VulnerableCode Package Details - pkg:rpm/redhat/libtiff@4.0.9-32?arch=el8

Search for packages

Vulnerability	Summary	Fixed by
VCID-1asc-7axg-6ben Aliases: CVE-2018-15209	security update	There are no reported fixed by versions.
VCID-rp7t-x7gz-9udg Aliases: CVE-2023-6228	libtiff: heap-based buffer overflow in cpStripToTile() in tools/tiffcp.c	There are no reported fixed by versions.
VCID-ua38-ur2u-eues Aliases: CVE-2023-52356	Out-of-bounds Write A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.	There are no reported fixed by versions.
VCID-z1vf-mhw2-ducs Aliases: CVE-2023-25433	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-1asc-7axg-6ben
Aliases:
CVE-2018-15209

security update

There are no reported fixed by versions.

VCID-rp7t-x7gz-9udg
Aliases:
CVE-2023-6228

libtiff: heap-based buffer overflow in cpStripToTile() in tools/tiffcp.c

There are no reported fixed by versions.

VCID-ua38-ur2u-eues
Aliases:
CVE-2023-52356

Out-of-bounds Write A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.

There are no reported fixed by versions.

VCID-z1vf-mhw2-ducs
Aliases:
CVE-2023-25433

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-19T06:26:22.281635+00:00	RedHat Importer	Affected by	VCID-ua38-ur2u-eues	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52356.json	38.4.0
2026-04-10T08:23:20.382234+00:00	RedHat Importer	Affected by	VCID-ua38-ur2u-eues	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52356.json	38.1.0
2026-04-01T14:22:53.487077+00:00	RedHat Importer	Affected by	VCID-1asc-7axg-6ben	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15209.json	38.0.0
2026-04-01T13:55:37.753718+00:00	RedHat Importer	Affected by	VCID-z1vf-mhw2-ducs	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25433.json	38.0.0
2026-04-01T13:52:43.850195+00:00	RedHat Importer	Affected by	VCID-rp7t-x7gz-9udg	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6228.json	38.0.0
2026-04-01T13:51:16.231411+00:00	RedHat Importer	Affected by	VCID-ua38-ur2u-eues	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52356.json	38.0.0