Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u2?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (7)
Vulnerability Summary Aliases
VCID-1nme-2pjx-q7hp libtiff: NULL pointer dereference in tif_dirinfo.c CVE-2024-7006
VCID-6dt6-ppka-b3ct Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian. CVE-2023-26966
VCID-k8kt-55y9-qyac NULL Pointer Dereference A null pointer dereference issue was discovered in Libtiff's tif_dir.c file. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcp utility, which triggers runtime error, causing an undefined behavior, resulting in an application crash, eventually leading to a denial of service. CVE-2023-2908
VCID-ndwc-beev-43ck Out-of-bounds Write loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image. CVE-2023-26965
VCID-ua38-ur2u-eues Out-of-bounds Write A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. CVE-2023-52356
VCID-v4rx-c1w4-pbb3 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service. CVE-2023-3618
VCID-z1vf-mhw2-ducs Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV. CVE-2023-25433

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T10:40:17.791617+00:00 Debian Importer Fixing VCID-ua38-ur2u-eues https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:12:18.343041+00:00 Debian Importer Fixing VCID-6dt6-ppka-b3ct https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:49:10.425614+00:00 Debian Importer Fixing VCID-v4rx-c1w4-pbb3 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:27:24.816462+00:00 Debian Importer Fixing VCID-k8kt-55y9-qyac https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:55:52.401881+00:00 Debian Importer Fixing VCID-ndwc-beev-43ck https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:47:41.491028+00:00 Debian Importer Fixing VCID-1nme-2pjx-q7hp https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:41:43.755692+00:00 Debian Importer Fixing VCID-z1vf-mhw2-ducs https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T07:13:03.279952+00:00 Debian Importer Fixing VCID-ua38-ur2u-eues https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:51:36.167785+00:00 Debian Importer Fixing VCID-6dt6-ppka-b3ct https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:33:40.601149+00:00 Debian Importer Fixing VCID-v4rx-c1w4-pbb3 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:18:30.773798+00:00 Debian Importer Fixing VCID-k8kt-55y9-qyac https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T17:59:35.546113+00:00 Debian Importer Fixing VCID-ndwc-beev-43ck https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T17:54:32.463133+00:00 Debian Importer Fixing VCID-1nme-2pjx-q7hp https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T17:50:38.349710+00:00 Debian Importer Fixing VCID-z1vf-mhw2-ducs https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:55:15.398914+00:00 Debian Importer Fixing VCID-1nme-2pjx-q7hp https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:55:15.165059+00:00 Debian Importer Fixing VCID-ua38-ur2u-eues https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:55:14.954123+00:00 Debian Importer Fixing VCID-v4rx-c1w4-pbb3 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:55:14.609555+00:00 Debian Importer Fixing VCID-k8kt-55y9-qyac https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:55:14.497777+00:00 Debian Importer Fixing VCID-6dt6-ppka-b3ct https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:55:14.443819+00:00 Debian Importer Fixing VCID-ndwc-beev-43ck https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:55:14.293309+00:00 Debian Importer Fixing VCID-z1vf-mhw2-ducs https://security-tracker.debian.org/tracker/data/json 38.1.0