved (fixed in 4.0.6-1) forky: resolved (fixed in 4.0.6-1) sid: resolved (fixed in 4.0.6-1) trixie: resolved (fixed in 4.0.6-1)

CVE-2015-8784 [MEDIUM] CVE-2015-8784: tiff - The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to caus... The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif. Scope: local bookworm: resolved (fixed in 4.0.6-1) bullseye: resolved (fixed in 4.0.6-1) forky: resolved (fixed in 4.0.6-1) sid: resolved (fixed in 4.0.6-1) trixie: resolved (fixed in 4.0.