LibTIFF 4.5.1 Release Candidate 3

CPE Details

LibTIFF 4.5.1 Release Candidate 3
libtiff
libtiff
4.5.1
2023-06-26
13h49 +00:00
2023-06-26
14h17 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:libtiff:libtiff:4.5.1:rc3:*:*:*:*:*:*

Informations

Vendor

libtiff

Product

libtiff

Version

4.5.1

Update

rc3

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-7006 2024-08-08 20h49 +00:00 A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.
7.5
High
CVE-2023-52355 2024-01-25 20h03 +00:00 An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.
7.5
High
CVE-2023-3164 2023-11-02 11h26 +00:00 A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file.
5.5
Medium
CVE-2023-41175 2023-10-05 18h55 +00:00 A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.
6.5
Medium
CVE-2023-40745 2023-10-05 18h55 +00:00 LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.
6.5
Medium