Debian Tiff vulnerabilities

CVE-2012-5581 [MEDIUM] CVE-2012-5581: tiff - Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote a... Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image. Scope: local bookworm: resolved (fixed in 4.0.2-1) bullseye: resolved (fixed in 4.0.2-1) forky: resolved (fixed in 4.0.2-1) sid: resolved (fixed in 4.0.2-1) trixie:

CVE-2012-1173 [MEDIUM] CVE-2012-1173: tiff - Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote atta... Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 4.0.1-2) bullseye: resolved (fixed in 4.0.1-2)

CVE-2012-3401 [MEDIUM] CVE-2012-3401: tiff - The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 ... The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow. Scope:

CVE-2012-4564 [MEDIUM] CVE-2012-4564: tiff - ppm2tiff does not check the return value of the TIFFScanlineSize function, which... ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 4.0.2-5) bullseye: resolved (fix

CVE-2011-0192 [CRITICAL] CVE-2011-0192: tiff - Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as u... Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXP

CVE-2011-0191 [CRITICAL] CVE-2011-0191: tiff - Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO... Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding. Scope: local bookworm: resolved (fixed in 3.9.4-1) bullseye: resolved (fixed in 3.9.4

CVE-2011-1167 [MEDIUM] CVE-2011-1167: tiff - Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thund... Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value. Scope: local bookworm: resolved (fixed in 3.9.4-9) bullseye: resolved (fixed in 3.9.4-9) forky: resolved (fixed

CVE-2010-2233 [HIGH] CVE-2010-2233: tiff - tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageM... tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to "downsampled OJPEG input." Scope: local bookworm: resolved (fixed in 3.9.4-2) bullseye: resol

CVE-2010-2597 [MEDIUM] CVE-2010-2597: tiff - The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes inco... The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image, related to "downsampled OJPEG input" and possibly related to a compiler optimization that triggers a divide-by-zero error. Scope: local bookworm

CVE-2010-2065 [MEDIUM] CVE-2010-2065: tiff - Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 allows remote ... Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF file that triggers a buffer overflow. Scope: local bookworm: resolved (fixed in 3.9.4-1) bullseye: resolved (fixed in 3.9.4-1) forky: resolved (fixed in 3.9.4-1) sid: resolved (f

CVE-2010-2630 [MEDIUM] CVE-2010-2630: tiff - The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the d... The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481. Scope: local bookworm: resolved (fixed in 3.9.6-1) bullseye: r

CVE-2010-1411 [MEDIUM] CVE-2010-1411: tiff - Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the F... Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file that triggers a heap-based buffer overflow. Scope: loca

CVE-2010-2595 [MEDIUM] CVE-2010-2595: tiff - The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, ... The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to "downsampled OJPEG input." Scope: local bookworm: resolved (fixed in 3.9.6-1) b

CVE-2010-2631 [MEDIUM] CVE-2010-2631: tiff - LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF ... LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during the second stage, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481. Scope: local bookworm: resolved (fixed in 3.9.4-1) bullseye: resolved (

CVE-2010-2067 [MEDIUM] CVE-2010-2067: tiff - Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirr... Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file. Scope: local bookworm: resolved (fixed in 3.9.4-1) bullseye: resolved (fixed in 3.9.4-1) forky: res

CVE-2010-3087 [MEDIUM] CVE-2010-3087: tiff - LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to caus... LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF image. Scope: local bookworm: resolved (fixed in 3.9.4-5) bullseye: resolved (fixed in 3.9.4-5) forky: resolved (fixed in 3.9.4-5) sid: resolved (fixed in 3.9.4-5) trixie: resolved (fixed in 3.9.

CVE-2010-2598 [MEDIUM] CVE-2010-2598: tiff - LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tif... LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPEG input." Scope: local bookworm: resolved (fixed in 3.9.4-1) bullseye:

CVE-2010-2481 [MEDIUM] CVE-2010-2481: tiff - The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unkno... The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file. Scope: local bookworm: resolved (fixed in 3.9.4-1) bullseye: resolved (fixed in 3.9.4-1) forky: resolved (fixed in 3.9.4-1)

CVE-2010-2443 [MEDIUM] CVE-2010-2443: tiff - The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9.3 allows r... The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an OJPEG image with undefined strip offsets, related to the TIFFVGetField function. Scope: local bookworm: resolved (fixed in 3.9.4-1) bullseye: resolved (fixed in 3.9.4-1) forky: resolved (fix

CVE-2010-2483 [MEDIUM] CVE-2010-2483: tiff - The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause ... The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values. Scope: local bookworm: resolved (fixed in 3.9.4-4) bullseye: resolved (fixed in 3.9.4-4) forky: resolved (fixed in 3.9.4-4) sid: resolved (fi