The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of LibTIFF

vulnerability announce CVE-2018-5784

LibTIFF: denial of service

Synthesis of the vulnerability

An attacker can trigger an overuse of resources in LibTIFF, in order to trigger a denial of service.
Impacted products: Debian, Fedora, LibTIFF, openSUSE Leap, Ubuntu, WindRiver Linux.
Severity: 1/4.
Creation date: 22/01/2018.
Identifiers: 2772, CVE-2018-5784, DLA-1391-1, DLA-1411-1, FEDORA-2018-e6a51e99a4, openSUSE-SU-2018:1204-1, USN-3602-1, USN-3606-1, VIGILANCE-VUL-25132.

Description of the vulnerability

An attacker can trigger an overuse of resources in LibTIFF, in order to trigger a denial of service.

Technical details are unknown.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2017-9403 CVE-2017-9404

LibTIFF: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of LibTIFF.
Impacted products: Debian, Fedora, LibTIFF, openSUSE Leap, Ubuntu.
Severity: 1/4.
Creation date: 12/06/2017.
Identifiers: CVE-2017-9403, CVE-2017-9404, DLA-983-1, DLA-984-1, DSA-3903-1, FEDORA-2017-03c5f27205, openSUSE-SU-2017:2635-1, USN-3602-1, VIGILANCE-VUL-22946.

Description of the vulnerability

An attacker can use several vulnerabilities of LibTIFF.

An attacker can create a memory leak via TIFFReadDirEntryLong8Array(), in order to trigger a denial of service. [severity:1/4; CVE-2017-9403]

An attacker can create a memory leak via OJPEGReadHeaderInfoSecTablesQTable(), in order to trigger a denial of service. [severity:1/4; CVE-2017-9404]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2017-9147

LibTIFF: out-of-bounds memory reading via _TIFFVGetField

Synthesis of the vulnerability

An attacker can force a read at an invalid address via _TIFFVGetField() of LibTIFF, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, LibTIFF, Ubuntu.
Severity: 1/4.
Creation date: 23/05/2017.
Identifiers: 2693, CVE-2017-9147, DLA-983-1, DLA-984-1, DSA-3903-1, USN-3606-1, VIGILANCE-VUL-22801.

Description of the vulnerability

The LibTIFF product offers a web service.

However, it tries to read a memory area located outside the expected range, which triggers a fatal error, or leads to the disclosure of a memory fragment.

An attacker can therefore force a read at an invalid address via _TIFFVGetField() of LibTIFF, in order to trigger a denial of service, or to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2017-5225

LibTIFF: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of LibTIFF.
Impacted products: Debian, Fedora, LibTIFF, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 13/01/2017.
Identifiers: 2656, 2657, CVE-2017-5225, DLA-795-1, DSA-3844-1, FEDORA-2018-cc86e5bc77, openSUSE-SU-2017:0512-1, SUSE-SU-2018:1835-1, USN-3212-1, USN-3212-2, USN-3212-3, USN-3212-4, VIGILANCE-VUL-21575.

Description of the vulnerability

Several vulnerabilities were announced in LibTIFF.

An attacker can generate a buffer overflow via tiffcp, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 2656]

An attacker can generate a buffer overflow via tiffcp, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 2657]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2016-10092 CVE-2016-10093 CVE-2016-10094

LibTIFF: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of LibTIFF.
Impacted products: Debian, Fedora, LibTIFF, Ubuntu.
Severity: 2/4.
Creation date: 02/01/2017.
Identifiers: CVE-2016-10092, CVE-2016-10093, CVE-2016-10094, DLA-795-1, DSA-3762-1, FEDORA-2018-cc86e5bc77, USN-3212-1, USN-3212-2, USN-3212-3, USN-3212-4, VIGILANCE-VUL-21488.

Description of the vulnerability

Several vulnerabilities were announced in LibTIFF.

An attacker can generate a buffer overflow via tiffcrop, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-10092]

An attacker can generate a buffer overflow via tiffcp, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-10093]

An attacker can generate a buffer overflow via tiff2pdf, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-10094]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2016-9533 CVE-2016-9534 CVE-2016-9535

LibTIFF: eight vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of LibTIFF.
Impacted products: Mac OS X, Debian, BIG-IP Hardware, TMOS, LibTIFF, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 23/11/2016.
Identifiers: CVE-2016-9533, CVE-2016-9534, CVE-2016-9535, CVE-2016-9536, CVE-2016-9537, CVE-2016-9538, CVE-2016-9539, CVE-2016-9540, DLA-795-1, DLA-880-1, DSA-3762-1, DSA-3844-1, HT207615, K34527393, RHSA-2017:0225-01, SUSE-SU-2018:1835-1, USN-3212-1, USN-3212-2, USN-3212-3, USN-3212-4, VIGILANCE-VUL-21195.

