Debian Tiff vulnerabilities

CVE-2018-10963 [MEDIUM] CVE-2018-10963: tiff - The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 ... The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726. Scope: local bookworm: resolved (fixed in 4.0.9-6) bullseye: resolved (fixed in 4.0.9-6) forky: resolved (fixed in 4.0.9-6) sid

CVE-2018-17000 [MEDIUM] CVE-2018-17000: tiff - A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called fro... A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction) in LibTIFF 4.0.9 allows an attacker to cause a denial-of-service through a crafted tiff file. This vulnerability can be triggered by the executable tiffcp. Scope: local bookworm: resolved (fixed in 4.0.10-4) bullseye: resolved (fixed in 4.0.10-4) f

CVE-2018-5784 [MEDIUM] CVE-2018-5784: tiff - In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDi... In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries. Scope: local bookworm: resolve

CVE-2018-7456 [MEDIUM] CVE-2018-7456: tiff - A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_prin... A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-180

CVE-2018-19210 [MEDIUM] CVE-2018-19210: tiff - In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectoryS... In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset. Scope: local bookworm: resolved (fixed in 4.0.10-4) bullseye: resolved (fixed in 4.0.10-4) forky: resolved (fixed in 4.0.10-4) sid: resolved (fixed in 4.0.10-4) trixie: resolved (fixed

CVE-2018-10779 [MEDIUM] CVE-2018-10779: tiff - TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-r... TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff. Scope: local bookworm: resolved (fixed in 4.0.6-3) bullseye: resolved (fixed in 4.0.6-3) forky: resolved (fixed in 4.0.6-3) sid: resolved (fixed in 4.0.6-3) trixie: resolved (fixed in 4.0.6-3)

CVE-2018-10801 [MEDIUM] CVE-2018-10801: tiff - TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory leaks, as demonstrated ... TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory leaks, as demonstrated by bmp2tiff. Scope: local bookworm: resolved (fixed in 4.0.6-3) bullseye: resolved (fixed in 4.0.6-3) forky: resolved (fixed in 4.0.6-3) sid: resolved (fixed in 4.0.6-3) trixie: resolved (fixed in 4.0.6-3)

CVE-2018-10126 [MEDIUM] CVE-2018-10126: tiff - ijg-libjpeg before 9d, as used in tiff2pdf (from LibTIFF) and other products, do... ijg-libjpeg before 9d, as used in tiff2pdf (from LibTIFF) and other products, does not check for a NULL pointer at a certain place in jpeg_fdct_16x16 in jfdctint.c. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2018-17100 [HIGH] CVE-2018-17100: tiff - An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_... An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. Scope: local bookworm: resolved (fixed in 4.0.9+git181026-1) bullseye: resolved (fixed in 4.0.9+git181026-1) forky: resolved (fixed in 4.0.9+git181026-1) s

CVE-2018-18661 [MEDIUM] CVE-2018-18661: tiff - An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in... An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c. Scope: local bookworm: resolved (fixed in 4.0.10-1) bullseye: resolved (fixed in 4.0.10-1) forky: resolved (fixed in 4.0.10-1) sid: resolved (fixed in 4.0.10-1) trixie: resolved (fixed in 4.0.10-1)

CVE-2017-7599 [HIGH] CVE-2017-7599: tiff - LibTIFF 4.0.7 has an "outside the range of representable values of type short" u... LibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. Scope: local bookworm: resolved (fixed in 4.0.7-6) bullseye: resolved (fixed in 4.0.7-6) forky: resolved (fixed in 4.0.7-

CVE-2017-7592 [HIGH] CVE-2017-7592: tiff - The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift un... The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. Scope: local bookworm: resolved (fixed in 4.0.7-6) bullseye: resolved (fixed in 4.0.7-6) forky: resolved (fixed in 4.0.7-6

CVE-2017-12944 [HIGH] CVE-2017-12944: tiff - The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles mem... The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation. Scope: local bookworm: resolved (fixed in 4.0.8-6) bullseye: resolved (fix

CVE-2017-11335 [HIGH] CVE-2017-11335: tiff - There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a... There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack. Scope: local bookworm: resolved (fixed in 4.0.8-4

CVE-2017-7600 [HIGH] CVE-2017-7600: tiff - LibTIFF 4.0.7 has an "outside the range of representable values of type unsigned... LibTIFF 4.0.7 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. Scope: local bookworm: resolved (fixed in 4.0.7-6) bullseye: resolved (fixed in 4.0.7-6) forky: resolved (fixed i

CVE-2017-9935 [HIGH] CVE-2017-9935: tiff - In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf fun... In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given the

CVE-2017-7602 [HIGH] CVE-2017-7602: tiff - LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers ... LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. Scope: local bookworm: resolved (fixed in 4.0.7-6) bullseye: resolved (fixed in 4.0.7-6) forky: resolved (fixed in 4.0.7-6) sid: resolved (fixed in 4.0.7-6) trixie: resolved (fixed

CVE-2017-5225 [HIGH] CVE-2017-5225: tiff - LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffc... LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value. Scope: local bookworm: resolved (fixed in 4.0.7-5) bullseye: resolved (fixed in 4.0.7-5) forky: resolved (fixed in 4.0.7-5) sid: resolved (fixed in 4.0.7-5) trixie: resolved (fixed in 4.0.7-5)

CVE-2017-7601 [HIGH] CVE-2017-7601: tiff - LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined be... LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. Scope: local bookworm: resolved (fixed in 4.0.7-6) bullseye: resolved (fixed in 4.0.7-6) forky: resolved (fixed in 4.0.7-6) sid: res

CVE-2017-10688 [HIGH] CVE-2017-10688: tiff - In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagChecked... In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A crafted input will lead to a remote denial of service attack. Scope: local bookworm: resolved (fixed in 4.0.8-3) bullseye: resolved (fixed in 4.0.8-3) forky: resolved (fixed in 4.0.8-3) sid: resolved (fixed in 4.0.8-3) trixie: resolved (fixed in 4.0.