The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of LibTIFF

vulnerability note CVE-2018-19210

LibTIFF: NULL pointer dereference via TIFFRewriteDirectory

Synthesis of the vulnerability

Impacted products: LibTIFF, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 13/11/2018.
Identifiers: 2820, CVE-2018-19210, openSUSE-SU-2018:4053-1, openSUSE-SU-2018:4256-1, SUSE-SU-2018:4008-1, SUSE-SU-2018:4191-1, VIGILANCE-VUL-27764.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via TIFFRewriteDirectory() of LibTIFF, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2018-18661

LibTIFF: NULL pointer dereference via LZWDecode

Synthesis of the vulnerability

Impacted products: LibTIFF, openSUSE Leap, Slackware, SUSE Linux Enterprise Desktop, SLES, WindRiver Linux.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 29/10/2018.
Identifiers: 2819, CVE-2018-18661, openSUSE-SU-2018:3947-1, openSUSE-SU-2018:3948-1, SSA:2018-316-01, SUSE-SU-2018:3879-1, SUSE-SU-2018:3911-1, SUSE-SU-2018:3911-2, SUSE-SU-2018:3925-1, VIGILANCE-VUL-27635.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via LZWDecode of LibTIFF, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2018-18557

LibTIFF: buffer overflow via JBIGDecode

Synthesis of the vulnerability

An attacker can generate a buffer overflow via JBIGDecode() of LibTIFF, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, LibTIFF, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, WindRiver Linux.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 23/10/2018.
Identifiers: 1697, CVE-2018-18557, DLA-1557-1, DSA-4349-1, openSUSE-SU-2018:3947-1, openSUSE-SU-2018:3948-1, SUSE-SU-2018:3911-1, SUSE-SU-2018:3911-2, SUSE-SU-2018:3925-1, VIGILANCE-VUL-27603.

Description of the vulnerability

The LibTIFF product offers a web service.

However, if the size of data is greater than the size of the storage array, an overflow occurs.

An attacker can therefore generate a buffer overflow via JBIGDecode() of LibTIFF, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability 27245

LibTIFF: out-of-bounds memory reading via TIFFReadSeparateTileData

Synthesis of the vulnerability

Impacted products: LibTIFF.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 17/09/2018.
Identifiers: 2812, VIGILANCE-VUL-27245.

Description of the vulnerability

An attacker can force a read at an invalid address via TIFFReadSeparateTileData() of LibTIFF, in order to trigger a denial of service, or to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2018-17100

LibTIFF: integer overflow via multiply_ms

Synthesis of the vulnerability

Impacted products: Debian, LibTIFF, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, WindRiver Linux.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 17/09/2018.
Identifiers: 2810, CVE-2018-17100, DLA-1557-1, openSUSE-SU-2018:3370-1, openSUSE-SU-2018:3371-1, SUSE-SU-2018:3289-1, SUSE-SU-2018:3327-1, SUSE-SU-2018:3391-1, VIGILANCE-VUL-27244.

Description of the vulnerability

An attacker can generate an integer overflow via multiply_ms() of LibTIFF, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2018-17000

LibTIFF: NULL pointer dereference via _TIFFmemcmp

Synthesis of the vulnerability

Impacted products: LibTIFF.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 14/09/2018.
Identifiers: 2811, CVE-2018-17000, VIGILANCE-VUL-27234.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via _TIFFmemcmp() of LibTIFF, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2018-16335

LibTIFF: buffer overflow via ChopUpSingleUncompressedStrip

Synthesis of the vulnerability

Impacted products: Debian, LibTIFF, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, WindRiver Linux.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 03/09/2018.
Identifiers: 2809, CVE-2018-16335, DSA-4349-1, openSUSE-SU-2018:3370-1, openSUSE-SU-2018:3371-1, SUSE-SU-2018:3289-1, SUSE-SU-2018:3327-1, SUSE-SU-2018:3391-1, VIGILANCE-VUL-27134.

Description of the vulnerability

An attacker can generate a buffer overflow via ChopUpSingleUncompressedStrip of LibTIFF, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2018-15209

LibTIFF: buffer overflow via ChopUpSingleUncompressedStrip

Synthesis of the vulnerability

Impacted products: Debian, LibTIFF, Solaris, WindRiver Linux.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 09/08/2018.
Identifiers: 2808, bulletinoct2018, CVE-2018-15209, DSA-4349-1, VIGILANCE-VUL-26936.

Description of the vulnerability

An attacker can generate a buffer overflow via ChopUpSingleUncompressedStrip() of LibTIFF, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability 26785

LibTIFF: buffer overflow via TIFFWriteBufferSetup

Synthesis of the vulnerability

Impacted products: LibTIFF.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 18/07/2018.
Identifiers: 2806, CVE-2018-14378-REJECT, VIGILANCE-VUL-26785.

Description of the vulnerability

An attacker can generate a buffer overflow via TIFFWriteBufferSetup() of LibTIFF, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note 26784

LibTIFF: buffer overflow via TIFFRGBAImageOK

Synthesis of the vulnerability

Impacted products: LibTIFF.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 18/07/2018.
Identifiers: 2803, CVE-2018-14375-REJECT, VIGILANCE-VUL-26784.

Description of the vulnerability

An attacker can generate a buffer overflow via TIFFRGBAImageOK() of LibTIFF, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about LibTIFF: