VulnerableCode Package Details - pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-25fx-7kmb-fqhm	Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.	CVE-2022-0924
VCID-4mq7-s2p6-yufr	Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.	CVE-2022-0907
VCID-5mak-1mkk-wkdg	NULL Pointer Dereference Null source pointer passed as an argument to `memcpy()` function within `TIFFFetchStripThing()` in `tif_dirread.c` in libtiff could lead to Denial of Service via crafted TIFF file.	CVE-2022-0561
VCID-gmhp-4yx2-gfbv	Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.	CVE-2022-0909
VCID-h6gn-kv5x-bbd5	Out-of-bounds Write A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out-of-bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact	CVE-2022-0891
VCID-kpq7-5vsv-pucy	NULL Pointer Dereference Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.	CVE-2022-0908
VCID-mhwh-tsst-cfaj	Out-of-bounds Read LibTIFF has an out-of-bounds read in `_TIFFmemcpy` in `tif_unix.c` in certain situations involving a custom tag and `0x0200` as the second word of the `DE` field.	CVE-2022-22844
VCID-qsrb-hf2u-tudp	NULL Pointer Dereference Null source pointer passed as an argument to memcpy() function within `TIFFReadDirectory()` in `tif_dirread.c` in libtiff versions from to could lead to Denial of Service via a crafted TIFF file.	CVE-2022-0562
VCID-zedn-437q-47b2	Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.	CVE-2022-0865

Vulnerability

Summary

Aliases

VCID-25fx-7kmb-fqhm

Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.

CVE-2022-0924

VCID-4mq7-s2p6-yufr

Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.

CVE-2022-0907

VCID-5mak-1mkk-wkdg

NULL Pointer Dereference Null source pointer passed as an argument to `memcpy()` function within `TIFFFetchStripThing()` in `tif_dirread.c` in libtiff could lead to Denial of Service via crafted TIFF file.

CVE-2022-0561

VCID-gmhp-4yx2-gfbv

Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.

CVE-2022-0909

VCID-h6gn-kv5x-bbd5

Out-of-bounds Write A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out-of-bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact

CVE-2022-0891

VCID-kpq7-5vsv-pucy

NULL Pointer Dereference Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.

CVE-2022-0908

VCID-mhwh-tsst-cfaj

Out-of-bounds Read LibTIFF has an out-of-bounds read in `_TIFFmemcpy` in `tif_unix.c` in certain situations involving a custom tag and `0x0200` as the second word of the `DE` field.

CVE-2022-22844

VCID-qsrb-hf2u-tudp

NULL Pointer Dereference Null source pointer passed as an argument to memcpy() function within `TIFFReadDirectory()` in `tif_dirread.c` in libtiff versions from to could lead to Denial of Service via a crafted TIFF file.

CVE-2022-0562

VCID-zedn-437q-47b2

Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.

CVE-2022-0865

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T11:57:15.409386+00:00	Debian Importer	Fixing	VCID-gmhp-4yx2-gfbv	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:23:36.791144+00:00	Debian Importer	Fixing	VCID-qsrb-hf2u-tudp	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:15:39.117279+00:00	Debian Importer	Fixing	VCID-kpq7-5vsv-pucy	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:09:46.489810+00:00	Debian Importer	Fixing	VCID-zedn-437q-47b2	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:48:02.142696+00:00	Debian Importer	Fixing	VCID-h6gn-kv5x-bbd5	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:18:43.875278+00:00	Debian Importer	Fixing	VCID-mhwh-tsst-cfaj	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:17:48.295564+00:00	Debian Importer	Fixing	VCID-25fx-7kmb-fqhm	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:05:21.346937+00:00	Debian Importer	Fixing	VCID-5mak-1mkk-wkdg	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:03:10.211769+00:00	Debian Importer	Fixing	VCID-4mq7-s2p6-yufr	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:09:38.338966+00:00	Debian Importer	Fixing	VCID-gmhp-4yx2-gfbv	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:45:35.665989+00:00	Debian Importer	Fixing	VCID-qsrb-hf2u-tudp	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:39:31.932669+00:00	Debian Importer	Fixing	VCID-kpq7-5vsv-pucy	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:35:10.447298+00:00	Debian Importer	Fixing	VCID-zedn-437q-47b2	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:18:33.737980+00:00	Debian Importer	Fixing	VCID-h6gn-kv5x-bbd5	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:56:27.116425+00:00	Debian Importer	Fixing	VCID-mhwh-tsst-cfaj	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:55:43.703721+00:00	Debian Importer	Fixing	VCID-25fx-7kmb-fqhm	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:46:17.997967+00:00	Debian Importer	Fixing	VCID-5mak-1mkk-wkdg	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:04:09.606716+00:00	Debian Importer	Fixing	VCID-4mq7-s2p6-yufr	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:55:12.673707+00:00	Debian Importer	Fixing	VCID-mhwh-tsst-cfaj	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:55:12.192544+00:00	Debian Importer	Fixing	VCID-25fx-7kmb-fqhm	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:55:12.144779+00:00	Debian Importer	Fixing	VCID-gmhp-4yx2-gfbv	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:55:12.096956+00:00	Debian Importer	Fixing	VCID-kpq7-5vsv-pucy	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:55:12.049746+00:00	Debian Importer	Fixing	VCID-4mq7-s2p6-yufr	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:55:12.001737+00:00	Debian Importer	Fixing	VCID-h6gn-kv5x-bbd5	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:55:11.953994+00:00	Debian Importer	Fixing	VCID-zedn-437q-47b2	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:55:11.905474+00:00	Debian Importer	Fixing	VCID-qsrb-hf2u-tudp	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:55:11.858047+00:00	Debian Importer	Fixing	VCID-5mak-1mkk-wkdg	https://security-tracker.debian.org/tracker/data/json	38.1.0