cbcvebase.

Debian Tiff vulnerabilities

264 known vulnerabilities affecting debian/tiff.

Total CVEs
264
CISA KEV
0
Public exploits
16
Exploited in wild
0
Severity breakdown
CRITICAL16HIGH65MEDIUM128LOW55

Vulnerabilities

Page 12 of 14
CVE-2023-0803P4MEDIUMCVSS 6.8fixed in tiff 4.5.0-5 (bookworm)2023
CVE-2023-0803 [MEDIUM] CVE-2023-0803: tiff - LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, a... LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Scope: local bookworm: resolved (fixed in 4.5.0-5) bullseye: resolved (fixed in 4.2.0-1+deb11u4) forky: resolved (fixed in 4.5.0-5)
debian
CVE-2023-0802P4MEDIUMCVSS 6.8fixed in tiff 4.5.0-5 (bookworm)2023
CVE-2023-0802 [MEDIUM] CVE-2023-0802: tiff - LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, a... LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Scope: local bookworm: resolved (fixed in 4.5.0-5) bullseye: resolved (fixed in 4.2.0-1+deb11u4) forky: resolved (fixed in 4.5.0-5)
debian
CVE-2023-0804P4MEDIUMCVSS 6.8fixed in tiff 4.5.0-5 (bookworm)2023
CVE-2023-0804 [MEDIUM] CVE-2023-0804: tiff - LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, a... LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Scope: local bookworm: resolved (fixed in 4.5.0-5) bullseye: resolved (fixed in 4.2.0-1+deb11u4) forky: resolved (fixed in 4.5.0-5)
debian
CVE-2023-0800P4MEDIUMCVSS 6.8fixed in tiff 4.5.0-5 (bookworm)2023
CVE-2023-0800 [MEDIUM] CVE-2023-0800: tiff - LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, a... LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Scope: local bookworm: resolved (fixed in 4.5.0-5) bullseye: resolved (fixed in 4.2.0-1+deb11u4) forky: resolved (fixed in 4.5.0-5)
debian
CVE-2022-4645P4MEDIUMCVSS 6.8fixed in tiff 4.4.0-5 (bookworm)2022
CVE-2022-4645 [MEDIUM] CVE-2022-4645: tiff - LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowin... LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125. Scope: local bookworm: resolved (fixed in 4.4.0-5) bullseye: resolved (fixed in 4.2.0-1+deb11u3) forky: resolved (fixed in 4.4.0-5) sid:
debian
CVE-2023-0797P4MEDIUMCVSS 6.8fixed in tiff 4.5.0-5 (bookworm)2023
CVE-2023-0797 [MEDIUM] CVE-2023-0797: tiff - LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, i... LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Scope: local bookworm: resolved (fixed in 4.5.0-5) bullseye: resolved (
debian
CVE-2022-1623P4MEDIUMCVSS 5.5fixed in tiff 4.4.0~rc1-1 (bookworm)2022
CVE-2022-1623 [MEDIUM] CVE-2022-1623: tiff - LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.... LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa. Scope: local bookworm: resolved (fixed in 4.4.0~rc1-1) bullseye: resolved (fixed in 4.2.0-1+deb11u3) forky: resolved (fixed
debian
CVE-2023-2908P4MEDIUMCVSS 5.5fixed in tiff 4.5.0-6+deb12u2 (bookworm)2023
CVE-2023-2908 [MEDIUM] CVE-2023-2908: tiff - A null pointer dereference issue was found in Libtiff's tif_dir.c file. This iss... A null pointer dereference issue was found in Libtiff's tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial of service. Scope: local bookworm: resolved (fixed in 4.5.0-6+deb12u2) bul
debian
CVE-2023-26965P4MEDIUMCVSS 5.5fixed in tiff 4.5.0-6+deb12u2 (bookworm)2023
CVE-2023-26965 [MEDIUM] CVE-2023-26965: tiff - loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use af... loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image. Scope: local bookworm: resolved (fixed in 4.5.0-6+deb12u2) bullseye: resolved (fixed in 4.2.0-1+deb11u6) forky: resolved (fixed in 4.5.1~rc3-1) sid: resolved (fixed in 4.5.1~rc3-1) trixie: resolved (fixed in 4.5.1~rc3-1)
debian
CVE-2023-3576P4MEDIUMCVSS 5.5fixed in tiff 4.5.0-6+deb12u1 (bookworm)2023
CVE-2023-3576 [MEDIUM] CVE-2023-3576: tiff - A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs wh... A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service. Scope: local bookworm: resolved (fixed in 4.5.0-6+deb12u1) b
