CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2023-2731 – libtiff: null pointer deference in LZWDecode() in libtiff/tif_lzw.c
https://notcve.org/view.php?id=CVE-2023-2731
17 May 2023 — A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service. It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed image files with the tiffcrop utility. If a user were tricked into opening a specially crafte... • https://access.redhat.com/security/cve/CVE-2023-2731 • CWE-476: NULL Pointer Dereference •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 1CVE-2023-30774 – libtiff: heap buffer overflow issues related to TIFFTAG_INKNAMES and related TIFFTAG_NUMBEROFINKS value
https://notcve.org/view.php?id=CVE-2023-30774
09 May 2023 — A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values. The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Issues addressed include buffer overflow, integer overflow, out of bounds read, and out of bounds write vulnerabilities. • http://seclists.org/fulldisclosure/2023/Oct/24 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2023-1916 – Ubuntu Security Notice USN-6428-1
https://notcve.org/view.php?id=CVE-2023-1916
10 Apr 2023 — A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x. It was discovered that LibTIFF could be made to read out of bounds when processing certain malformed image files with the tiffcrop utility. If a user were tricked into opening a specially crafted image fil... • https://gitlab.com/libtiff/libtiff/-/issues/536 • CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4645 – libtiff: out-of-bounds read in tiffcp in tools/tiffcp.c
https://notcve.org/view.php?id=CVE-2022-4645
03 Mar 2023 — LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125. A flaw was found in tiffcp, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the tiffcp function in tools/tiffcp.c, resulting in a denial of service and limited information disclosure. The libtiff packages contain ... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4645.json • CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0803 – libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c
https://notcve.org/view.php?id=CVE-2023-0803
13 Feb 2023 — LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modificati... • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0803.json • CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0800 – libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c
https://notcve.org/view.php?id=CVE-2023-0800
13 Feb 2023 — LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modificati... • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0800.json • CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0802 – libtiff: out-of-bounds write in extractContigSamplesShifted32bits() in tools/tiffcrop.c
https://notcve.org/view.php?id=CVE-2023-0802
13 Feb 2023 — LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted32bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modificati... • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0802.json • CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0804 – libtiff: out-of-bounds write in extractContigSamplesShifted24bits() in tools/tiffcrop.c
https://notcve.org/view.php?id=CVE-2023-0804
13 Feb 2023 — LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted24bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modificati... • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0804.json • CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0796 – libtiff: out-of-bounds read in extractContigSamplesShifted24bits() in tools/tiffcrop.c
https://notcve.org/view.php?id=CVE-2023-0796
13 Feb 2023 — LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted24bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information discl... • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0796.json • CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0795 – libtiff: out-of-bounds read in extractContigSamplesShifted16bits() in tools/tiffcrop.c
https://notcve.org/view.php?id=CVE-2023-0795
13 Feb 2023 — LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information discl... • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0795.json • CWE-125: Out-of-bounds Read •