4.0.9 * * * : Security Vulnerabilities Published In 2018

Cpe Name:cpe:2.3:a:libtiff:libtiff:4.0.9:*:*:*:*:*:*:*

2018 : January February March April May June July August September October November December

CVSS Scores Greater Than: 0 1 2 3 4 5 6 7 8 9

Sort Results By : CVE Number Descending CVE Number Ascending CVSS Score Descending Number Of Exploits Descending

#	CVE ID	CWE ID	Vulnerability Type(s)	Publish Date	Update Date	Score	Gained Access Level	Access	Complexity	Authentication	Conf.	Integ.	Avail.
1	CVE-2018-19210	476	DoS	2018-11-12	2019-04-05	4.3	None	Remote	Medium	Not required	None	None	Partial
In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset.
2	CVE-2018-18661	476		2018-10-26	2019-08-06	4.3	None	Remote	Medium	Not required	None	None	Partial
An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.
3	CVE-2018-18557	787		2018-10-22	2021-03-05	6.8	None	Remote	Medium	Not required	Partial	Partial	Partial
LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.
4	CVE-2018-17795	787	DoS Overflow	2018-09-30	2020-10-16	6.8	None	Remote	Medium	Not required	Partial	Partial	Partial
The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935.
5	CVE-2018-17101	787	DoS	2018-09-16	2019-03-21	6.8	None	Remote	Medium	Not required	Partial	Partial	Partial
An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.
6	CVE-2018-17100	190	DoS Overflow	2018-09-16	2019-03-21	6.8	None	Remote	Medium	Not required	Partial	Partial	Partial
An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file.
7	CVE-2018-17000	476		2018-09-13	2019-04-05	4.3	None	Remote	Medium	Not required	None	None	Partial
A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction) in LibTIFF 4.0.9 allows an attacker to cause a denial-of-service through a crafted tiff file. This vulnerability can be triggered by the executable tiffcp.
8	CVE-2018-16335	787	DoS Overflow	2018-09-02	2020-08-24	6.8	None	Remote	Medium	Not required	Partial	Partial	Partial
newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209.
9	CVE-2018-15209	787	DoS Overflow	2018-08-08	2020-08-24	6.8	None	Remote	Medium	Not required	Partial	Partial	Partial
ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf.
10	CVE-2018-12900	787	DoS Overflow	2018-06-26	2021-03-05	6.8	None	Remote	Medium	Not required	Partial	Partial	Partial
Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.
11	CVE-2018-10126	476		2018-04-21	2021-03-15	4.3	None	Remote	Medium	Not required	None	None	Partial
LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c.
12	CVE-2018-8905	787	Overflow	2018-03-22	2020-08-24	6.8	None	Remote	Medium	Not required	Partial	Partial	Partial
In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.
13	CVE-2018-7456	476		2018-02-24	2021-01-29	4.3	None	Remote	Medium	Not required	None	None	Partial
A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)
14	CVE-2018-5784	400	DoS	2018-01-19	2019-04-22	4.3	None	Remote	Medium	Not required	None	None	Partial
In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries.
15	CVE-2017-18013	476		2018-01-01	2018-03-28	4.3	None	Remote	Medium	Not required	None	None	Partial
In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.

Total number of vulnerabilities : 15 Page : 1 (This Page)