Description of the vulnerability

Several vulnerabilities were announced in LibTIFF.

An attacker can generate a buffer overflow via tif_pixarlog.c, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-9533]

An attacker can generate a buffer overflow via TIFFFlushData1(), in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-9534]

An attacker can generate a buffer overflow via YCbCr With Subsampling, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-9535]

An attacker can generate a buffer overflow via t2p_process_jpeg_strip(), in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-9536]

An attacker can generate a buffer overflow via tools/tiffcrop.c, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-9537]

An attacker can force a read at an invalid address via readContigStripsIntoBuffer(), in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2016-9538]

An attacker can force a read at an invalid address via readContigTilesIntoBuffer(), in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2016-9539]

An attacker can generate a buffer overflow via cpStripToTile(), in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-9540]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2016-9273

LibTIFF: buffer overflow via TIFFNumberOfStrips

Synthesis of the vulnerability

An attacker can generate a buffer overflow via TIFFNumberOfStrips of LibTIFF, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, LibTIFF, openSUSE, openSUSE Leap, Slackware, Ubuntu.
Severity: 2/4.
Creation date: 10/11/2016.
Identifiers: 2587, CVE-2016-9273, DLA-716-1, DSA-3762-1, openSUSE-SU-2016:3035-1, openSUSE-SU-2017:0074-1, SSA:2017-098-01, USN-3212-1, USN-3212-2, VIGILANCE-VUL-21088.

Description of the vulnerability

The LibTIFF product offers a web service.

However, if the size of data is greater than the size of the storage array, an overflow occurs.

An attacker can therefore generate a buffer overflow via TIFFNumberOfStrips of LibTIFF, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce 20697

LibTIFF: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of LibTIFF.
Impacted products: LibTIFF.
Severity: 2/4.
Creation date: 26/09/2016.
Identifiers: VIGILANCE-VUL-20697.

Description of the vulnerability

An attacker can use several vulnerabilities of LibTIFF.

Technical details are unknown.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2016-3990 CVE-2016-3991

LibTIFF: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of LibTIFF.
Impacted products: Debian, LibTIFF, openSUSE, openSUSE Leap, RHEL, Ubuntu.
Severity: 2/4.
Creation date: 03/08/2016.
Identifiers: CVE-2016-3990, CVE-2016-3991, DLA-606-1, DLA-610-1, DLA-610-2, DLA-795-1, DSA-3762-1, openSUSE-SU-2016:2275-1, openSUSE-SU-2016:2375-1, openSUSE-SU-2016:2525-1, RHSA-2016:1546-01, RHSA-2016:1547-01, USN-3212-1, USN-3212-2, USN-3212-3, USN-3212-4, VIGILANCE-VUL-20299.

Description of the vulnerability

Several vulnerabilities were announced in LibTIFF.

An attacker can generate a buffer overflow via horizontalDifference8(), in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-3990]

An attacker can generate a buffer overflow via loadImage(), in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-3991]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2016-6223

LibTIFF: out-of-bounds memory reading via TIFFReadRawStrip1

Synthesis of the vulnerability

An attacker can force a read at an invalid address via TIFFReadRawStrip1() of LibTIFF, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, LibTIFF, Ubuntu.
Severity: 2/4.
Creation date: 13/07/2016.
Identifiers: CVE-2016-6223, DLA-610-1, DLA-610-2, DLA-693-1, DLA-693-2, DSA-3762-1, USN-3212-1, USN-3212-2, VIGILANCE-VUL-20090.

Description of the vulnerability

The LibTIFF library analyzes images in TIFF format.

However, the TIFFReadRawStrip1() and TIFFReadRawTile1() function try to read a memory area located outside the expected range, which triggers a fatal error, or leads to the disclosure of a memory fragment.

An attacker can therefore force a read at an invalid address via TIFFReadRawStrip1() of LibTIFF, in order to trigger a denial of service, or to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about LibTIFF: