VulnerableCode Package Details - pkg:deb/debian/tiff@4.5.1~rc3-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-6dt6-ppka-b3ct	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.	CVE-2023-26966
VCID-k8kt-55y9-qyac	NULL Pointer Dereference A null pointer dereference issue was discovered in Libtiff's tif_dir.c file. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcp utility, which triggers runtime error, causing an undefined behavior, resulting in an application crash, eventually leading to a denial of service.	CVE-2023-2908
VCID-ndwc-beev-43ck	Out-of-bounds Write loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.	CVE-2023-26965
VCID-pkdx-ktz1-mbbg	Missing Release of Memory after Effective Lifetime A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.	CVE-2023-3576
VCID-v4rx-c1w4-pbb3	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.	CVE-2023-3618
VCID-z1vf-mhw2-ducs	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV.	CVE-2023-25433

Vulnerability

Summary

Aliases

VCID-6dt6-ppka-b3ct

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.

CVE-2023-26966

VCID-k8kt-55y9-qyac

NULL Pointer Dereference A null pointer dereference issue was discovered in Libtiff's tif_dir.c file. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcp utility, which triggers runtime error, causing an undefined behavior, resulting in an application crash, eventually leading to a denial of service.

CVE-2023-2908

VCID-ndwc-beev-43ck

Out-of-bounds Write loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.

CVE-2023-26965

VCID-pkdx-ktz1-mbbg

Missing Release of Memory after Effective Lifetime A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.

CVE-2023-3576

VCID-v4rx-c1w4-pbb3

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.

CVE-2023-3618

VCID-z1vf-mhw2-ducs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV.

CVE-2023-25433

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T10:12:18.353784+00:00	Debian Importer	Fixing	VCID-6dt6-ppka-b3ct	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:51:14.206525+00:00	Debian Importer	Fixing	VCID-pkdx-ktz1-mbbg	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:49:10.438604+00:00	Debian Importer	Fixing	VCID-v4rx-c1w4-pbb3	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:27:24.826678+00:00	Debian Importer	Fixing	VCID-k8kt-55y9-qyac	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:55:52.412968+00:00	Debian Importer	Fixing	VCID-ndwc-beev-43ck	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:41:43.765866+00:00	Debian Importer	Fixing	VCID-z1vf-mhw2-ducs	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T06:51:36.179169+00:00	Debian Importer	Fixing	VCID-6dt6-ppka-b3ct	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:35:16.824443+00:00	Debian Importer	Fixing	VCID-pkdx-ktz1-mbbg	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:33:40.614879+00:00	Debian Importer	Fixing	VCID-v4rx-c1w4-pbb3	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:18:30.785090+00:00	Debian Importer	Fixing	VCID-k8kt-55y9-qyac	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:59:35.557298+00:00	Debian Importer	Fixing	VCID-ndwc-beev-43ck	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:50:38.361193+00:00	Debian Importer	Fixing	VCID-z1vf-mhw2-ducs	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:55:14.986406+00:00	Debian Importer	Fixing	VCID-v4rx-c1w4-pbb3	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:55:14.922638+00:00	Debian Importer	Fixing	VCID-pkdx-ktz1-mbbg	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:55:14.635721+00:00	Debian Importer	Fixing	VCID-k8kt-55y9-qyac	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:55:14.524568+00:00	Debian Importer	Fixing	VCID-6dt6-ppka-b3ct	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:55:14.470542+00:00	Debian Importer	Fixing	VCID-ndwc-beev-43ck	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:55:14.321858+00:00	Debian Importer	Fixing	VCID-z1vf-mhw2-ducs	https://security-tracker.debian.org/tracker/data/json	38.1.0