libtiff security advisories
10 threat alerts tracking vulnerabilities and security advisories that affect libtiff products.
Vulnios monitors libtiff CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent libtiff security news in one place, or click into an individual alert for full detail.
Critical Vulnerability: CVE-2016-9535 — libtiff — libtiff
tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr
criticalCVE-2016-9535Critical Vulnerability: CVE-2016-9534 — libtiff — libtiff
tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-over
criticalCVE-2016-9534Critical Vulnerability: CVE-2016-9537 — libtiff — libtiff
tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096, and MSVR 35097.
criticalCVE-2016-9537Critical Vulnerability: CVE-2016-9538 — libtiff — libtiff
tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100.
criticalCVE-2016-9538Critical Vulnerability: CVE-2016-9536 — libtiff — libtiff
tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka "t2p_process_jpeg_strip heap-buffer-overflo
criticalCVE-2016-9536Critical Vulnerability: CVE-2016-9533 — libtiff — libtiff
tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka "PixarLog horizontalDifference heap-buffer-overflow."
criticalCVE-2016-9533Critical Vulnerability: CVE-2016-9540 — libtiff — libtiff
tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow."
criticalCVE-2016-9540Critical Vulnerability: CVE-2016-9539 — libtiff — libtiff
tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092.
criticalCVE-2016-9539Critical Vulnerability: CVE-2015-7554 — libtiff — libtiff
The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field dat
criticalCVE-2015-7554Critical Vulnerability: CVE-2016-6223 — libtiff — libtiff
The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a n
criticalCVE-2016-6223
Track libtiff exposure across your environment
Vulnios automatically cross-references your asset inventory against new libtiff CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan