CVE-2016-9538

LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file ...

Multiple vulnerabilities have been discovered in the libtiff library and the included tools tiff2rgba, rgb2ycbcr, tiffcp, tiffcrop, tiff2pdf and tiffsplit, which may result in denial of service, memory disclosure or the execution of arbitrary code There were additional vulnerabilities in the tools bmp2tiff, gif2tiff, thumbnail and ras2tiff, but si ...

tools/tiffcropc in libtiff 406 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow Reported as MSVR 35100 ...

Debian Bug report logs - #820362 tiff: CVE-2016-3619: Memory corruption in DumpModeEncode triggered by crafted bmp file Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 7 Apr 2016 18:51:02 UTC Severity: important ...

Debian Bug report logs - #842361 CVE-2016-5652: heap based buffer overflow in tiff2pdf Package: tiff; Maintainer for tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Raphael Hertzog <hertzog@debianorg> Date: Fri, 28 Oct 2016 12:42:05 UTC Severity: important Tags: fixed-upstream, patch, security, upstr ...

Debian Bug report logs - #820363 tiff: CVE-2016-3620: Out-of-bound read in ZIPEncode Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 7 Apr 2016 18:51:06 UTC Severity: important Tags: security, upstream Found in ...

Debian Bug report logs - #819972 tiff: CVE-2016-3186: buffer overflow in gif2tiff Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 4 Apr 2016 12:51:02 UTC Severity: important Tags: security, upstream, wontfix Fo ...

Debian Bug report logs - #842046 Multiple CVE: Remove tools dropped by upstream Package: tiff; Maintainer for tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Raphael Hertzog <hertzog@debianorg> Date: Tue, 25 Oct 2016 14:00:02 UTC Severity: important Tags: security Found in version 402-6 Fixed in v ...

Debian Bug report logs - #842270 CVE-2016-6223: information leak in libtiff/tif_readc Package: tiff; Maintainer for tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Raphael Hertzog <hertzog@debianorg> Date: Thu, 27 Oct 2016 14:30:01 UTC Severity: important Tags: fixed-upstream, patch, security, upstr ...

Debian Bug report logs - #820364 tiff: CVE-2016-3621: Out-of-bounds Read in the bmp2tiff tool Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 7 Apr 2016 18:51:11 UTC Severity: important Tags: security, upstream ...

Debian Bug report logs - #820366 tiff: CVE-2016-3631: Illegal read in the cpStrips and cpTiles function Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 7 Apr 2016 18:54:02 UTC Severity: important Tags: fixed-ups ...

It was found that tools/tiffcropc in libtiff 406 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow ...