Description
The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows
attackers to cause a denial of service (invalid memory write and
crash) or possibly have unspecified other impact via crafted field
data in an extension tag in a TIFF image. (CVE-2015-7554)
Heap-based buffer overflow in the PackBitsPreEncode function in
tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote
attackers to execute arbitrary code or cause a denial of service via a
large width field in a BMP image. (CVE-2015-8668)
Buffer overflow in the readextension function in gif2tiff.c in LibTIFF
4.0.6 allows remote attackers to cause a denial of service (application
crash) via a crafted GIF file. (CVE-2016-3186) (the program gif2tiff has
been obsoleted)
The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6
and earlier allows remote attackers to cause a denial of service
(divide-by-zero error) via a crafted TIFF image. (CVE-2016-3622)
The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers
to cause a denial of service (divide-by-zero) by setting the (1) v or (2)
h parameter to 0. (CVE-2016-3623)
The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier
allows remote attackers to cause a denial of service (out-of-bounds write)
or execute arbitrary code via a crafted TIFF image. (CVE-2016-3632)
Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile
functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode
is enabled,allow remote attackers to cause a denial of service (crash) or
execute arbitrary code via a crafted TIFF image, which triggers an
out-of-bounds write. (CVE-2016-3945)
Heap-based buffer overflow in the horizontalDifference8 function in
tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers
to cause a denial of service (crash) or execute arbitrary code via
a crafted TIFF image to tiffcp. (CVE-2016-3990)
Heap-based buffer overflow in the loadImage function in the tiffcrop tool
in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of
service (out-of-bounds write) or execute arbitrary code via a crafted TIFF
image with zero tiles. (CVE-2016-3991)
PixarLogDecode() out-of-bound writes (CVE-2016-5314)
tif_dir.c: setByteArray() Read access violation (CVE-2016-5315)
tif_pixarlog.c: PixarLogCleanup() Segmentation fault (CVE-2016-5316)
crash occurs when generating a thumbnail for a crafted TIFF image
(CVE-2016-5317)
rgb2ycbcr: command excution (CVE-2016-5320)
DumpModeDecode(): Ddos (CVE-2016-5321)
tiffcrop: extractContigSamplesBytes: out-of-bounds read (CVE-2016-5322)
tiffcrop _TIFFFax3fillruns(): divide by zero (CVE-2016-5323)
tiff: heap-based buffer overflow when using the PixarLog compression format (CVE-2016-5875)
tiff: information leak in libtiff/tif_read.c (CVE-2016-6223)