VDB

GCVE-110-MAGEIA-2016-349

GCVE-110-MAGEIA-2016-349
Advisory Published
Vulnetix · Advisory published October 20, 2016
The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image. (CVE-2015-7554) Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image. (CVE-2015-8668) Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file. (CVE-2016-3186) (the program gif2tiff has been obsoleted) The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image. (CVE-2016-3622) The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0. (CVE-2016-3623) The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image. (CVE-2016-3632) Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled,allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write. (CVE-2016-3945) Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp. (CVE-2016-3990) Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles. (CVE-2016-3991) PixarLogDecode() out-of-bound writes (CVE-2016-5314) tif_dir.c: setByteArray() Read access violation (CVE-2016-5315) tif_pixarlog.c: PixarLogCleanup() Segmentation fault (CVE-2016-5316) crash occurs when generating a thumbnail for a crafted TIFF image (CVE-2016-5317) rgb2ycbcr: command excution (CVE-2016-5320) DumpModeDecode(): Ddos (CVE-2016-5321) tiffcrop: extractContigSamplesBytes: out-of-bounds read (CVE-2016-5322) tiffcrop _TIFFFax3fillruns(): divide by zero (CVE-2016-5323) tiff: heap-based buffer overflow when using the PixarLog compression format (CVE-2016-5875) tiff: information leak in libtiff/tif_read.c (CVE-2016-6223)

Affected Products

VendorProductVersionsPlatforms
Mageialibtiff0 (affected), 4.0.6-1.4.mga5 (unaffected)

Browse GCVE Records

72,664 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›