Errata ALT-PU-2019-1628-1: Information
Fixes
Published: Feb. 27, 2014
BDU:2015-06338
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Feb. 27, 2014
BDU:2015-06339
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Feb. 27, 2014
BDU:2015-06340
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Feb. 27, 2014
BDU:2015-06344
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Feb. 27, 2014
BDU:2015-06345
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Feb. 28, 2014
BDU:2015-08609
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Feb. 28, 2014
BDU:2015-08610
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Feb. 28, 2014
BDU:2015-08611
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Feb. 28, 2014
BDU:2015-08612
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Feb. 28, 2014
BDU:2015-09010
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Feb. 21, 2014
BDU:2015-09718
Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.3)
Links:
Published: Feb. 2, 2016
BDU:2016-00538
Уязвимость библиотеки LibTIFF, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.3)
Links:
Published: Feb. 2, 2016
BDU:2016-00539
Уязвимость библиотеки LibTIFF, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.3)
Links:
Published: Feb. 2, 2016
BDU:2016-00540
Уязвимость библиотеки LibTIFF, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.3)
Links:
Published: April 13, 2016
BDU:2016-01124
Уязвимость библиотеки LibTIFF, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.3)
Links:
Published: Oct. 3, 2016
BDU:2016-02189
Уязвимость библиотеки LibTIFF, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.0)
Links:
Published: Oct. 3, 2016
BDU:2016-02190
Уязвимость библиотеки LibTIFF, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.0)
Links:
Published: Oct. 3, 2016
BDU:2016-02191
Уязвимость библиотеки LibTIFF, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.0)
Links:
Published: Oct. 3, 2016
BDU:2016-02192
Уязвимость библиотеки LibTIFF, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.3)
Links:
Published: Jan. 20, 2017
BDU:2017-00327
Уязвимость библиотеки LibTIFF, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.0)
Links:
Published: Jan. 20, 2017
BDU:2017-00328
Уязвимость операционной системы openSUSE, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.3)
Links:
Published: Jan. 20, 2017
BDU:2017-00329
Уязвимость библиотеки LibTIFF, позволяющая нарушителю вызвать аварийное завершение работы приложения
Severity: MEDIUM (4.3)
Links:
Published: Jan. 20, 2017
BDU:2017-00330
Уязвимость библиотеки LibTIFF, позволяющая нарушителю получить несанкционированный доступ к устройству
Severity: MEDIUM (4.3)
Links:
Published: March 7, 2017
BDU:2017-00883
Уязвимость библиотеки LibTIFF, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.3)
Links:
Published: Dec. 5, 2018
BDU:2019-01070
Уязвимость функции TIFFWriteDirectorySec() библиотеки LibTIFF, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
Published: Aug. 14, 2019
BDU:2020-00107
Уязвимость функций _TIFFCheckMalloc и _TIFFCheckRealloc (tif_aux.c) библиотеки LibTIFF, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
Published: June 29, 2018
BDU:2020-03213
Уязвимость функции cpSeparateBufToContigBuf программного обеспечения для просмотра, редактирования и конвертирования TIFF-файлов, связанная с записью за границами буфера, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Nov. 11, 2012
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2012-4564
ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow.
Severity: MEDIUM (6.8)
Links:
- [oss-security] 20121102 Re: libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file
- 86878
- 51133
- 56372
- [oss-security] 20121102 libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file
- https://bugzilla.redhat.com/show_bug.cgi?id=871700
- DSA-2575
- USN-1631-1
- openSUSE-SU-2013:0187
- RHSA-2012:1590
- libtiff-ppm2tiff-bo(79750)
Published: July 3, 2013
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2013-1960
Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file.
Severity: CRITICAL (9.3)
Links:
Published: July 3, 2013
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2013-1961
Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file.
Severity: CRITICAL (9.3)
Links:
Published: Sept. 10, 2013
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2013-4232
Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted TIFF image.
Severity: MEDIUM (6.8)
Links:
- 54543
- 54628
- [oss-security] 20130809 Re: CVE Request -- Four (stack-based) buffer overflows and one use-after-free in libtiff v4.0.3 reported by Pedro Ribeiro
- https://bugzilla.redhat.com/show_bug.cgi?id=995975
- DSA-2744
- http://bugzilla.maptools.org/show_bug.cgi?id=2449
- [tiff] 20130801 Vulnerabilities in libtiff 4.0.3
- RHSA-2014:0223
Published: Sept. 10, 2013
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2013-4243
Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image.
