Debian Tiff vulnerabilities
264 known vulnerabilities affecting debian/tiff.
Total CVEs
264
CISA KEV
0
Public exploits
16
Exploited in wild
0
Severity breakdown
CRITICAL16HIGH65MEDIUM128LOW55
Vulnerabilities
Page 12 of 14
CVE-2023-0803P4MEDIUMCVSS 6.8fixed in tiff 4.5.0-5 (bookworm)2023
CVE-2023-0803 [MEDIUM] CVE-2023-0803: tiff - LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, a...
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
Scope: local
bookworm: resolved (fixed in 4.5.0-5)
bullseye: resolved (fixed in 4.2.0-1+deb11u4)
forky: resolved (fixed in 4.5.0-5)
debian
CVE-2023-0802P4MEDIUMCVSS 6.8fixed in tiff 4.5.0-5 (bookworm)2023
CVE-2023-0802 [MEDIUM] CVE-2023-0802: tiff - LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, a...
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
Scope: local
bookworm: resolved (fixed in 4.5.0-5)
bullseye: resolved (fixed in 4.2.0-1+deb11u4)
forky: resolved (fixed in 4.5.0-5)
debian
CVE-2023-0804P4MEDIUMCVSS 6.8fixed in tiff 4.5.0-5 (bookworm)2023
CVE-2023-0804 [MEDIUM] CVE-2023-0804: tiff - LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, a...
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
Scope: local
bookworm: resolved (fixed in 4.5.0-5)
bullseye: resolved (fixed in 4.2.0-1+deb11u4)
forky: resolved (fixed in 4.5.0-5)
debian
CVE-2023-0800P4MEDIUMCVSS 6.8fixed in tiff 4.5.0-5 (bookworm)2023
CVE-2023-0800 [MEDIUM] CVE-2023-0800: tiff - LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, a...
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
Scope: local
bookworm: resolved (fixed in 4.5.0-5)
bullseye: resolved (fixed in 4.2.0-1+deb11u4)
forky: resolved (fixed in 4.5.0-5)
debian
CVE-2022-4645P4MEDIUMCVSS 6.8fixed in tiff 4.4.0-5 (bookworm)2022
CVE-2022-4645 [MEDIUM] CVE-2022-4645: tiff - LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowin...
LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.
Scope: local
bookworm: resolved (fixed in 4.4.0-5)
bullseye: resolved (fixed in 4.2.0-1+deb11u3)
forky: resolved (fixed in 4.4.0-5)
sid:
debian
CVE-2023-0797P4MEDIUMCVSS 6.8fixed in tiff 4.5.0-5 (bookworm)2023
CVE-2023-0797 [MEDIUM] CVE-2023-0797: tiff - LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, i...
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
Scope: local
bookworm: resolved (fixed in 4.5.0-5)
bullseye: resolved (
debian
CVE-2022-1623P4MEDIUMCVSS 5.5fixed in tiff 4.4.0~rc1-1 (bookworm)2022
CVE-2022-1623 [MEDIUM] CVE-2022-1623: tiff - LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw....
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.
Scope: local
bookworm: resolved (fixed in 4.4.0~rc1-1)
bullseye: resolved (fixed in 4.2.0-1+deb11u3)
forky: resolved (fixed
debian
CVE-2023-2908P4MEDIUMCVSS 5.5fixed in tiff 4.5.0-6+deb12u2 (bookworm)2023
CVE-2023-2908 [MEDIUM] CVE-2023-2908: tiff - A null pointer dereference issue was found in Libtiff's tif_dir.c file. This iss...
A null pointer dereference issue was found in Libtiff's tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial of service.
Scope: local
bookworm: resolved (fixed in 4.5.0-6+deb12u2)
bul
debian
CVE-2023-26965P4MEDIUMCVSS 5.5fixed in tiff 4.5.0-6+deb12u2 (bookworm)2023
CVE-2023-26965 [MEDIUM] CVE-2023-26965: tiff - loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use af...
loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.
Scope: local
bookworm: resolved (fixed in 4.5.0-6+deb12u2)
bullseye: resolved (fixed in 4.2.0-1+deb11u6)
forky: resolved (fixed in 4.5.1~rc3-1)
sid: resolved (fixed in 4.5.1~rc3-1)
trixie: resolved (fixed in 4.5.1~rc3-1)
debian
CVE-2023-3576P4MEDIUMCVSS 5.5fixed in tiff 4.5.0-6+deb12u1 (bookworm)2023
CVE-2023-3576 [MEDIUM] CVE-2023-3576: tiff - A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs wh...
A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.
