Debian Tiff vulnerabilities

CVE-2006-2656 [HIGH] CVE-2006-2656: tiff - Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlie... Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE. Scope: local bo

CVE-2005-1544 [HIGH] CVE-2005-1544: tiff - Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to e... Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag. Scope: local bookworm: resolved (fixed in 3.7.2-3) bullseye: resolved (fixed in 3.7.2-3) forky: resolved (fixed in 3.7.2-3) sid: resolved (fixed in 3.7.2-3) trixie: resolved (fixed in 3.7.2-3)

CVE-2005-2452 [MEDIUM] CVE-2005-2452: tiff - libtiff up to 3.7.0 allows remote attackers to cause a denial of service (applic... libtiff up to 3.7.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image header with a zero "YCbCr subsampling" value, which causes a divide-by-zero error in (1) tif_strip.c and (2) tif_tile.c, a different vulnerability than CVE-2004-0804. Scope: local bookworm: resolved (fixed in 3.7.0-1) bullseye: resolved (fixed in 3.7.0-1) forky

CVE-2004-1308 [CRITICAL] CVE-2004-1308: tiff - Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3... Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 3.6.1-4) bullseye: resolved (fixed in 3.6.1-4) for

CVE-2004-0803 [HIGH] CVE-2004-0803: tiff - Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3... Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files. Scope: local bookworm: resolved (fixed in 3.6.1-2) bullseye: resolved (fixed in 3.6.1-2) forky: resolved (fixed in 3.6.1-2) sid: resolved (fixed in 3.6.1-2) tr

CVE-2004-0886 [MEDIUM] CVE-2004-0886: tiff - Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers t... Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls. Scope: local bookworm: resolved (fixed in 3.6.1-2) bullseye: resolved (fixed in 3.6.1-2) forky: resolved (fixed in 3.6.1-2) sid: resolved (fixed in 3.6.1-2) trixie: resolved (fixed

CVE-2004-1183 [MEDIUM] CVE-2004-1183: tiff - Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier allows re... Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF file. Scope: local bookworm: resolved (fixed in 3.6.1-5) bullseye: resolved (fixed in 3.6.1-5) forky: resolved (fixed in 3.6.1-5) sid: resolved (fixed in 3.6.1-5) trixie: r

CVE-2004-0804 [MEDIUM] CVE-2004-0804: tiff - Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a de... Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a denial of service (application crash) via a TIFF image that causes a divide-by-zero error when the number of row bytes is zero, a different vulnerability than CVE-2005-2452. Scope: local bookworm: resolved (fixed in 3.6.1-2) bullseye: resolved (fixed in 3.6.1-2) forky: resolved (fixed in 3.6.

CVE-2004-1307 [HIGH] CVE-2004-1307: tiff - Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtif... Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 3.7.0) bullseye: resolved (fi