Debian Tiff vulnerabilities

CVE-2015-1547 [MEDIUM] CVE-2015-1547: tiff - The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to caus... The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif. Scope: local bookworm: resolved (fixed in 4.0.3-12.1) bullseye: resolved (fixed in 4.0.3-12.1) forky: resolved (fixed in 4.0.3-12.1) sid: resolved (fixed in 4.0.3-12.1) trixie: res

CVE-2015-8683 [MEDIUM] CVE-2015-8683: tiff - The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remot... The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image. Scope: local bookworm: resolved (fixed in 4.0.6-1) bullseye: resolved (fixed in 4.0.6-1) forky: resolved (fixed in 4.0.6-1) sid: resolved (fixed in 4.0.6-1) trixie: resolved (fixed in 4.0.6-1)

CVE-2015-8781 [MEDIUM] CVE-2015-8781: tiff - tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bound... tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782. Scope: local bookworm: resolved (fixed in 4.0.6-1) bullseye: resolved (fixed in 4.0.6-1) forky: resolved (fixed in 4.0.6-1) sid: resolved (fixed in 4.0.6-1) tri

CVE-2015-8665 [MEDIUM] CVE-2015-8665: tiff - tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of ser... tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image. Scope: local bookworm: resolved (fixed in 4.0.6-1) bullseye: resolved (fixed in 4.0.6-1) forky: resolved (fixed in 4.0.6-1) sid: resolved (fixed in 4.0.6-1) trixie: resolved (fixed in 4.0.6-1)

CVE-2015-8783 [MEDIUM] CVE-2015-8783: tiff - tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bound... tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image. Scope: local bookworm: resolved (fixed in 4.0.6-1) bullseye: resolved (fixed in 4.0.6-1) forky: resolved (fixed in 4.0.6-1) sid: resolved (fixed in 4.0.6-1) trixie: resolved (fixed in 4.0.6-1)

CVE-2014-8129 [HIGH] CVE-2014-8129: tiff - LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bound... LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c. Scope: local bookworm: resolved (fixed in 4.0.3-12.1) bullseye:

CVE-2014-9330 [MEDIUM] CVE-2014-9330: tiff - Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows remote att... Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) via crafted BMP image, related to dimensions, which triggers an out-of-bounds read. Scope: local bookworm: resolved (fixed in 4.0.3-12) bullseye: resolved (fixed in 4.0.3-12) forky: resolved (fixed in 4.0.3-12) sid: resolved (fixed in 4.0.3-12) tr

CVE-2014-9655 [MEDIUM] CVE-2014-9655: tiff - The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode fu... The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif. Scope: local bookworm: resolved (fixed in 4.0.3-12.1) bullseye: resolved (fixed in 4.0.3-1

CVE-2014-8128 [MEDIUM] CVE-2014-8128: tiff - LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 ... LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image. Scope: local bookworm: resolved (fixed in 4.0.3-12.3) bullseye: resolved (fixed in 4.0.3-12.3) forky: resolved (fixed in 4.0.3-12.3) sid: resolved (fixed in 4.0.3-12.3) t

CVE-2014-8130 [MEDIUM] CVE-2014-8130: tiff - The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero s... The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither. Scope: local bookworm: resolved (fixed in 4.0.5-1) bullse

CVE-2014-8127 [MEDIUM] CVE-2014-8127: tiff - LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bound... LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c i

CVE-2013-1960 [CRITICAL] CVE-2013-1960: tiff - Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in... Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file. Scope: local bookworm: resolved (fixed in 4.0.2-6+nmu1) bullseye: resolved (fixed in 4.0.2-6+nmu1) forky: resolved (fixed in 4.0.2-6+n

CVE-2013-1961 [CRITICAL] CVE-2013-1961: tiff - Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in li... Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file. Scope: local bookworm: resolved (fixed in 4.0.2-6+nmu1) bullseye: resolved (fixed in 4.0.2-6+nmu1) forky: resolved (fixed in 4.0.2-6+

CVE-2013-4244 [MEDIUM] CVE-2013-4244: tiff - The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows co... The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image. Scope: local bookworm: resolved (fixed in 4.0.3-3) bullseye: resolved (fixed in 4.0.3-3) forky: resolved (fixed in 4.0.3-3) sid: resolved (fixed

CVE-2013-4231 [MEDIUM] CVE-2013-4231: tiff - Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to caus... Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the

CVE-2013-4232 [MEDIUM] CVE-2013-4232: tiff - Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/ti... Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted TIFF image. Scope: local bookworm: resolved (fixed in 4.0.3-2) bullseye: resolved (fixed in 4.0.3-2) forky: resolved (fixed in 4.0.3-2) sid: resolved (fixe

CVE-2013-4243 [MEDIUM] CVE-2013-4243: tiff - Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in ... Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image. Scope: local bookworm: resolved (fixed in 4.0.3-9) bullseye: resolved (fixed in 4.0.3-9) forky: resolved (fixed in

CVE-2012-2088 [HIGH] CVE-2012-2088: tiff - Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in l... Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow. Sc

CVE-2012-4447 [MEDIUM] CVE-2012-4447: tiff - Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remo... Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format. Scope: local bookworm: resolved (fixed in 4.0.2-4) bullseye: resolved (fixed in 4.0.2-4) forky: resolved (fixed in 4.0.2-4) sid:

CVE-2012-2113 [MEDIUM] CVE-2012-2113: tiff - Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote atta... Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 4.0.2-1) bullseye: resolved (fixed in 4.0.2-1) forky: resolved (fixed in 4.0.2-1) sid: r