Total vulnerabilities in the database
Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size.
| Software | From | Fixed in |
|---|---|---|
| libtiff / libtiff | 4.0-alpha | 4.0-alpha.x |
| libtiff / libtiff | 4.0-beta6 | 4.0-beta6.x |
| libtiff / libtiff | 4.0-beta1 | 4.0-beta1.x |
| libtiff / libtiff | 4.0-beta4 | 4.0-beta4.x |
| libtiff / libtiff | 4.0.1 | 4.0.1.x |
| libtiff / libtiff | 4.0 | 4.0.x |
| libtiff / libtiff | - | 4.0.2.x |
| libtiff / libtiff | 4.0-beta5 | 4.0-beta5.x |
| libtiff / libtiff | 4.0-beta2 | 4.0-beta2.x |
| libtiff / libtiff | 4.0-beta3 | 4.0-beta3.x |