Libtiff
Monthly
libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c. [CVSS 5.0 MEDIUM]
libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function. [CVSS 7.3 HIGH]
libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tif_open.c. [CVSS 5.5 MEDIUM]
A vulnerability was determined in LibTIFF up to 4.5.1. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
A vulnerability was found in LibTIFF up to 4.7.0. Rated low severity (CVSS 2.0). Public exploit code available.
Use-after-free vulnerability in LibTIFF up to version 4.7.0 affects the get_histogram function in tiffmedian.c, allowing local authenticated attackers to cause denial of service or limited data corruption. Despite a critical severity declaration and publicly available exploit code, the CVSS 4.0 vector assigns a low score (1.9) due to local-only access requirements, high attack complexity constraints, and limited impact scope; EPSS places real exploitation probability at 0.03%, suggesting this remains a low-priority issue in typical deployments.
libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c. [CVSS 5.0 MEDIUM]
libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function. [CVSS 7.3 HIGH]
libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tif_open.c. [CVSS 5.5 MEDIUM]
A vulnerability was determined in LibTIFF up to 4.5.1. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
A vulnerability was found in LibTIFF up to 4.7.0. Rated low severity (CVSS 2.0). Public exploit code available.
Use-after-free vulnerability in LibTIFF up to version 4.7.0 affects the get_histogram function in tiffmedian.c, allowing local authenticated attackers to cause denial of service or limited data corruption. Despite a critical severity declaration and publicly available exploit code, the CVSS 4.0 vector assigns a low score (1.9) due to local-only access requirements, high attack complexity constraints, and limited impact scope; EPSS places real exploitation probability at 0.03%, suggesting this remains a low-priority issue in typical deployments.