Debian Tiff vulnerabilities

CVE-2020-35523 [HIGH] CVE-2020-35523: tiff - An integer overflow flaw was found in libtiff that exists in the tif_getimage.c ... An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Scope: local bookworm: resolved (fixed in 4.1.0+git201212-1) bullseye:

CVE-2020-35524 [HIGH] CVE-2020-35524: tiff - A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF i... A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Scope: local bookworm: resolved (fixed in 4.1.0+git201212-1) bullseye: resolved

CVE-2020-19131 [HIGH] CVE-2020-19131: tiff - Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service... Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop". Scope: local bookworm: resolved (fixed in 4.0.10+git190814-1) bullseye: resolved (fixed in 4.0.10+git190814-1) forky: resolved (fixed in 4.0.10+git190814-1) sid: resolved (fixed in 4.0.10+git190814-1) trixie: resolved (fixed in

CVE-2020-19143 [MEDIUM] CVE-2020-19143: tiff - Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service... Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "TIFFVGetField" funtion in the component 'libtiff/tif_dir.c'. Scope: local bookworm: resolved (fixed in 4.1.0+git201212-1) bullseye: resolved (fixed in 4.1.0+git201212-1) forky: resolved (fixed in 4.1.0+git201212-1) sid: resolved (fixed in 4.1.0+git201212-1) trixie: resolved (fix

CVE-2020-19144 [MEDIUM] CVE-2020-19144: tiff - Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service... Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'in _TIFFmemcpy' funtion in the component 'tif_unix.c'. Scope: local bookworm: resolved (fixed in 4.0.10+git190814-1) bullseye: resolved (fixed in 4.0.10+git190814-1) forky: resolved (fixed in 4.0.10+git190814-1) sid: resolved (fixed in 4.0.10+git190814-1) trixie: resolved (fixed

CVE-2020-18768 [MEDIUM] CVE-2020-18768: tiff - There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.... There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.0.10, which allows an attacker to cause a denial-of-service through a crafted tiff file. Scope: local bookworm: resolved (fixed in 4.0.10+git190814-1) bullseye: resolved (fixed in 4.0.10+git190814-1) forky: resolved (fixed in 4.0.10+git190814-1) sid: resolved (fixed in 4.0.10+git190814-1)

CVE-2020-35522 [MEDIUM] CVE-2020-35522: tiff - In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF d... In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack. Scope: local bookworm: resolved (fixed in 4.1.0+git201212-1) bullseye: resolved (fixed in 4.1.0+git201212-1) forky: resolved (fixed in 4.1.0+git201212-1) sid: resolved (fixed in 4.1.0+git201212-1) trixie: resolv

CVE-2020-35521 [MEDIUM] CVE-2020-35521: tiff - A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a... A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service. Scope: local bookworm: resolved (fixed in 4.1.0+git201212-1) bullseye: resolved (fixed in 4.1.0+git201212-1) forky: resolved (fixed in 4.1.0+git201212-1) sid: resolved (fixed in 4.1.0+git201212-1) trixie: resolved (f

CVE-2019-7663 [HIGH] CVE-2019-7663: tiff - An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfu... An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900. Scope: local bookworm: resolved (fix

CVE-2019-17546 [HIGH] CVE-2019-17546: gdal - tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and othe... tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition. Scope: local bookworm: resolved (fixed in 3.1.0+dfsg-1) bullseye: resolved (fixed in 3.1.0+dfsg-1) forky: resolved (fixed in 3.1.0

CVE-2019-14973 [MEDIUM] CVE-2019-14973: tiff - _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mi... _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash. Scope: local bookworm: resolved (fixed in 4.0.10+git190814-1) bullseye: resolved (fixed in 4.0.10+git190814-1) forky

CVE-2019-6128 [HIGH] CVE-2019-6128: tiff - The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as de... The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb. Scope: local bookworm: resolved (fixed in 4.0.10-4) bullseye: resolved (fixed in 4.0.10-4) forky: resolved (fixed in 4.0.10-4) sid: resolved (fixed in 4.0.10-4) trixie: resolved (fixed in 4.0.10-4)

CVE-2018-12900 [HIGH] CVE-2018-12900: tiff - Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c ... Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a cr

CVE-2018-18557 [HIGH] CVE-2018-18557: tiff - LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6... LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write. Scope: local bookworm: resolved (fixed in

CVE-2018-8905 [HIGH] CVE-2018-8905: tiff - In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeC... In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps. Scope: local bookworm: resolved (fixed in 4.0.9-6) bullseye: resolved (fixed in 4.0.9-6) forky: resolved (fixed in 4.0.9-6) sid: resolved (fixed in 4.0.9-6) trixie: resolved (fixed in 4.0.9-6)

CVE-2018-15209 [HIGH] CVE-2018-15209: tiff - ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote at... ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. Scope: local bookworm: resolved (fixed in 4.0.9-5) bullseye: resolved (fixed in 4.0.9-5) forky: resolved (f

CVE-2018-16335 [HIGH] CVE-2018-16335: tiff - newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF... newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209. Scope: local bookworm: resolv

CVE-2018-17101 [HIGH] CVE-2018-17101: tiff - An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in ... An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. Scope: local bookworm: resolved (fixed in 4.0.9+git181026-1) bullseye: resolved (fixed in 4.0.9+git181026-1) forky: reso

CVE-2018-17795 [HIGH] CVE-2018-17795: tiff - The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows rem... The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935. Scope: local bookworm: resolved (fixed in 4.0.9-2) bullseye: resolved (fixed in 4.0.9-2) forky:

CVE-2018-5360 [HIGH] CVE-2018-5360: tiff - LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a ... LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27. Scope: local bookworm: resolved (fixed in 4.0.6-3) bullseye: resolved (fixed in 4.0.6-3) forky: resolved (fixed in 4.0.6-3) sid: resolved (fixed in 4.0.6-3) trixie: resolved (fixed in 4.0.6-3)