Debian Tiff vulnerabilities

CVE-2016-10271 [HIGH] CVE-2016-10271: tiff - tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of s... tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 1" and libtiff/tif_fax3.c:413:13. Scope: local bookworm: resolved (fixed in 4.0.7-2) bullseye: resolved (fixed in 4.0.7-2) forky: resolved (f

CVE-2016-10094 [HIGH] CVE-2016-10094: tiff - Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.... Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image. Scope: local bookworm: resolved (fixed in 4.0.7-4) bullseye: resolved (fixed in 4.0.7-4) forky: resolved (fixed in 4.0.7-4) sid: resolved (fixed in 4.0.7-4) trixie: resolved (fixed in 4.0.7-4)

CVE-2016-3632 [HIGH] CVE-2016-3632: tiff - The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows... The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image. Scope: local bookworm: resolved (fixed in 4.0.6-3) bullseye: resolved (fixed in 4.0.6-3) forky: resolved (fixed in 4.0.6-3) sid: resolved (fixed in 4.0.6-3) trixie: resolve

CVE-2016-5314 [HIGH] CVE-2016-5314: tiff - Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.... Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr. Scope: local bookworm: resolved (fixed in 4.0.6-2) bullseye

CVE-2016-9297 [HIGH] CVE-2016-9297: tiff - The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to caus... The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values. Scope: local bookworm: resolved (fixed in 4.0.7-1) bullseye: resolved (fixed in 4.0.7-1) forky: resolved (fixed in 4.0.7-1) sid: resolved (fixed in 4.0.7-1) trixie: resolved (fixed

CVE-2016-10270 [HIGH] CVE-2016-10270: tiff - LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based b... LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 8" and libtiff/tif_read.c:523:22. Scope: local bookworm: resolved (fixed in 4.0.7-2) bullseye: resolved (fixed in 4.0.7-2) forky: resolved (fixed in 4.0.7-2) sid: resolved (fixed in

CVE-2016-3633 [HIGH] CVE-2016-3633: tiff - The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier allows re... The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the src variable. Scope: local bookworm: resolved (fixed in 4.0.6-3) bullseye: resolved (fixed in 4.0.6-3) forky: resolved (fixed in 4.0.6-3) sid: resolved (fixed in 4.0.6-3) trixie: resolved (fixed in 4.0

CVE-2016-10092 [HIGH] CVE-2016-10092: tiff - Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_uni... Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image. Scope: local bookworm: resolved (fixed in 4.0.7-2

CVE-2016-3186 [MEDIUM] CVE-2016-3186: tiff - Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 all... Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file. Scope: local bookworm: resolved (fixed in 4.0.6-3) bullseye: resolved (fixed in 4.0.6-3) forky: resolved (fixed in 4.0.6-3) sid: resolved (fixed in 4.0.6-3) trixie: resolved (fixed in 4.0.6-3)

CVE-2016-5317 [MEDIUM] CVE-2016-5317: tiff - Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDeco... Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file. Scope: local bookworm: resolved (fixed in 4.0.6-2) bullseye: resolved (fixed in 4.0.6-2) forky: resolved (fixed in 4.0.6-2) sid: resolve

CVE-2016-10095 [MEDIUM] CVE-2016-10095: tiff - Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTI... Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7 and 4.0.8 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file. Scope: local bookworm: resolved (fixed in 4.0.8-2) bullseye: resolved (fi

CVE-2016-5315 [MEDIUM] CVE-2016-5315: tiff - The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remot... The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. Scope: local bookworm: resolved (fixed in 4.0.6-2) bullseye: resolved (fixed in 4.0.6-2) forky: resolved (fixed in 4.0.6-2) sid: resolved (fixed in 4.0.6-2) trixie: resolved (fixed in 4.0.6-2)

CVE-2016-5316 [MEDIUM] CVE-2016-5316: tiff - Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff ... Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool. Scope: local bookworm: resolved (fixed in 4.0.6-2) bullseye: resolved (fixed in 4.0.6-2) forky: resolved (fixed in 4.0.6-2) sid: resolved (fixed in 4.0.6-2) trixie: reso

CVE-2016-5322 [MEDIUM] CVE-2016-5322: tiff - The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remot... The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. Scope: local bookworm: resolved (fixed in 4.0.7-1) bullseye: resolved (fixed in 4.0.7-1) forky: resolved (fixed in 4.0.7-1) sid: resolved (fixed in 4.0.7-1) trixie: resolved (fixed in 4.0.7-1)

CVE-2016-5319 [MEDIUM] CVE-2016-5319: tiff - Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows... Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file. Scope: local bookworm: resolved (fixed in 4.0.6-3) bullseye: resolved (fixed in 4.0.6-3) forky: resolved (fixed in 4.0.6-3) sid: resolved (fixed in 4.0.6-3) trixie: resolved (fixed in 4.0.6-3)

CVE-2016-9532 [MEDIUM] CVE-2016-9532: tiff - Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in Li... Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file. Scope: local bookworm: resolved (fixed in 4.0.7-1) bullseye: resolved (fixed in 4.0.7-1) forky: resolved (fixed in 4.0.7-1) sid: resolved (fixed in 4.0.7-1) trixie: resolved

CVE-2016-10267 [MEDIUM] CVE-2016-10267: tiff - LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-ze... LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8. Scope: local bookworm: resolved (fixed in 4.0.7-2) bullseye: resolved (fixed in 4.0.7-2) forky: resolved (fixed in 4.0.7-2) sid: resolved (fixed in 4.0.7-2) trixie: resolved (fixed in 4.0.7-2)

CVE-2016-5102 [MEDIUM] CVE-2016-5102: tiff - Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool ... Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file. Scope: local bookworm: resolved (fixed in 4.0.6-3) bullseye: resolved (fixed in 4.0.6-3) forky: resolved (fixed in 4.0.6-3) sid: resolved (fixed in 4.0.6-3) trixie: resolved (f

CVE-2016-9273 [MEDIUM] CVE-2016-9273: tiff - tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service ... tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode. Scope: local bookworm: resolved (fixed in 4.0.7-1) bullseye: resolved (fixed in 4.0.7-1) forky: resolved (fixed in 4.0.7-1) sid: resolved (fixed in 4.0.7-1) trixie: resolved (fixed in 4.0.7-1)

CVE-2016-5321 [MEDIUM] CVE-2016-5321: tiff - The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cau... The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image. Scope: local bookworm: resolved (fixed in 4.0.6-2) bullseye: resolved (fixed in 4.0.6-2) forky: resolved (fixed in 4.0.6-2) sid: resolved (fixed in 4.0.6-2) trixie: resolved (fixed in 4.0.6-2)