Severity: MEDIUM (6.8)
Links:
Published: Sept. 28, 2013
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2013-4244
The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image.
Severity: MEDIUM (6.8)
Links:
Published: June 26, 2017
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2014-8127
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
- [oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools
- http://www.conostix.com/pub/adv/CVE-2014-8127-LibTIFF-Out-of-bounds_Reads.txt
- openSUSE-SU-2015:0450
- http://bugzilla.maptools.org/show_bug.cgi?id=2500
- http://bugzilla.maptools.org/show_bug.cgi?id=2497
- http://bugzilla.maptools.org/show_bug.cgi?id=2496
- http://bugzilla.maptools.org/show_bug.cgi?id=2486
- http://bugzilla.maptools.org/show_bug.cgi?id=2485
- http://bugzilla.maptools.org/show_bug.cgi?id=2484
- 72323
- GLSA-201701-16
- 1032760
- DSA-3273
- RHSA-2016:1547
- RHSA-2016:1546
Published: March 12, 2018
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2014-8129
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c.
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1185815
- http://www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt
- http://support.apple.com/kb/HT204942
- http://support.apple.com/kb/HT204941
- [oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools
- APPLE-SA-2015-06-30-2
- APPLE-SA-2015-06-30-1
- http://bugzilla.maptools.org/show_bug.cgi?id=2488
- http://bugzilla.maptools.org/show_bug.cgi?id=2487
- DSA-3273
- GLSA-201701-16
- 1032760
- 72352
- RHSA-2016:1547
- RHSA-2016:1546
Published: March 12, 2018
Modified: April 6, 2018
Modified: April 6, 2018
CVE-2014-8130
The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
- https://github.com/vadz/libtiff/commit/3c5eb8b1be544e41d2c336191bc4936300ad7543
- https://bugzilla.redhat.com/show_bug.cgi?id=1185817
- http://www.conostix.com/pub/adv/CVE-2014-8130-LibTIFF-Division_By_Zero.txt
- http://support.apple.com/kb/HT204942
- http://support.apple.com/kb/HT204941
- [oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools
- APPLE-SA-2015-06-30-2
- APPLE-SA-2015-06-30-1
- http://bugzilla.maptools.org/show_bug.cgi?id=2483
- GLSA-201701-16
- 1032760
- 72353
- RHSA-2016:1547
- RHSA-2016:1546
Published: Jan. 20, 2015
Modified: Jan. 5, 2018
Modified: Jan. 5, 2018
CVE-2014-9330
Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) via crafted BMP image, related to dimensions, which triggers an out-of-bounds read.
Severity: MEDIUM (5.0)
Links:
- 1031442
- 20141222 CVE-2014-9330: Libtiff integer overflow in bmp2tiff
- http://bugzilla.maptools.org/show_bug.cgi?id=2494
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- 71789
- GLSA-201701-16
- DSA-3273
- RHSA-2016:1547
- RHSA-2016:1546
Published: April 13, 2016
Modified: Jan. 5, 2018
Modified: Jan. 5, 2018
CVE-2014-9655
The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif.
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
- [oss-security] 20150207 Re: Multiple vulnerabilities in LibTIFF and associated tools
- DSA-3467
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- GLSA-201701-16
- DSA-3273
- RHSA-2016:1547
- RHSA-2016:1546
Published: April 13, 2016
Modified: Jan. 5, 2018
Modified: Jan. 5, 2018
CVE-2015-1547
The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif.
