Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/libtiff@4.4.0-10?arch=el9
purl pkg:rpm/redhat/libtiff@4.4.0-10?arch=el9
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 10.0
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-2ds7-xq64-9ue2
Aliases:
CVE-2023-3316
NULL Pointer Dereference A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones. There are no reported fixed by versions.
VCID-6dt6-ppka-b3ct
Aliases:
CVE-2023-26966
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian. There are no reported fixed by versions.
VCID-7kmu-5yen-hfd1
Aliases:
CVE-2023-2731
NULL Pointer Dereference A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service. There are no reported fixed by versions.
VCID-ndwc-beev-43ck
Aliases:
CVE-2023-26965
Out-of-bounds Write loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image. There are no reported fixed by versions.
VCID-pkdx-ktz1-mbbg
Aliases:
CVE-2023-3576
Missing Release of Memory after Effective Lifetime A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service. There are no reported fixed by versions.
VCID-x7w1-k9zt-qkab
Aliases:
CVE-2017-17095
Multiple vulnerabilities have been found in LibTIFF, the worst of which could result in a Denial of Service condition. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:26:57.150729+00:00 RedHat Importer Affected by VCID-x7w1-k9zt-qkab https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17095.json 38.0.0
2026-04-01T13:55:22.138126+00:00 RedHat Importer Affected by VCID-6dt6-ppka-b3ct https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26966.json 38.0.0
2026-04-01T13:55:10.376336+00:00 RedHat Importer Affected by VCID-pkdx-ktz1-mbbg https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3576.json 38.0.0
2026-04-01T13:54:04.262187+00:00 RedHat Importer Affected by VCID-7kmu-5yen-hfd1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2731.json 38.0.0
2026-04-01T13:53:46.065865+00:00 RedHat Importer Affected by VCID-ndwc-beev-43ck https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26965.json 38.0.0
2026-04-01T13:53:41.835461+00:00 RedHat Importer Affected by VCID-2ds7-xq64-9ue2 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3316.json 38.0.0