The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of LibTIFF

vulnerability note CVE-2019-7663

LibTIFF: NULL pointer dereference via TIFFWriteDirectoryTagTransfer

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via TIFFWriteDirectoryTagTransfer() of LibTIFF, in order to trigger a denial of service.
Impacted products: Debian, LibTIFF, openSUSE Leap, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 11/02/2019.
Identifiers: 2833, CVE-2019-7663, DLA-1680-1, openSUSE-SU-2019:1161-1, SUSE-SU-2019:0786-1, USN-3906-1, USN-3906-2, VIGILANCE-VUL-28474.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via TIFFWriteDirectoryTagTransfer() of LibTIFF, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2019-6128

LibTIFF: memory leak via TIFFFdOpen

Synthesis of the vulnerability

An attacker can create a memory leak via TIFFFdOpen() of LibTIFF, in order to trigger a denial of service.
Impacted products: LibTIFF, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 14/01/2019.
Identifiers: 2836, CVE-2019-6128, openSUSE-SU-2019:1161-1, SUSE-SU-2019:0786-1, SUSE-SU-2019:14002-1, USN-3906-1, USN-3906-2, VIGILANCE-VUL-28268.

Description of the vulnerability

An attacker can create a memory leak via TIFFFdOpen() of LibTIFF, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-12900

LibTIFF: buffer overflow via cpSeparateBufToContigBuf

Synthesis of the vulnerability

An attacker can generate a buffer overflow via cpSeparateBufToContigBuf() of LibTIFF, in order to trigger a denial of service, and possibly to run code.
Impacted products: LibTIFF, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 26/11/2018.
Identifiers: 2798, bulletinjan2019, CVE-2018-12900, openSUSE-SU-2018:3947-1, openSUSE-SU-2018:3948-1, SUSE-SU-2018:3911-1, SUSE-SU-2018:3911-2, SUSE-SU-2018:3925-1, USN-3906-1, USN-3906-2, VIGILANCE-VUL-27878.

Description of the vulnerability

An attacker can generate a buffer overflow via cpSeparateBufToContigBuf() of LibTIFF, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-19210

LibTIFF: NULL pointer dereference via TIFFRewriteDirectory

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via TIFFRewriteDirectory() of LibTIFF, in order to trigger a denial of service.
Impacted products: Debian, LibTIFF, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 13/11/2018.
Identifiers: 2820, CVE-2018-19210, DLA-1680-1, openSUSE-SU-2018:4053-1, openSUSE-SU-2018:4256-1, openSUSE-SU-2019:1161-1, SUSE-SU-2018:4008-1, SUSE-SU-2018:4191-1, SUSE-SU-2019:0786-1, USN-3906-1, VIGILANCE-VUL-27764.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via TIFFRewriteDirectory() of LibTIFF, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-18661

LibTIFF: NULL pointer dereference via LZWDecode

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via LZWDecode of LibTIFF, in order to trigger a denial of service.
Impacted products: LibTIFF, openSUSE Leap, Solaris, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 29/10/2018.
Identifiers: 2819, bulletinjan2019, CVE-2018-18661, openSUSE-SU-2018:3947-1, openSUSE-SU-2018:3948-1, SSA:2018-316-01, SUSE-SU-2018:3879-1, SUSE-SU-2018:3911-1, SUSE-SU-2018:3911-2, SUSE-SU-2018:3925-1, USN-3864-1, VIGILANCE-VUL-27635.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via LZWDecode of LibTIFF, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-18557

LibTIFF: buffer overflow via JBIGDecode

Synthesis of the vulnerability

An attacker can generate a buffer overflow via JBIGDecode() of LibTIFF, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, LibTIFF, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 23/10/2018.
Identifiers: 1697, bulletinjan2019, CVE-2018-18557, DLA-1557-1, DSA-4349-1, openSUSE-SU-2018:3947-1, openSUSE-SU-2018:3948-1, SUSE-SU-2018:3911-1, SUSE-SU-2018:3911-2, SUSE-SU-2018:3925-1, USN-3864-1, USN-3906-2, VIGILANCE-VUL-27603.

Description of the vulnerability

The LibTIFF product offers a web service.

However, if the size of data is greater than the size of the storage array, an overflow occurs.

An attacker can therefore generate a buffer overflow via JBIGDecode() of LibTIFF, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-17795

LibTIFF: buffer overflow via t2p_write_pdf

Synthesis of the vulnerability

An attacker can generate a buffer overflow via t2p_write_pdf() of LibTIFF, in order to trigger a denial of service, and possibly to run code.
Impacted products: LibTIFF, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 01/10/2018.
Identifiers: 2816, bulletinjan2019, CVE-2018-17795, openSUSE-SU-2018:3370-1, openSUSE-SU-2018:3371-1, SUSE-SU-2018:3289-1, SUSE-SU-2018:3327-1, SUSE-SU-2018:3391-1, VIGILANCE-VUL-27368.

Description of the vulnerability

An attacker can generate a buffer overflow via t2p_write_pdf() of LibTIFF, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability 27245

LibTIFF: out-of-bounds memory reading via TIFFReadSeparateTileData

Synthesis of the vulnerability

An attacker can force a read at an invalid address via TIFFReadSeparateTileData() of LibTIFF, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: LibTIFF.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 17/09/2018.
Identifiers: 2812, VIGILANCE-VUL-27245.

Description of the vulnerability

An attacker can force a read at an invalid address via TIFFReadSeparateTileData() of LibTIFF, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-17100

LibTIFF: integer overflow via multiply_ms

Synthesis of the vulnerability

An attacker can generate an integer overflow via multiply_ms() of LibTIFF, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, LibTIFF, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 17/09/2018.
Identifiers: 2810, bulletinjan2019, CVE-2018-17100, DLA-1557-1, openSUSE-SU-2018:3370-1, openSUSE-SU-2018:3371-1, SUSE-SU-2018:3289-1, SUSE-SU-2018:3327-1, SUSE-SU-2018:3391-1, USN-3864-1, USN-3906-2, VIGILANCE-VUL-27244.

Description of the vulnerability

An attacker can generate an integer overflow via multiply_ms() of LibTIFF, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-17101

LibTIFF: buffer overflow via tiff2bw/pal2rgb

Synthesis of the vulnerability

An attacker can generate a buffer overflow via tiff2bw/pal2rgb of LibTIFF, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, LibTIFF, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 17/09/2018.
Identifiers: 2807, bulletinjan2019, CVE-2018-17101, DLA-1557-1, DSA-4349-1, openSUSE-SU-2018:3370-1, openSUSE-SU-2018:3371-1, SUSE-SU-2018:3289-1, SUSE-SU-2018:3327-1, SUSE-SU-2018:3391-1, USN-3864-1, USN-3906-2, VIGILANCE-VUL-27243.

Description of the vulnerability

An attacker can generate a buffer overflow via tiff2bw/pal2rgb of LibTIFF, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about LibTIFF: