VulnerableCode Package Details - pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1

Essentials
History (48)

purl	pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1

Next non-vulnerable version	4.7.0-3+deb13u2
Latest non-vulnerable version	4.7.1-2
Risk	3.5

Vulnerabilities affecting this package (7)

Vulnerability	Summary	Fixed by
VCID-7zdy-fxq2-p7gf Aliases: CVE-2025-61145	libtiff: libtiff: Denial of service via double free in tiffcrop.c	4.7.0-3+deb13u2 Affected by 0 other vulnerabilities. 4.7.1-2 Affected by 0 other vulnerabilities.
VCID-9grz-pkwb-3kc5 Aliases: CVE-2025-61144	libtiff: libtiff: Denial of Service via buffer overflow	4.7.0-3+deb13u2 Affected by 0 other vulnerabilities. 4.7.1-1 Affected by 0 other vulnerabilities. 4.7.1-2 Affected by 0 other vulnerabilities.
VCID-dg96-zmw1-8kcp Aliases: CVE-2025-8534	libtiff: Libtiff Null Pointer Dereference Vulnerability	4.7.0-3+deb13u2 Affected by 0 other vulnerabilities. 4.7.1-1 Affected by 0 other vulnerabilities. 4.7.1-2 Affected by 0 other vulnerabilities.
VCID-r186-xqyn-ffey Aliases: CVE-2025-61143	libtiff: libtiff: Denial of Service via NULL pointer dereference in tif_open.c	4.7.0-3+deb13u2 Affected by 0 other vulnerabilities. 4.7.1-1 Affected by 0 other vulnerabilities. 4.7.1-2 Affected by 0 other vulnerabilities.
VCID-sqxq-hg7v-d7gv Aliases: CVE-2025-8177	libtiff: LibTIFF Buffer Overflow	4.7.0-3+deb13u2 Affected by 0 other vulnerabilities. 4.7.1-2 Affected by 0 other vulnerabilities.
VCID-ttb7-w41r-4kfn Aliases: CVE-2026-4775	libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing	4.7.0-3+deb13u2 Affected by 0 other vulnerabilities. 4.7.1-2 Affected by 0 other vulnerabilities.
VCID-vju4-pghv-47bx Aliases: CVE-2025-8176	libtiff: LibTIFF Use-After-Free Vulnerability	4.7.0-3+deb13u2 Affected by 0 other vulnerabilities. 4.7.1-2 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (9)

Vulnerability	Summary	Aliases
VCID-38sj-85gt-sfhe	Out-of-bounds Write A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file.	CVE-2023-3164
VCID-4mhv-7vrm-v7hv	Out-of-bounds Read A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x.	CVE-2023-1916
VCID-a8jf-xmj8-cuh6	This advisory is a False-Positive and has been removed as it only impacted documentation.	CVE-2023-52355
VCID-b4hb-cxzy-suck	libtiff: LibTIFF Null Pointer Dereference	CVE-2024-13978
VCID-d8kh-h6vs-gqd4	libtiff: LibTIFF memory corruption	CVE-2025-8961
VCID-ndc5-qn5u-3qbq	libtiff: LibTIFF Stack-based buffer overflow	CVE-2025-8851
VCID-rp7t-x7gz-9udg	libtiff: heap-based buffer overflow in cpStripToTile() in tools/tiffcp.c	CVE-2023-6228
VCID-ukgj-45m7-6uba	libtiff: Out-of-memory in TIFFOpen via a craft file	CVE-2023-6277
VCID-yfxw-tmnn-byc6	libtiff: LibTIFF memory leak	CVE-2025-9165