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
- [oss-security] 20150207 Re: Multiple vulnerabilities in LibTIFF and associated tools
- DSA-3467
- [oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- 73438
- GLSA-201701-16
- RHSA-2016:1547
- RHSA-2016:1546
Published: Feb. 2, 2016
Modified: Dec. 31, 2019
Modified: Dec. 31, 2019
CVE-2015-8781
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
- [oss-security] 20160124 Re: CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression
- http://bugzilla.maptools.org/show_bug.cgi?id=2522#c0
- [oss-security] 20160124 CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression
- DSA-3467
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- 81730
- USN-2939-1
- openSUSE-SU-2016:0405
- openSUSE-SU-2016:0414
- GLSA-201701-16
- RHSA-2016:1547
- RHSA-2016:1546
Published: Feb. 2, 2016
Modified: Dec. 31, 2019
Modified: Dec. 31, 2019
CVE-2015-8782
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
- [oss-security] 20160124 Re: CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression
- http://bugzilla.maptools.org/show_bug.cgi?id=2522
- [oss-security] 20160124 CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression
- DSA-3467
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- 81730
- USN-2939-1
- openSUSE-SU-2016:0405
- openSUSE-SU-2016:0414
- GLSA-201701-16
- RHSA-2016:1547
- RHSA-2016:1546
Published: Feb. 2, 2016
Modified: Dec. 31, 2019
Modified: Dec. 31, 2019
CVE-2015-8783
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
- [oss-security] 20160124 Re: CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression
- http://bugzilla.maptools.org/show_bug.cgi?id=2522
- [oss-security] 20160124 CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression
- DSA-3467
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- 81730
- USN-2939-1
- openSUSE-SU-2016:0405
- openSUSE-SU-2016:0414
- GLSA-201701-16
- RHSA-2016:1547
- RHSA-2016:1546
Published: April 13, 2016
Modified: Dec. 31, 2019
Modified: Dec. 31, 2019
CVE-2015-8784
The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
- http://bugzilla.maptools.org/show_bug.cgi?id=2508
- [oss-security] 20160124 CVE Request: tiff: potential out-of-bound write in NeXTDecode()
- [oss-security] 20160124 Re: CVE Request: tiff: potential out-of-bound write in NeXTDecode()
- https://github.com/vadz/libtiff/commit/b18012dae552f85dcc5c57d3bf4e997a15b1cc1c
- DSA-3467
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- 81696
- USN-2939-1
- GLSA-201701-16
- RHSA-2016:1547
- RHSA-2016:1546
Published: Dec. 6, 2016
Modified: Jan. 5, 2018
Modified: Jan. 5, 2018
CVE-2015-8870
Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file.
Severity: HIGH (7.4) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
Links:
Published: Oct. 3, 2016
Modified: Sept. 3, 2017
Modified: Sept. 3, 2017
CVE-2016-3620
The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c zip" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Oct. 3, 2016
Modified: Sept. 3, 2017
Modified: Sept. 3, 2017
CVE-2016-3621
The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c lzw" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Oct. 3, 2016
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2016-3623
The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Oct. 3, 2016
Modified: Nov. 4, 2017
Modified: Nov. 4, 2017
CVE-2016-3624
The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the "-v" option to -1.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Oct. 3, 2016
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2016-3625
tif_read.c in the tiff2bw tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
Published: Oct. 3, 2016
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2016-3631
The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the bytecounts[] array variable.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Sept. 21, 2016
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2016-3632
The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image.
Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
- [oss-security] 20160408 CVE-2016-3632 - libtiff 4.0.6 illegel write
- 85960
- http://bugzilla.maptools.org/show_bug.cgi?id=2549
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1325095
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- 85953
- GLSA-201701-16
- RHSA-2016:1547
- RHSA-2016:1546
Published: Oct. 3, 2016
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2016-3633
The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the src variable.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Oct. 3, 2016
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2016-3634
The tagCompare function in tif_dirinfo.c in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to field_tag matching.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Oct. 3, 2016
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2016-3658
The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving the ma variable.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Sept. 21, 2016
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2016-3945
Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write.
Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
- [oss-security] 20160408 CVE-2016-3945 libtiff: Out-of-bounds Write in the tiff2rgba tool
- 85960
- https://bugzilla.redhat.com/show_bug.cgi?id=1325093
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://bugzilla.maptools.org/show_bug.cgi?id=2545
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- openSUSE-SU-2016:2275
- GLSA-201701-16
- DSA-3762
- RHSA-2016:1547
- RHSA-2016:1546
Published: Sept. 21, 2016
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2016-3990
Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp.
Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
- [oss-security] 20160412 CVE-2016-3990 : out-of-bounds write in horizontalDifference8() in tiffcp tool
- http://bugzilla.maptools.org/show_bug.cgi?id=2544
- 86000
- https://bugzilla.redhat.com/show_bug.cgi?id=1326246
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- openSUSE-SU-2016:2275
- GLSA-201701-16
- DSA-3762
- RHSA-2016:1547
- RHSA-2016:1546
Published: Sept. 21, 2016
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2016-3991
Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles.
Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
- 85996
- https://bugzilla.redhat.com/show_bug.cgi?id=1326249
- http://bugzilla.maptools.org/show_bug.cgi?id=2543
- [oss-security] 20160412 CVE-2016-3991 : out-of-bounds write in loadImage() in tiffcrop tool
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- openSUSE-SU-2016:2275
- GLSA-201701-16
- DSA-3762
- RHSA-2016:1547
- RHSA-2016:1546
Published: Feb. 6, 2017
Modified: March 28, 2018
Modified: March 28, 2018
CVE-2016-5102
Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
Published: March 12, 2018
Modified: April 5, 2018
Modified: April 5, 2018
CVE-2016-5314
Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr.
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
- https://github.com/vadz/libtiff/commit/391e77fcd217e78b2c51342ac3ddb7100ecacdd2
- https://bugzilla.redhat.com/show_bug.cgi?id=1346687
- 91195
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- [oss-security] 20160630 Re: Re: CVE request: Heap-based buffer overflow in LibTIFF when using the PixarLog compression format
- [oss-security] 20160615 CVE-2016-5320: libtiff 4.0.6 rgb2ycbcr: command excution
- [oss-security] 20160615 CVE-2016-5314: libtiff 4.0.6 PixarLogDecode() out-of-bound writes
- openSUSE-SU-2016:2375
- openSUSE-SU-2016:2321
- openSUSE-SU-2016:1889
- openSUSE-SU-2016:3035
- http://bugzilla.maptools.org/show_bug.cgi?id=2554
- DSA-3762
- GLSA-201701-16
- 91245
Published: March 7, 2017
Modified: March 8, 2017
Modified: March 8, 2017
CVE-2016-5315
The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
Published: Jan. 20, 2017
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2016-5316
Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool.
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
Published: Jan. 20, 2017
Modified: March 28, 2018
Modified: March 28, 2018
CVE-2016-5318
Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff.
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
Published: Jan. 20, 2017
Modified: July 1, 2017
Modified: July 1, 2017
CVE-2016-5319
Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file.
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
Published: Jan. 20, 2017
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2016-5321
The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image.
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
Published: April 11, 2017
Modified: April 17, 2017
Modified: April 17, 2017
CVE-2016-5322
The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
Published: Jan. 20, 2017
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2016-5323
The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Jan. 24, 2017
Modified: Nov. 4, 2017
Modified: Nov. 4, 2017
CVE-2016-6223
The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a negative index in a file-content buffer.
Severity: CRITICAL (9.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Links:
Published: Jan. 27, 2017
Modified: Dec. 31, 2019
Modified: Dec. 31, 2019
CVE-2016-9453
The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 6, 2017
Modified: Feb. 8, 2017
Modified: Feb. 8, 2017
CVE-2016-9532
Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
- GLSA-201701-16
- https://bugzilla.redhat.com/show_bug.cgi?id=1397726
- 94424
- [oss-security] 20161121 Re: CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips
- [oss-security] 20161121 Re: CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips
- [oss-security] 20161111 CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips
- DSA-3762
- http://bugzilla.maptools.org/show_bug.cgi?id=2592
Published: June 26, 2017
Modified: Oct. 3, 2019
Modified: Oct. 3, 2019
CVE-2017-9935
In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution.
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: June 26, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-9937
In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack.
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
Published: May 10, 2018
Modified: Oct. 3, 2019
Modified: Oct. 3, 2019
CVE-2018-10963
The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726.
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
Published: June 27, 2018
Modified: March 5, 2021
Modified: March 5, 2021
CVE-2018-12900
Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 14, 2018
Modified: April 22, 2019
Modified: April 22, 2019
CVE-2018-5360
LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27.
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Aug. 14, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-14973
_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
- https://gitlab.com/libtiff/libtiff/merge_requests/90
- [debian-lts-announce] 20190825 [SECURITY] [DLA 1897-1] tiff security update
- 20191104 [slackware-security] libtiff (SSA:2019-308-01)
- http://packetstormsecurity.com/files/155095/Slackware-Security-Advisory-libtiff-Updates.html
- 20200121 [SECURITY] [DSA 4608-1] tiff security update
- DSA-4608
- DSA-4670
- openSUSE-SU-2020:1561
- openSUSE-SU-2020:1840
- FEDORA-2019-6eeff0f801
- FEDORA-2019-e45019c690