Scope: local
bookworm: resolved (fixed in 4.5.0-6+deb12u1)
b
debian
CVE-2023-3164P4LOWCVSS 5.5fixed in tiff 4.7.0-1 (forky)2023
CVE-2023-3164 [MEDIUM] CVE-2023-3164: tiff - A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSectio...
A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 4.7.0-1)
sid: resolved (fixed in 4.7.0-1)
trixie: resolved (fixed in 4.7.0-1)
debian
CVE-2020-18768P4MEDIUMCVSS 5.5fixed in tiff 4.0.10+git190814-1 (bookworm)2020
CVE-2020-18768 [MEDIUM] CVE-2020-18768: tiff - There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4....
There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.0.10, which allows an attacker to cause a denial-of-service through a crafted tiff file.
Scope: local
bookworm: resolved (fixed in 4.0.10+git190814-1)
bullseye: resolved (fixed in 4.0.10+git190814-1)
forky: resolved (fixed in 4.0.10+git190814-1)
sid: resolved (fixed in 4.0.10+git190814-1)
debian
CVE-2025-61145P4LOWCVSS 5.0fixed in tiff 4.7.1-1 (forky)2025
CVE-2025-61145 [MEDIUM] CVE-2025-61145: tiff - libtiff up to v4.7.1 was discovered to contain a double free via the component t...
libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 4.7.1-1)
sid: resolved (fixed in 4.7.1-1)
trixie: open
debian
CVE-2016-10266P4MEDIUMCVSS 5.5fixed in tiff 4.0.7-2 (bookworm)2016
CVE-2016-10266 [MEDIUM] CVE-2016-10266: tiff - LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-ze...
LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22.
Scope: local
bookworm: resolved (fixed in 4.0.7-2)
bullseye: resolved (fixed in 4.0.7-2)
forky: resolved (fixed in 4.0.7-2)
sid: resolved (fixed in 4.0.7-2)
trixie: resolved (fixed in 4.0.7-2)
debian
CVE-2022-0924P4MEDIUMCVSS 5.5fixed in tiff 4.3.0-6 (bookworm)2022
CVE-2022-0924 [MEDIUM] CVE-2022-0924: tiff - Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a ...
Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.
Scope: local
bookworm: resolved (fixed in 4.3.0-6)
bullseye: resolved (fixed in 4.2.0-1+deb11u1)
forky: resolved (fixed in 4.3.0-6)
sid: resolved (fixed in 4.3.
debian
CVE-2022-0909P4MEDIUMCVSS 5.5fixed in tiff 4.3.0-6 (bookworm)2022
CVE-2022-0909 [MEDIUM] CVE-2022-0909: tiff - Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a de...
Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.
Scope: local
bookworm: resolved (fixed in 4.3.0-6)
bullseye: resolved (fixed in 4.2.0-1+deb11u1)
forky: resolved (fixed in 4.3.0-6)
sid: resolved (fixed in 4.3.0-
debian
CVE-2022-0907P4MEDIUMCVSS 5.5fixed in tiff 4.3.0-6 (bookworm)2022
CVE-2022-0907 [MEDIUM] CVE-2022-0907: tiff - Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 ...
Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.
Scope: local
bookworm: resolved (fixed in 4.3.0-6)
bullseye: resolved (fixed in 4.2.0-1+deb11u1)
forky: resolved (fixed in 4.3.0-6)
debian
CVE-2016-10371P4LOWCVSS 5.5fixed in tiff 4.0.7-7 (bookworm)2016
CVE-2016-10371 [MEDIUM] CVE-2016-10371: tiff - The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4...
The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file.
Scope: local
bookworm: resolved (fixed in 4.0.7-7)
bullseye: resolved (fixed in 4.0.7-7)
forky: resolved (fixed in 4.0.7-7)
sid: resolved (fixed in 4.0.7-7)
trixie:
debian
CVE-2023-6228P4LOWCVSS 3.3fixed in tiff 4.7.0-1 (forky)2023
CVE-2023-6228 [LOW] CVE-2023-6228: tiff - An issue was found in the tiffcp utility distributed by the libtiff package wher...
An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 4.7.0-1)
sid: resolved (fixed in 4.7.0-1)
trixie: resolved (fixed in 4.7.0-1)
debian
CVE-2022-2953P4LOWCVSS 5.5fixed in tiff 4.4.0-6 (bookworm)2022
CVE-2022-2953 [MEDIUM] CVE-2022-2953: tiff - LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop...
LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8.
Scope: local
bookworm: resolved (fixed in 4.4.0-6)
bullseye: resolved (fixed in 4.2.0-1+deb11u3)
forky: resolved (fixed i
debian