VulnerableCode Package Details - pkg:conan/libtiff@4.5.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-4mhv-7vrm-v7hv Aliases: CVE-2023-1916	Out-of-bounds Read A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x.	4.5.1 Affected by 0 other vulnerabilities.
VCID-6dt6-ppka-b3ct Aliases: CVE-2023-26966	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.	4.5.1 Affected by 0 other vulnerabilities.
VCID-cwen-8yyj-x3aw Aliases: CVE-2023-25434	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215.	There are no reported fixed by versions.
VCID-ju1t-bhyh-v7du Aliases: CVE-2022-48281	Out-of-bounds Write processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.	There are no reported fixed by versions.
VCID-k8kt-55y9-qyac Aliases: CVE-2023-2908	NULL Pointer Dereference A null pointer dereference issue was discovered in Libtiff's tif_dir.c file. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcp utility, which triggers runtime error, causing an undefined behavior, resulting in an application crash, eventually leading to a denial of service.	4.5.1 Affected by 0 other vulnerabilities.
VCID-ndwc-beev-43ck Aliases: CVE-2023-26965	Out-of-bounds Write loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.	4.5.1 Affected by 0 other vulnerabilities.
VCID-xmwn-vxux-h7g3 Aliases: CVE-2023-25435	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753.	4.5.1 Affected by 0 other vulnerabilities.
VCID-z1vf-mhw2-ducs Aliases: CVE-2023-25433	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV.	4.5.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-4mhv-7vrm-v7hv
Aliases:
CVE-2023-1916

Out-of-bounds Read A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x.

4.5.1
Affected by 0 other vulnerabilities.

VCID-6dt6-ppka-b3ct
Aliases:
CVE-2023-26966

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.

4.5.1
Affected by 0 other vulnerabilities.

VCID-cwen-8yyj-x3aw
Aliases:
CVE-2023-25434

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215.

There are no reported fixed by versions.

VCID-ju1t-bhyh-v7du
Aliases:
CVE-2022-48281

Out-of-bounds Write processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.

There are no reported fixed by versions.

VCID-k8kt-55y9-qyac
Aliases:
CVE-2023-2908

NULL Pointer Dereference A null pointer dereference issue was discovered in Libtiff's tif_dir.c file. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcp utility, which triggers runtime error, causing an undefined behavior, resulting in an application crash, eventually leading to a denial of service.

4.5.1
Affected by 0 other vulnerabilities.

VCID-ndwc-beev-43ck
Aliases:
CVE-2023-26965

Out-of-bounds Write loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.

4.5.1
Affected by 0 other vulnerabilities.

VCID-xmwn-vxux-h7g3
Aliases:
CVE-2023-25435

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753.

4.5.1
Affected by 0 other vulnerabilities.

VCID-z1vf-mhw2-ducs
Aliases:
CVE-2023-25433

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV.

4.5.1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-03T21:28:17.951209+00:00	GitLab Importer	Fixing	VCID-jdv4-3mf6-93hm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libtiff/CVE-2022-3970.yml	38.1.0
2026-04-01T12:51:29.140808+00:00	GitLab Importer	Affected by	VCID-k8kt-55y9-qyac	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libtiff/CVE-2023-2908.yml	38.0.0
2026-04-01T12:51:29.082250+00:00	GitLab Importer	Affected by	VCID-z1vf-mhw2-ducs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libtiff/CVE-2023-25433.yml	38.0.0
2026-04-01T12:51:28.904518+00:00	GitLab Importer	Affected by	VCID-6dt6-ppka-b3ct	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libtiff/CVE-2023-26966.yml	38.0.0
2026-04-01T12:51:27.170887+00:00	GitLab Importer	Affected by	VCID-xmwn-vxux-h7g3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libtiff/CVE-2023-25435.yml	38.0.0
2026-04-01T12:51:24.789475+00:00	GitLab Importer	Affected by	VCID-cwen-8yyj-x3aw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libtiff/CVE-2023-25434.yml	38.0.0
2026-04-01T12:51:23.080912+00:00	GitLab Importer	Affected by	VCID-ndwc-beev-43ck	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libtiff/CVE-2023-26965.yml	38.0.0
2026-04-01T12:51:18.225847+00:00	GitLab Importer	Fixing	VCID-vrtj-45t6-cqec	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libtiff/CVE-2023-30775.yml	38.0.0
2026-04-01T12:51:17.950192+00:00	GitLab Importer	Fixing	VCID-7kmu-5yen-hfd1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libtiff/CVE-2023-2731.yml	38.0.0
2026-04-01T12:51:07.433166+00:00	GitLab Importer	Affected by	VCID-4mhv-7vrm-v7hv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libtiff/CVE-2023-1916.yml	38.0.0
2026-04-01T12:50:53.660046+00:00	GitLab Importer	Fixing	VCID-44zu-mtmq-57cm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libtiff/CVE-2023-0801.yml	38.0.0
2026-04-01T12:50:53.638102+00:00	GitLab Importer	Fixing	VCID-4pys-mah6-hfh6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libtiff/CVE-2023-0799.yml	38.0.0
2026-04-01T12:50:53.598627+00:00	GitLab Importer	Fixing	VCID-pnpt-r4ke-fufh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libtiff/CVE-2023-0803.yml	38.0.0
2026-04-01T12:50:53.522829+00:00	GitLab Importer	Fixing	VCID-tg7w-mbkg-7uhj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libtiff/CVE-2023-0798.yml	38.0.0
2026-04-01T12:50:53.475687+00:00	GitLab Importer	Fixing	VCID-b33v-b6h4-cqfe	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libtiff/CVE-2023-0804.yml	38.0.0
2026-04-01T12:50:53.415713+00:00	GitLab Importer	Fixing	VCID-2u8w-cy3j-9fen	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libtiff/CVE-2023-0800.yml	38.0.0
2026-04-01T12:50:53.363303+00:00	GitLab Importer	Fixing	VCID-4egk-vvjq-dyhw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libtiff/CVE-2023-0795.yml	38.0.0
2026-04-01T12:50:53.342198+00:00	GitLab Importer	Fixing	VCID-cw7d-us77-2fhv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libtiff/CVE-2023-0796.yml	38.0.0
2026-04-01T12:50:53.271480+00:00	GitLab Importer	Fixing	VCID-wza2-4rcj-hkcd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libtiff/CVE-2023-0797.yml	38.0.0
2026-04-01T12:50:53.249646+00:00	GitLab Importer	Fixing	VCID-x9xf-wuyn-6ffg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libtiff/CVE-2023-0802.yml	38.0.0
2026-04-01T12:50:48.202975+00:00	GitLab Importer	Affected by	VCID-ju1t-bhyh-v7du	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/libtiff/CVE-2022-48281.yml	38.0.0