CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2023-2731 – libtiff: null pointer deference in LZWDecode() in libtiff/tif_lzw.c
https://notcve.org/view.php?id=CVE-2023-2731
17 May 2023 — A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service. It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed image files with the tiffcrop utility. If a user were tricked into opening a specially crafte... • https://access.redhat.com/security/cve/CVE-2023-2731 • CWE-476: NULL Pointer Dereference •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 1CVE-2023-30774 – libtiff: heap buffer overflow issues related to TIFFTAG_INKNAMES and related TIFFTAG_NUMBEROFINKS value
https://notcve.org/view.php?id=CVE-2023-30774
09 May 2023 — A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values. The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Issues addressed include buffer overflow, integer overflow, out of bounds read, and out of bounds write vulnerabilities. • http://seclists.org/fulldisclosure/2023/Oct/24 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2023-1916 – Ubuntu Security Notice USN-6428-1
https://notcve.org/view.php?id=CVE-2023-1916
10 Apr 2023 — A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x. It was discovered that LibTIFF could be made to read out of bounds when processing certain malformed image files with the tiffcrop utility. If a user were tricked into opening a specially crafted image fil... • https://gitlab.com/libtiff/libtiff/-/issues/536 • CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4645 – libtiff: out-of-bounds read in tiffcp in tools/tiffcp.c
https://notcve.org/view.php?id=CVE-2022-4645
03 Mar 2023 — LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125. A flaw was found in tiffcp, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the tiffcp function in tools/tiffcp.c, resulting in a denial of service and limited information disclosure. The libtiff packages contain ... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4645.json • CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0795 – libtiff: out-of-bounds read in extractContigSamplesShifted16bits() in tools/tiffcrop.c
https://notcve.org/view.php?id=CVE-2023-0795
13 Feb 2023 — LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information discl... • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0795.json • CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0796 – libtiff: out-of-bounds read in extractContigSamplesShifted24bits() in tools/tiffcrop.c
https://notcve.org/view.php?id=CVE-2023-0796
13 Feb 2023 — LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted24bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information discl... • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0796.json • CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0797 – libtiff: out-of-bounds read in _TIFFmemcpy() in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c
https://notcve.org/view.php?id=CVE-2023-0797
13 Feb 2023 — LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the _TIFFmemcpy function in libtiff/tif_unix.c when called by functio... • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0797.json • CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0798 – libtiff: out-of-bounds read in extractContigSamplesShifted8bits() in tools/tiffcrop.c
https://notcve.org/view.php?id=CVE-2023-0798
13 Feb 2023 — LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted8bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclo... • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0798.json • CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0799 – libtiff: use-after-free in extractContigSamplesShifted32bits() in tools/tiffcrop.c
https://notcve.org/view.php?id=CVE-2023-0799
13 Feb 2023 — LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to a use-after-free problem in the extractContigSamplesShifted32bits function in tools/tiffcrop.c, resulting in a Denial of Service. It was discovered that Li... • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0799.json • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0800 – libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c
https://notcve.org/view.php?id=CVE-2023-0800
13 Feb 2023 — LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modificati... • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0800.json • CWE-787: Out-of-bounds Write •