debian
CVE-2023-3164P4LOWCVSS 5.5fixed in tiff 4.7.0-1 (forky)2023
CVE-2023-3164 [MEDIUM] CVE-2023-3164: tiff - A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSectio... A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 4.7.0-1) sid: resolved (fixed in 4.7.0-1) trixie: resolved (fixed in 4.7.0-1)
debian
CVE-2020-18768P4MEDIUMCVSS 5.5fixed in tiff 4.0.10+git190814-1 (bookworm)2020
CVE-2020-18768 [MEDIUM] CVE-2020-18768: tiff - There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.... There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.0.10, which allows an attacker to cause a denial-of-service through a crafted tiff file. Scope: local bookworm: resolved (fixed in 4.0.10+git190814-1) bullseye: resolved (fixed in 4.0.10+git190814-1) forky: resolved (fixed in 4.0.10+git190814-1) sid: resolved (fixed in 4.0.10+git190814-1)
debian
CVE-2025-61145P4LOWCVSS 5.0fixed in tiff 4.7.1-1 (forky)2025
CVE-2025-61145 [MEDIUM] CVE-2025-61145: tiff - libtiff up to v4.7.1 was discovered to contain a double free via the component t... libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 4.7.1-1) sid: resolved (fixed in 4.7.1-1) trixie: open
debian
CVE-2016-10266P4MEDIUMCVSS 5.5fixed in tiff 4.0.7-2 (bookworm)2016
CVE-2016-10266 [MEDIUM] CVE-2016-10266: tiff - LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-ze... LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22. Scope: local bookworm: resolved (fixed in 4.0.7-2) bullseye: resolved (fixed in 4.0.7-2) forky: resolved (fixed in 4.0.7-2) sid: resolved (fixed in 4.0.7-2) trixie: resolved (fixed in 4.0.7-2)
debian
CVE-2022-0924P4MEDIUMCVSS 5.5fixed in tiff 4.3.0-6 (bookworm)2022
CVE-2022-0924 [MEDIUM] CVE-2022-0924: tiff - Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a ... Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4. Scope: local bookworm: resolved (fixed in 4.3.0-6) bullseye: resolved (fixed in 4.2.0-1+deb11u1) forky: resolved (fixed in 4.3.0-6) sid: resolved (fixed in 4.3.
debian
CVE-2022-0909P4MEDIUMCVSS 5.5fixed in tiff 4.3.0-6 (bookworm)2022
CVE-2022-0909 [MEDIUM] CVE-2022-0909: tiff - Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a de... Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa. Scope: local bookworm: resolved (fixed in 4.3.0-6) bullseye: resolved (fixed in 4.2.0-1+deb11u1) forky: resolved (fixed in 4.3.0-6) sid: resolved (fixed in 4.3.0-
debian
CVE-2022-0907P4MEDIUMCVSS 5.5fixed in tiff 4.3.0-6 (bookworm)2022
CVE-2022-0907 [MEDIUM] CVE-2022-0907: tiff - Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 ... Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2. Scope: local bookworm: resolved (fixed in 4.3.0-6) bullseye: resolved (fixed in 4.2.0-1+deb11u1) forky: resolved (fixed in 4.3.0-6)
debian
CVE-2016-10371P4LOWCVSS 5.5fixed in tiff 4.0.7-7 (bookworm)2016
CVE-2016-10371 [MEDIUM] CVE-2016-10371: tiff - The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4... The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file. Scope: local bookworm: resolved (fixed in 4.0.7-7) bullseye: resolved (fixed in 4.0.7-7) forky: resolved (fixed in 4.0.7-7) sid: resolved (fixed in 4.0.7-7) trixie:
debian
CVE-2023-6228P4LOWCVSS 3.3fixed in tiff 4.7.0-1 (forky)2023
CVE-2023-6228 [LOW] CVE-2023-6228: tiff - An issue was found in the tiffcp utility distributed by the libtiff package wher... An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 4.7.0-1) sid: resolved (fixed in 4.7.0-1) trixie: resolved (fixed in 4.7.0-1)
debian
CVE-2022-2953P4LOWCVSS 5.5fixed in tiff 4.4.0-6 (bookworm)2022
CVE-2022-2953 [MEDIUM] CVE-2022-2953: tiff - LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop... LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8. Scope: local bookworm: resolved (fixed in 4.4.0-6) bullseye: resolved (fixed in 4.2.0-1+deb11u3) forky: resolved (fixed i
debian
Debian Tiff vulnerabilities | cvebase