cbcvebase.

Debian Tiff vulnerabilities

264 known vulnerabilities affecting debian/tiff.

Total CVEs
264
CISA KEV
0
Public exploits
16
Exploited in wild
0
Severity breakdown
CRITICAL16HIGH65MEDIUM128LOW55

Vulnerabilities

Page 2 of 14
CVE-2019-17546P3LOWCVSS 8.8fixed in gdal 3.1.0+dfsg-1 (bookworm)2019
CVE-2019-17546 [HIGH] CVE-2019-17546: gdal - tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and othe... tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition. Scope: local bookworm: resolved (fixed in 3.1.0+dfsg-1) bullseye: resolved (fixed in 3.1.0+dfsg-1) forky: resolved (fixed in 3.1.0
debian
CVE-2016-9535P3CRITICALCVSS 9.8fixed in tiff 4.0.7-1 (bookworm)2016
CVE-2016-9535 [CRITICAL] CVE-2016-9535: tiff - tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead t... tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow." Scope: local bookworm: resolved (fixed in 4.0.7-1) bullseye: resolved (fixed in 4.0.7-1)
debian
CVE-2017-9935P3HIGHCVSS 8.8fixed in tiff 4.0.9-2 (bookworm)2017
CVE-2017-9935 [HIGH] CVE-2017-9935: tiff - In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf fun... In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given the
debian
CVE-2009-2285P4LOWCVSS 6.8PoCfixed in tiff 3.8.2-12 (bookworm)2009
CVE-2009-2285 [MEDIUM] CVE-2009-2285: tiff - Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context... Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327. Scope: local bookworm: resolved (fixed in 3.8.2-12) bullseye: resolved (fixed in 3.8.2-12) forky: resolved (fixed in 3.8.2-12) sid: resolved (fixed in 3.8.2-12)
debian
CVE-2016-9534P3CRITICALCVSS 9.8fixed in tiff 4.0.7-1 (bookworm)2016
CVE-2016-9534 [CRITICAL] CVE-2016-9534: tiff - tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushDat... tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow." Scope: local bookworm: resolved (fixed in 4.0.7-1) bullseye: resolved (fixed in 4.0.7-1) forky: resolved (fixed in 4.0.7-1) sid: resolved (fixed in 4.0.7-1) trixi
debian
CVE-2004-1308P3CRITICALCVSS 10.0fixed in tiff 3.6.1-4 (bookworm)2004
CVE-2004-1308 [CRITICAL] CVE-2004-1308: tiff - Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3... Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 3.6.1-4) bullseye: resolved (fixed in 3.6.1-4) for
debian
CVE-2010-2482P4LOWCVSS 5.0PoCfixed in tiff 3.9.4-1 (bookworm)2010
CVE-2010-2482 [MEDIUM] CVE-2010-2482: tiff - LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount ... LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443. Scope: local bookworm: resolved (fixed in 3.9.4-1) bullseye: resolved (fixed in 3.9.4-1) forky: resolved
debian
CVE-2011-0192P3CRITICALCVSS 9.3fixed in tiff 3.9.4-7 (bookworm)2011
CVE-2011-0192 [CRITICAL] CVE-2011-0192: tiff - Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as u... Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXP
debian
CVE-2016-9538P3CRITICALCVSS 9.8fixed in tiff 4.0.7-1 (bookworm)2016
CVE-2016-9538 [CRITICAL] CVE-2016-9538: tiff - tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsI... tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100. Scope: local bookworm: resolved (fixed in 4.0.7-1) bullseye: resolved (fixed in 4.0.7-1) forky: resolved (fixed in 4.0.7-1) sid: resolved (fixed in 4.0.7-1) trixie: resolved (fixed in 4.0.7-1)
debian
CVE-2016-9537P3CRITICALCVSS 9.8fixed in tiff 4.0.7-1 (bookworm)2016
