Total
262 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0886 | 9 Apple, Kde, Libtiff and 6 more | 13 Mac Os X, Mac Os X Server, Kde and 10 more | 2026-04-16 | 5.0 MEDIUM | N/A |
| Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls. | |||||
| CVE-2005-1544 | 1 Libtiff | 1 Libtiff | 2026-04-16 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag. | |||||
| CVE-2006-2656 | 1 Libtiff | 1 Libtiff | 2026-04-16 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE. | |||||
| CVE-2004-0929 | 2 Libtiff, Suse | 2 Libtiff, Suse Linux | 2026-04-16 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the OJPEGVSetField function in tif_ojpeg.c for libtiff 3.6.1 and earlier, when compiled with the OJPEG_SUPPORT (old JPEG support) option, allows remote attackers to execute arbitrary code via a malformed TIFF image. | |||||
| CVE-2006-3460 | 1 Libtiff | 1 Libtiff | 2026-04-16 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an encoded JPEG stream that is longer than the scan line size (TiffScanLineSize). | |||||
| CVE-2006-2026 | 1 Libtiff | 1 Libtiff | 2026-04-16 | 6.5 MEDIUM | N/A |
| Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers errors related to "setfield/getfield methods in cleanup functions." | |||||
| CVE-2004-0803 | 9 Apple, Kde, Libtiff and 6 more | 13 Mac Os X, Mac Os X Server, Kde and 10 more | 2026-04-16 | 7.5 HIGH | N/A |
| Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files. | |||||
| CVE-2004-1307 | 10 Apple, Avaya, Conectiva and 7 more | 19 Mac Os X, Mac Os X Server, Call Management System Server and 16 more | 2026-04-16 | 7.5 HIGH | N/A |
| Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow. | |||||
| CVE-2004-1308 | 1 Libtiff | 1 Libtiff | 2026-04-16 | 10.0 HIGH | N/A |
| Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow. | |||||
| CVE-2006-2193 | 1 Libtiff | 1 Libtiff | 2026-04-16 | 7.5 HIGH | N/A |
| Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character is sign extended to an integer that produces more digits than expected in an sprintf call. | |||||
| CVE-2006-0405 | 1 Libtiff | 1 Libtiff | 2026-04-16 | 5.0 MEDIUM | N/A |
| The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a NULL pointer dereference, possibly due to changes in type declarations and/or the TIFFVSetField function. | |||||
| CVE-2006-2120 | 1 Libtiff | 1 Libtiff | 2026-04-16 | 2.1 LOW | N/A |
| The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read. | |||||
| CVE-2006-3459 | 2 Adobe, Libtiff | 2 Acrobat Reader, Libtiff | 2026-04-16 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c. | |||||
| CVE-2004-1183 | 1 Libtiff | 1 Libtiff | 2026-04-16 | 5.1 MEDIUM | N/A |
| Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF file. | |||||
| CVE-2006-3462 | 1 Libtiff | 1 Libtiff | 2026-04-16 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors involving decoding large RLE images. | |||||
| CVE-2017-5225 | 1 Libtiff | 1 Libtiff | 2026-03-02 | 7.5 HIGH | 8.8 HIGH |
| LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value. | |||||
| CVE-2023-52355 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2026-02-27 | N/A | 7.5 HIGH |
| An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB. | |||||
| CVE-2025-61145 | 1 Libtiff | 1 Libtiff | 2026-02-25 | N/A | 5.0 MEDIUM |
| libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c. | |||||
| CVE-2025-61144 | 1 Libtiff | 1 Libtiff | 2026-02-25 | N/A | 7.3 HIGH |
| libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function. | |||||
| CVE-2025-61143 | 1 Libtiff | 1 Libtiff | 2026-02-25 | N/A | 5.5 MEDIUM |
| libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tif_open.c. | |||||