Debian Tiff vulnerabilities

CVE-2010-4665 [MEDIUM] CVE-2010-4665: tiff - Integer overflow in the ReadDirectory function in tiffdump.c in tiffdump in LibT... Integer overflow in the ReadDirectory function in tiffdump.c in tiffdump in LibTIFF before 3.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF file containing a directory data structure with many directory entries. Scope: local bookworm: resolved bullseye: resolved forky: resolved s

CVE-2010-2482 [MEDIUM] CVE-2010-2482: tiff - LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount ... LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443. Scope: local bookworm: resolved (fixed in 3.9.4-1) bullseye: resolved (fixed in 3.9.4-1) forky: resolved

CVE-2010-2596 [MEDIUM] CVE-2010-2596: tiff - The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2, as used ... The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2, as used in tiff2ps, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF image, related to "downsampled OJPEG input." Scope: local bookworm: resolved (fixed in 4.0.6-1) bullseye: resolved (fixed in 4.0.6-1) forky: resolved (fixed in 4.0.6-

CVE-2009-2347 [CRITICAL] CVE-2009-2347: tiff - Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8... Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr. Scope:

CVE-2009-5022 [MEDIUM] CVE-2009-5022: tiff - Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before... Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file. Scope: local bookworm: resolved (fixed in 3.9.5-1) bullseye: resolved (fixed in 3.9.5-1) forky: resolved (fixed in 3.9.5-1) sid: resolved (fixed in 3.9.5-1) trixie: resolved (fixed in 3.9.5-1)

CVE-2009-2285 [MEDIUM] CVE-2009-2285: tiff - Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context... Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327. Scope: local bookworm: resolved (fixed in 3.8.2-12) bullseye: resolved (fixed in 3.8.2-12) forky: resolved (fixed in 3.8.2-12) sid: resolved (fixed in 3.8.2-12)

CVE-2008-2327 [MEDIUM] CVE-2008-2327: tiff - Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZ... Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code. Scope: local bookworm: resolved (fixed in 3.8.2-11) bullseye: resolv

CVE-2006-3463 [HIGH] CVE-2006-3463: tiff - The EstimateStripByteCounts function in TIFF library (libtiff) before 3.8.2 uses... The EstimateStripByteCounts function in TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, which allows context-dependent attackers to cause a denial of service via a large td_nstrips value, which triggers an infinite loop. Scope: local bookworm: resolved (fixed in 3.8.2-6) bullseye: resolved (fixed in 3.8.2-6)

CVE-2006-3465 [HIGH] CVE-2006-3465: tiff - Unspecified vulnerability in the custom tag support for the TIFF library (libtif... Unspecified vulnerability in the custom tag support for the TIFF library (libtiff) before 3.8.2 allows remote attackers to cause a denial of service (instability or crash) and execute arbitrary code via unknown vectors. Scope: local bookworm: resolved (fixed in 3.8.2-6) bullseye: resolved (fixed in 3.8.2-6) forky: resolved (fixed in 3.8.2-6) sid: resolved (fixed in 3.8.2

CVE-2006-3464 [HIGH] CVE-2006-3464: tiff - TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to pass n... TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecified vectors involving "unchecked arithmetic operations". Scope: local bookworm: resolved (fixed in 3.8.2-6) bullseye: resolv

CVE-2006-3461 [HIGH] CVE-2006-3461: tiff - Heap-based buffer overflow in the PixarLog decoder in the TIFF library (libtiff)... Heap-based buffer overflow in the PixarLog decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors. Scope: local bookworm: resolved (fixed in 3.8.2-6) bullseye: resolved (fixed in 3.8.2-6) forky: resolved (fixed in 3.8.2-6) sid: resolved (fixed in 3.8.2-6) trixie: resolved (fixed in 3.8.2-6)

CVE-2006-3460 [HIGH] CVE-2006-3460: tiff - Heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) bef... Heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an encoded JPEG stream that is longer than the scan line size (TiffScanLineSize). Scope: local bookworm: resolved (fixed in 3.8.2-6) bullseye: resolved (fixed in 3.8.2-6) forky: r

CVE-2006-3459 [HIGH] CVE-2006-3459: tiff - Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2... Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c. Scope: local bookworm: resolved (fixed

CVE-2006-3462 [HIGH] CVE-2006-3462: tiff - Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library (libtiff)... Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors involving decoding large RLE images. Scope: local bookworm: resolved (fixed in 3.8.2-6) bullseye: resolved (fixed in 3.8.2-6) forky: resolved (fixed in 3.8.2-6) sid: resolved (fixed in 3.8.2-6)

CVE-2006-2024 [MEDIUM] CVE-2006-2024: tiff - Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attacke... Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cle

CVE-2006-2120 [LOW] CVE-2006-2120: tiff - The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause ... The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read. Scope: local bookworm: resolved (fixed in 3.8.1) bullseye: resolved (fixed in 3.8.1) forky: resolved (fixed in 3.8.1) sid: resolved (fixed in 3.8.

CVE-2006-2193 [HIGH] CVE-2006-2193: tiff - Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.... Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character is sign extended to an integer that produces more digits than expected i

CVE-2006-2026 [MEDIUM] CVE-2006-2026: tiff - Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-d... Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers errors related to "setfield/getfield methods in cleanup functions." Scope: local bookworm: resolved (fixed in 3.8.1) bullseye: resolved (fixed in 3.8.1) forky:

CVE-2006-2025 [MEDIUM] CVE-2006-2025: tiff - Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff befo... Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image. Scope: local bookworm: resolved (fixed in 3.8.1) bullseye: resolved (fixed in 3.8.1) forky: resolved (fixed in 3.8.1) sid: resolved (fixed in 3.8.1) trixie:

CVE-2006-0405 [MEDIUM] CVE-2006-0405: tiff - The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 allows remote ... The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a NULL pointer dereference, possibly due to changes in type declarations and/or the TIFFVSetField function. Scope: local bookworm: resolved (fixed in 3.8.0-2) bullseye: resolved (fixed in 3.8.0