tiff (SUSE:Linux Enterprise Server 11 SP4) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 11 SP4 package tiff, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (72)
CVE-2016-9536 — CVSS 9.8 (critical): tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported…
CVE-2016-9535 — CVSS 9.8 (critical): tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in…
CVE-2015-8668 — CVSS 9.8 (critical): Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote…
CVE-2016-9540 — CVSS 9.8 (critical): tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103…
CVE-2015-7554 — CVSS 9.8 (critical): The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or…
CVE-2016-5314 — CVSS 8.8 (high): Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of…
CVE-2018-12900 — CVSS 8.8 (high): Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7…
CVE-2019-6128 — CVSS 8.8 (high): The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.
CVE-2014-8129 — CVSS 8.8 (high): LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a…
CVE-2018-8905 — CVSS 8.8 (high): In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated…
CVE-2017-9935 — CVSS 8.8 (high): In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to…
CVE-2017-5225 — CVSS 8.8 (high): LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted…
CVE-2017-17973 — CVSS 8.8 (high): In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of…
CVE-2018-17795 — CVSS 8.8 (high): The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based…
CVE-2017-17942 — CVSS 8.8 (high): In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c.
CVE-2016-3621 — CVSS 8.8 (high): The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c lzw" option is used, allows remote…
CVE-2018-17101 — CVSS 8.8 (high): An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can…
CVE-2018-17100 — CVSS 8.8 (high): An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service…
CVE-2018-16335 — CVSS 8.8 (high): newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service…
CVE-2017-11335 — CVSS 8.8 (high): There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one…
CVE-2016-8331 — CVSS 8.1 (high): An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document…
CVE-2017-7596 — CVSS 7.8 (high): LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers…
CVE-2016-10092 — CVSS 7.8 (high): Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7…
CVE-2016-10094 — CVSS 7.8 (high): Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have…
CVE-2016-10268 — CVSS 7.8 (high): tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read)…
CVE-2016-10270 — CVSS 7.8 (high): LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact…
CVE-2016-3632 — CVSS 7.8 (high): The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service…
CVE-2016-3945 — CVSS 7.8 (high): Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when…
CVE-2016-3990 — CVSS 7.8 (high): Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to…
CVE-2016-9453 — CVSS 7.8 (high): The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash)…
CVE-2017-7597 — CVSS 7.8 (high): tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow…
CVE-2017-7599 — CVSS 7.8 (high): LibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers…
CVE-2017-7600 — CVSS 7.8 (high): LibTIFF 4.0.7 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote…
CVE-2017-7601 — CVSS 7.8 (high): LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a…
CVE-2017-7602 — CVSS 7.8 (high): LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or…
CVE-2016-3623 — CVSS 7.5 (high): The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v…
CVE-2016-3620 — CVSS 7.5 (high): The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c zip" option is used, allows remote…
CVE-2015-8870 — CVSS 7.4 (high): Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer…
CVE-2016-5652 — CVSS 7.0 (high): An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can…
CVE-2014-9655 — CVSS 6.5 (medium): The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to…
CVE-2015-8781 — CVSS 6.5 (medium): tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a…
CVE-2016-3622 — CVSS 6.5 (medium): The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service…
CVE-2018-18661 — CVSS 6.5 (medium): An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.
CVE-2018-7456 — CVSS 6.5 (medium): A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7…
CVE-2014-8130 — CVSS 6.5 (medium): The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of…
CVE-2014-8128 — CVSS 6.5 (medium): LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a…
CVE-2017-9147 — CVSS 6.5 (medium): LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of…
CVE-2018-10779 — CVSS 6.5 (medium): TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff.
CVE-2015-8783 — CVSS 6.5 (medium): tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image.
CVE-2015-8782 — CVSS 6.5 (medium): tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different…
CVE-2016-5316 — CVSS 6.5 (medium): Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the…
CVE-2016-5317 — CVSS 6.5 (medium): Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME…
CVE-2016-5318 — CVSS 6.5 (medium): Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application…
CVE-2016-5319 — CVSS 6.5 (medium): Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted…
CVE-2016-3619 — CVSS 6.5 (medium): The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c none" option is used, allows…
CVE-2017-11613 — CVSS 6.5 (medium): In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service…
CVE-2017-18013 — CVSS 6.5 (medium): In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.
CVE-2014-8127 — CVSS 6.5 (medium): LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1)…
CVE-2016-3186 — CVSS 6.2 (medium): Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service…
CVE-2016-10095 — CVSS 5.5 (medium): Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7…
CVE-2016-5315 — CVSS 5.5 (medium): The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds…
CVE-2017-7595 — CVSS 5.5 (medium): The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and…
CVE-2016-5102 — CVSS 5.5 (medium): Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial…
CVE-2016-9273 — CVSS 5.5 (medium): tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to…
CVE-2016-10267 — CVSS 5.5 (medium): LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image…
CVE-2016-10266 — CVSS 5.5 (medium): LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image…
CVE-2017-7593 — CVSS 5.5 (medium): tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain…
CVE-2017-9117 — CVSS 4.0 (medium): In LibTIFF 4.0.6 and possibly other versions, the program processes BMP images without verifying that biWidth and biHeight in the…
CVE-2016-5320: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5314. Reason: This candidate is a reservation duplicate of…
CVE-2016-5875: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5314. Reason: This candidate is a reservation duplicate of…