Debian Tiff vulnerabilities
264 known vulnerabilities affecting debian/tiff.
Total CVEs
264
CISA KEV
0
Public exploits
16
Exploited in wild
0
Severity breakdown
CRITICAL16HIGH65MEDIUM128LOW55
Vulnerabilities
Page 10 of 14
CVE-2018-10801P4MEDIUMCVSS 6.5fixed in tiff 4.0.6-3 (bookworm)2018
CVE-2018-10801 [MEDIUM] CVE-2018-10801: tiff - TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory leaks, as demonstrated ...
TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory leaks, as demonstrated by bmp2tiff.
Scope: local
bookworm: resolved (fixed in 4.0.6-3)
bullseye: resolved (fixed in 4.0.6-3)
forky: resolved (fixed in 4.0.6-3)
sid: resolved (fixed in 4.0.6-3)
trixie: resolved (fixed in 4.0.6-3)
debian
CVE-2022-40090P4MEDIUMCVSS 6.5fixed in tiff 4.5.0-2 (bookworm)2022
CVE-2022-40090 [MEDIUM] CVE-2022-40090: tiff - An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allow...
An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file.
Scope: local
bookworm: resolved (fixed in 4.5.0-2)
bullseye: open
forky: resolved (fixed in 4.5.0-2)
sid: resolved (fixed in 4.5.0-2)
trixie: resolved (fixed in 4.5.0-2)
debian
CVE-2014-9330P4MEDIUMCVSS 5.0fixed in tiff 4.0.3-12 (bookworm)2014
CVE-2014-9330 [MEDIUM] CVE-2014-9330: tiff - Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows remote att...
Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) via crafted BMP image, related to dimensions, which triggers an out-of-bounds read.
Scope: local
bookworm: resolved (fixed in 4.0.3-12)
bullseye: resolved (fixed in 4.0.3-12)
forky: resolved (fixed in 4.0.3-12)
sid: resolved (fixed in 4.0.3-12)
tr
debian
CVE-2004-1183P4MEDIUMCVSS 5.1fixed in tiff 3.6.1-5 (bookworm)2004
CVE-2004-1183 [MEDIUM] CVE-2004-1183: tiff - Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier allows re...
Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF file.
Scope: local
bookworm: resolved (fixed in 3.6.1-5)
bullseye: resolved (fixed in 3.6.1-5)
forky: resolved (fixed in 3.6.1-5)
sid: resolved (fixed in 3.6.1-5)
trixie: r
debian
CVE-2022-48281P4MEDIUMCVSS 5.5fixed in tiff 4.5.0-4 (bookworm)2022
CVE-2022-48281 [MEDIUM] CVE-2022-48281: tiff - processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-ba...
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.
Scope: local
bookworm: resolved (fixed in 4.5.0-4)
bullseye: resolved (fixed in 4.2.0-1+deb11u3)
forky: resolved (fixed in 4.5.0-4)
sid: resolved (fixed in 4.5.0-4)
trixie: resolved (fixed in 4.5.0-4)
debian
CVE-2016-3186P4MEDIUMCVSS 6.2fixed in tiff 4.0.6-3 (bookworm)2016
CVE-2016-3186 [MEDIUM] CVE-2016-3186: tiff - Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 all...
Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file.
Scope: local
bookworm: resolved (fixed in 4.0.6-3)
bullseye: resolved (fixed in 4.0.6-3)
forky: resolved (fixed in 4.0.6-3)
sid: resolved (fixed in 4.0.6-3)
trixie: resolved (fixed in 4.0.6-3)
debian
CVE-2017-9815P4MEDIUMCVSS 6.5fixed in tiff 4.0.8-1 (bookworm)2017
CVE-2017-9815 [MEDIUM] CVE-2017-9815: tiff - In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread...
In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a denial of service (memory leak within the function _TIFFmalloc in tif_unix.c) via a crafted file.
Scope: local
bookworm: resolved (fixed in 4.0.8-1)
bullseye: resolved (fixed in 4.0.8-1)
forky: resolved (fixed in 4.0.8-1)
s
debian
CVE-2016-9273P4MEDIUMCVSS 5.5fixed in tiff 4.0.7-1 (bookworm)2016
CVE-2016-9273 [MEDIUM] CVE-2016-9273: tiff - tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service ...
tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode.
Scope: local
bookworm: resolved (fixed in 4.0.7-1)
bullseye: resolved (fixed in 4.0.7-1)
forky: resolved (fixed in 4.0.7-1)
sid: resolved (fixed in 4.0.7-1)
trixie: resolved (fixed in 4.0.7-1)
debian
CVE-2015-8683P4MEDIUMCVSS 5.5fixed in tiff 4.0.6-1 (bookworm)2015
CVE-2015-8683 [MEDIUM] CVE-2015-8683: tiff - The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remot...
The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image.
Scope: local
bookworm: resolved (fixed in 4.0.6-1)
bullseye: resolved (fixed in 4.0.6-1)
forky: resolved (fixed in 4.0.6-1)
sid: resolved (fixed in 4.0.6-1)
trixie: resolved (fixed in 4.0.6-1)
debian
CVE-2016-5315P4MEDIUMCVSS 5.5fixed in tiff 4.0.6-2 (bookworm)2016
CVE-2016-5315 [MEDIUM] CVE-2016-5315: tiff - The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remot...