CVE-2016-9537 [CRITICAL] CVE-2016-9537: tiff - tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buf... tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096, and MSVR 35097. Scope: local bookworm: resolved (fixed in 4.0.7-1) bullseye: resolved (fixed in 4.0.7-1) forky: resolved (fixed in 4.0.7-1) sid: resolved (fixed in 4.0.7-1) trixie: resolved (fixed in 4.0.7-1)
debian
CVE-2017-5225P3HIGHCVSS 8.8fixed in tiff 4.0.7-5 (bookworm)2017
CVE-2017-5225 [HIGH] CVE-2017-5225: tiff - LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffc... LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value. Scope: local bookworm: resolved (fixed in 4.0.7-5) bullseye: resolved (fixed in 4.0.7-5) forky: resolved (fixed in 4.0.7-5) sid: resolved (fixed in 4.0.7-5) trixie: resolved (fixed in 4.0.7-5)
debian
CVE-2017-11335P3HIGHCVSS 8.8fixed in tiff 4.0.8-4 (bookworm)2017
CVE-2017-11335 [HIGH] CVE-2017-11335: tiff - There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a... There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack. Scope: local bookworm: resolved (fixed in 4.0.8-4
debian
CVE-2018-8905P3HIGHCVSS 8.8fixed in tiff 4.0.9-6 (bookworm)2018
CVE-2018-8905 [HIGH] CVE-2018-8905: tiff - In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeC... In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps. Scope: local bookworm: resolved (fixed in 4.0.9-6) bullseye: resolved (fixed in 4.0.9-6) forky: resolved (fixed in 4.0.9-6) sid: resolved (fixed in 4.0.9-6) trixie: resolved (fixed in 4.0.9-6)
debian
CVE-2009-2347P3CRITICALCVSS 9.3fixed in tiff 3.8.2-13 (bookworm)2009
CVE-2009-2347 [CRITICAL] CVE-2009-2347: tiff - Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8... Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr. Scope:
debian
CVE-2016-5314P3HIGHCVSS 8.8fixed in tiff 4.0.6-2 (bookworm)2016
CVE-2016-5314 [HIGH] CVE-2016-5314: tiff - Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.... Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr. Scope: local bookworm: resolved (fixed in 4.0.6-2) bullseye
debian
CVE-2026-4775P3HIGHCVSS 7.8fixed in tiff 4.5.0-6+deb12u4 (bookworm)2026
CVE-2026-4775 [HIGH] CVE-2026-4775: tiff - A flaw was found in the libtiff library. A remote attacker could exploit a signe... A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code e
debian
CVE-2012-4564P3MEDIUMCVSS 6.8fixed in tiff 4.0.2-5 (bookworm)2012
CVE-2012-4564 [MEDIUM] CVE-2012-4564: tiff - ppm2tiff does not check the return value of the TIFFScanlineSize function, which... ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 4.0.2-5) bullseye: resolved (fix
debian
CVE-2025-8177P3LOWCVSS 4.8fixed in tiff 4.7.1-1 (forky)2025
CVE-2025-8177 [MEDIUM] CVE-2025-8177: tiff - A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical.... A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to apply a patch to fix this issue. This vulnerability onl
debian
CVE-2011-0191P3CRITICALCVSS 9.3fixed in tiff 3.9.4-1 (bookworm)2011
CVE-2011-0191 [CRITICAL] CVE-2011-0191: tiff - Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO... Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding. Scope: local bookworm: resolved (fixed in 3.9.4-1) bullseye: resolved (fixed in 3.9.4
debian
CVE-2023-52356P3HIGHCVSS 7.5fixed in tiff 4.5.0-6+deb12u2 (bookworm)2023
CVE-2023-52356 [HIGH] CVE-2023-52356: tiff - A segment fault (SEGV) flaw was found in libtiff that could be triggered by pass... A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. Scope: local bookworm: resolved (fixed in 4.5.0-6+deb12u2) bullseye: resolved (fixed in 4.2.0-1+deb11u6) forky: resolved (fixed in 4.
debian
Debian Tiff vulnerabilities | cvebase