Max CVSS | 9.3 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2019-14973 | 4.3 |
_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application cras
|
02-03-2023 - 17:53 | 14-08-2019 - 06:15 | |
CVE-2018-8905 | 6.8 |
In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.
|
01-03-2023 - 17:13 | 22-03-2018 - 04:29 | |
CVE-2013-4244 | 6.8 |
The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image.
|
13-02-2023 - 04:45 | 28-09-2013 - 19:55 | |
CVE-2011-1167 | 6.8 |
Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSamp
|
13-02-2023 - 01:19 | 28-03-2011 - 16:55 | |
CVE-2009-5022 | 6.8 |
Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file.
|
13-02-2023 - 01:18 | 03-05-2011 - 20:55 | |
CVE-2012-5581 | 6.8 |
Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image.
|
13-02-2023 - 00:26 | 04-01-2013 - 22:55 | |
CVE-2012-2113 | 6.8 |
Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.
|
13-02-2023 - 00:24 | 22-07-2012 - 17:55 | |
CVE-2012-1173 | 6.8 |
Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading t
|
13-02-2023 - 00:23 | 04-06-2012 - 20:55 | |
CVE-2018-12900 | 6.8 |
Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8
|
05-03-2021 - 19:15 | 26-06-2018 - 22:29 | |
CVE-2019-14973 | 4.3 |
_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application cras
|
28-09-2020 - 15:15 | 14-08-2019 - 06:15 | |
CVE-2019-17546 | 6.8 |
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.
|
24-08-2020 - 17:37 | 14-10-2019 - 02:15 | |
CVE-2016-5320 | 5.0 |
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5314. Reason: This candidate is a reservation duplicate of CVE-2016-5314. Notes: All CVE users should reference CVE-2016-5314 instead of this candidate. All references and descr
|
12-03-2018 - 02:29 | 12-03-2018 - 02:29 | |
CVE-2016-9540 | 7.5 |
tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow."
|
05-01-2018 - 02:31 | 22-11-2016 - 19:59 | |
CVE-2011-0192 | 9.3 |
Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application cras
|
21-02-2014 - 04:39 | 03-03-2011 - 20:00 |