The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.
Scope: local
bookworm: resolved (fixed in 4.0.6-2)
bullseye: resolved (fixed in 4.0.6-2)
forky: resolved (fixed in 4.0.6-2)
sid: resolved (fixed in 4.0.6-2)
trixie: resolved (fixed in 4.0.6-2)
debian
CVE-2017-9404P4MEDIUMCVSS 6.5fixed in tiff 4.0.8-1 (bookworm)2017
CVE-2017-9404 [MEDIUM] CVE-2017-9404: tiff - In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGRea...
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file.
Scope: local
bookworm: resolved (fixed in 4.0.8-1)
bullseye: resolved (fixed in 4.0.8-1)
forky: resolved (fixed in 4.0.8-1)
sid: resolved (fixed in 4.0.8-1)
trixie: resolved (f
debian
CVE-2017-9403P4MEDIUMCVSS 6.5fixed in tiff 4.0.8-1 (bookworm)2017
CVE-2017-9403 [MEDIUM] CVE-2017-9403: tiff - In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFRead...
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.
Scope: local
bookworm: resolved (fixed in 4.0.8-1)
bullseye: resolved (fixed in 4.0.8-1)
forky: resolved (fixed in 4.0.8-1)
sid: resolved (fixed in 4.0.8-1)
trixie: resolved (fixed i
debian
CVE-2015-8665P4MEDIUMCVSS 5.5fixed in tiff 4.0.6-1 (bookworm)2015
CVE-2015-8665 [MEDIUM] CVE-2015-8665: tiff - tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of ser...
tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image.
Scope: local
bookworm: resolved (fixed in 4.0.6-1)
bullseye: resolved (fixed in 4.0.6-1)
forky: resolved (fixed in 4.0.6-1)
sid: resolved (fixed in 4.0.6-1)
trixie: resolved (fixed in 4.0.6-1)
debian
CVE-2016-5102P4MEDIUMCVSS 5.5fixed in tiff 4.0.6-3 (bookworm)2016
CVE-2016-5102 [MEDIUM] CVE-2016-5102: tiff - Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool ...
Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file.
Scope: local
bookworm: resolved (fixed in 4.0.6-3)
bullseye: resolved (fixed in 4.0.6-3)
forky: resolved (fixed in 4.0.6-3)
sid: resolved (fixed in 4.0.6-3)
trixie: resolved (f
debian
CVE-2016-9532P4MEDIUMCVSS 5.5fixed in tiff 4.0.7-1 (bookworm)2016
CVE-2016-9532 [MEDIUM] CVE-2016-9532: tiff - Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in Li...
Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file.
Scope: local
bookworm: resolved (fixed in 4.0.7-1)
bullseye: resolved (fixed in 4.0.7-1)
forky: resolved (fixed in 4.0.7-1)
sid: resolved (fixed in 4.0.7-1)
trixie: resolved
debian
CVE-2023-1916P4LOWCVSS 6.1fixed in tiff 4.7.0-1 (forky)2023
CVE-2023-1916 [MEDIUM] CVE-2023-1916: tiff - A flaw was found in tiffcrop, a program distributed by the libtiff package. A sp...
A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixe
debian
CVE-2022-1622P4MEDIUMCVSS 5.5fixed in tiff 4.4.0~rc1-1 (bookworm)2022
CVE-2022-1622 [MEDIUM] CVE-2022-1622: tiff - LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw....
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.
Scope: local
bookworm: resolved (fixed in 4.4.0~rc1-1)
bullseye: resolved (fixed in 4.2.0-1+deb11u3)
forky: resolved (fixed
debian
CVE-2020-35522P4LOWCVSS 5.5fixed in tiff 4.1.0+git201212-1 (bookworm)2020
CVE-2020-35522 [MEDIUM] CVE-2020-35522: tiff - In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF d...
In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.
Scope: local
bookworm: resolved (fixed in 4.1.0+git201212-1)
bullseye: resolved (fixed in 4.1.0+git201212-1)
forky: resolved (fixed in 4.1.0+git201212-1)
sid: resolved (fixed in 4.1.0+git201212-1)
trixie: resolv
debian
CVE-2016-5322P4MEDIUMCVSS 5.5fixed in tiff 4.0.7-1 (bookworm)2016
CVE-2016-5322 [MEDIUM] CVE-2016-5322: tiff - The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remot...
The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.
Scope: local
bookworm: resolved (fixed in 4.0.7-1)
bullseye: resolved (fixed in 4.0.7-1)
forky: resolved (fixed in 4.0.7-1)
sid: resolved (fixed in 4.0.7-1)
trixie: resolved (fixed in 4.0.7-1)
debian
CVE-2022-2867P4MEDIUMCVSS 5.5fixed in tiff 4.4.0~rc1-1 (bookworm)2022
CVE-2022-2867 [MEDIUM] CVE-2022-2867: tiff - libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of boun...
libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation.
Scope: local
bookworm: resolved (fixed in 4.4.0~rc1-1)
bullseye: resolved (fixed in 4
debian