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:35:30.813035+00:00	Debian Importer	Affected by	VCID-7zdy-fxq2-p7gf	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:30:50.122191+00:00	Debian Importer	Affected by	VCID-ttb7-w41r-4kfn	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:37:31.126734+00:00	Debian Importer	Affected by	VCID-vju4-pghv-47bx	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:29:29.967983+00:00	Debian Importer	Fixing	VCID-b4hb-cxzy-suck	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:16:29.399552+00:00	Debian Importer	Fixing	VCID-38sj-85gt-sfhe	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:53:08.999226+00:00	Debian Importer	Fixing	VCID-ndc5-qn5u-3qbq	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:43:58.720070+00:00	Debian Importer	Fixing	VCID-ukgj-45m7-6uba	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:43:03.952000+00:00	Debian Importer	Fixing	VCID-4mhv-7vrm-v7hv	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:40:27.890211+00:00	Debian Importer	Fixing	VCID-yfxw-tmnn-byc6	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:39:21.674619+00:00	Debian Importer	Fixing	VCID-rp7t-x7gz-9udg	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:32:09.447725+00:00	Debian Importer	Affected by	VCID-sqxq-hg7v-d7gv	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:24:58.811101+00:00	Debian Importer	Affected by	VCID-9grz-pkwb-3kc5	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:11:38.893495+00:00	Debian Importer	Fixing	VCID-a8jf-xmj8-cuh6	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:09:43.985421+00:00	Debian Importer	Affected by	VCID-r186-xqyn-ffey	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:49:24.220636+00:00	Debian Importer	Affected by	VCID-dg96-zmw1-8kcp	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:42:26.203969+00:00	Debian Importer	Fixing	VCID-d8kh-h6vs-gqd4	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:37:29.280227+00:00	Debian Importer	Affected by	VCID-7zdy-fxq2-p7gf	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:34:07.440380+00:00	Debian Importer	Affected by	VCID-ttb7-w41r-4kfn	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:55:24.129150+00:00	Debian Importer	Affected by	VCID-vju4-pghv-47bx	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:49:52.899748+00:00	Debian Importer	Fixing	VCID-b4hb-cxzy-suck	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:40:09.026176+00:00	Debian Importer	Fixing	VCID-38sj-85gt-sfhe	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:36:45.669802+00:00	Debian Importer	Fixing	VCID-ndc5-qn5u-3qbq	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:29:44.036643+00:00	Debian Importer	Fixing	VCID-ukgj-45m7-6uba	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-12T17:48:02.633356+00:00	Debian Importer	Fixing	VCID-4mhv-7vrm-v7hv	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:26:12.787376+00:00	Debian Importer	Fixing	VCID-yfxw-tmnn-byc6	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:25:33.487798+00:00	Debian Importer	Fixing	VCID-rp7t-x7gz-9udg	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:21:28.634404+00:00	Debian Importer	Affected by	VCID-sqxq-hg7v-d7gv	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:17:04.483560+00:00	Debian Importer	Affected by	VCID-9grz-pkwb-3kc5	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:09:10.945971+00:00	Debian Importer	Fixing	VCID-a8jf-xmj8-cuh6	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:08:00.465433+00:00	Debian Importer	Affected by	VCID-r186-xqyn-ffey	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:55:40.188224+00:00	Debian Importer	Affected by	VCID-dg96-zmw1-8kcp	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:51:05.484296+00:00	Debian Importer	Fixing	VCID-d8kh-h6vs-gqd4	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-08T19:44:37.387544+00:00	Debian Importer	Affected by	VCID-7zdy-fxq2-p7gf	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T19:42:22.172431+00:00	Debian Importer	Affected by	VCID-ttb7-w41r-4kfn	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T19:16:29.778061+00:00	Debian Importer	Affected by	VCID-vju4-pghv-47bx	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T19:12:32.425281+00:00	Debian Importer	Fixing	VCID-b4hb-cxzy-suck	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T19:05:44.837855+00:00	Debian Importer	Fixing	VCID-38sj-85gt-sfhe	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T18:23:43.123792+00:00	Debian Importer	Fixing	VCID-ndc5-qn5u-3qbq	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T18:18:52.856475+00:00	Debian Importer	Fixing	VCID-ukgj-45m7-6uba	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T18:18:23.927053+00:00	Debian Importer	Fixing	VCID-4mhv-7vrm-v7hv	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T18:17:06.952779+00:00	Debian Importer	Fixing	VCID-yfxw-tmnn-byc6	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T18:16:31.630190+00:00	Debian Importer	Fixing	VCID-rp7t-x7gz-9udg	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T18:12:48.108700+00:00	Debian Importer	Affected by	VCID-sqxq-hg7v-d7gv	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-07T06:13:31.385427+00:00	Debian Importer	Fixing	VCID-a8jf-xmj8-cuh6	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-07T06:12:32.660162+00:00	Debian Importer	Affected by	VCID-r186-xqyn-ffey	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-07T05:51:54.054113+00:00	Debian Importer	Fixing	VCID-d8kh-h6vs-gqd4	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-04T18:03:40.841116+00:00	Debian Importer	Affected by	VCID-9grz-pkwb-3kc5	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-04T17:08:04.421538+00:00	Debian Importer	Affected by	VCID-dg96-zmw1-8kcp	https://security-tracker.debian.org/tracker/data/json	38.1.0