Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2004-0804

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-16 Oct, 2004 | 04:00
Updated At-08 Aug, 2024 | 00:31
Rejected At-
Credits

Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a denial of service (application crash) via a TIFF image that causes a divide-by-zero error when the number of row bytes is zero, a different vulnerability than CVE-2005-2452.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:16 Oct, 2004 | 04:00
Updated At:08 Aug, 2024 | 00:31
Rejected At:
▼CVE Numbering Authority (CNA)

Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a denial of service (application crash) via a TIFF image that causes a divide-by-zero error when the number of row bytes is zero, a different vulnerability than CVE-2005-2452.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.redhat.com/support/errata/RHSA-2004-577.html
vendor-advisory
x_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDKSA-2004:109
vendor-advisory
x_refsource_MANDRAKE
http://www.redhat.com/support/errata/RHSA-2005-021.html
vendor-advisory
x_refsource_REDHAT
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1
vendor-advisory
x_refsource_SUNALERT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100115
vdb-entry
signature
x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11711
vdb-entry
signature
x_refsource_OVAL
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1
vendor-advisory
x_refsource_SUNALERT
http://www.novell.com/linux/security/advisories/2004_38_libtiff.html
vendor-advisory
x_refsource_SUSE
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888
vendor-advisory
x_refsource_CONECTIVA
http://www.mandriva.com/security/advisories?name=MDKSA-2005:052
vendor-advisory
x_refsource_MANDRAKE
http://www.kde.org/info/security/advisory-20041209-2.txt
x_refsource_CONFIRM
http://www.kb.cert.org/vuls/id/555304
third-party-advisory
x_refsource_CERT-VN
http://www.redhat.com/support/errata/RHSA-2005-354.html
vendor-advisory
x_refsource_REDHAT
http://www.debian.org/security/2004/dsa-567
vendor-advisory
x_refsource_DEBIAN
https://exchange.xforce.ibmcloud.com/vulnerabilities/17755
vdb-entry
x_refsource_XF
http://bugzilla.remotesensing.org/show_bug.cgi?id=111
x_refsource_MISC
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-577.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:109
Resource:
vendor-advisory
x_refsource_MANDRAKE
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-021.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100115
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11711
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://www.novell.com/linux/security/advisories/2004_38_libtiff.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888
Resource:
vendor-advisory
x_refsource_CONECTIVA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2005:052
Resource:
vendor-advisory
x_refsource_MANDRAKE
Hyperlink: http://www.kde.org/info/security/advisory-20041209-2.txt
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.kb.cert.org/vuls/id/555304
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-354.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.debian.org/security/2004/dsa-567
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/17755
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://bugzilla.remotesensing.org/show_bug.cgi?id=111
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.redhat.com/support/errata/RHSA-2004-577.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.mandriva.com/security/advisories?name=MDKSA-2004:109
vendor-advisory
x_refsource_MANDRAKE
x_transferred
http://www.redhat.com/support/errata/RHSA-2005-021.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100115
vdb-entry
signature
x_refsource_OVAL
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11711
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
http://www.novell.com/linux/security/advisories/2004_38_libtiff.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888
vendor-advisory
x_refsource_CONECTIVA
x_transferred
http://www.mandriva.com/security/advisories?name=MDKSA-2005:052
vendor-advisory
x_refsource_MANDRAKE
x_transferred
http://www.kde.org/info/security/advisory-20041209-2.txt
x_refsource_CONFIRM
x_transferred
http://www.kb.cert.org/vuls/id/555304
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://www.redhat.com/support/errata/RHSA-2005-354.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.debian.org/security/2004/dsa-567
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/17755
vdb-entry
x_refsource_XF
x_transferred
http://bugzilla.remotesensing.org/show_bug.cgi?id=111
x_refsource_MISC
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-577.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:109
Resource:
vendor-advisory
x_refsource_MANDRAKE
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-021.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100115
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11711
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://www.novell.com/linux/security/advisories/2004_38_libtiff.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888
Resource:
vendor-advisory
x_refsource_CONECTIVA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2005:052
Resource:
vendor-advisory
x_refsource_MANDRAKE
x_transferred
Hyperlink: http://www.kde.org/info/security/advisory-20041209-2.txt
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/555304
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-354.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.debian.org/security/2004/dsa-567
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/17755
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://bugzilla.remotesensing.org/show_bug.cgi?id=111
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:03 Nov, 2004 | 05:00
Updated At:03 Apr, 2025 | 01:03

Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a denial of service (application crash) via a TIFF image that causes a divide-by-zero error when the number of row bytes is zero, a different vulnerability than CVE-2005-2452.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CPE Matches
LibTIFF
libtiff
>>libtiff>>Versions before 3.7.0(exclusive)
cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-369Primarynvd@nist.gov
CWE ID: CWE-369
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://bugzilla.remotesensing.org/show_bug.cgi?id=111cve@mitre.org
Issue Tracking
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888cve@mitre.org
Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1cve@mitre.org
Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1cve@mitre.org
Broken Link
http://www.debian.org/security/2004/dsa-567cve@mitre.org
Vendor Advisory
http://www.kb.cert.org/vuls/id/555304cve@mitre.org
Third Party Advisory
US Government Resource
http://www.kde.org/info/security/advisory-20041209-2.txtcve@mitre.org
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2004:109cve@mitre.org
Broken Link
http://www.mandriva.com/security/advisories?name=MDKSA-2005:052cve@mitre.org
Broken Link
http://www.novell.com/linux/security/advisories/2004_38_libtiff.htmlcve@mitre.org
Broken Link
http://www.redhat.com/support/errata/RHSA-2004-577.htmlcve@mitre.org
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-021.htmlcve@mitre.org
Not Applicable
http://www.redhat.com/support/errata/RHSA-2005-354.htmlcve@mitre.org
Not Applicable
https://exchange.xforce.ibmcloud.com/vulnerabilities/17755cve@mitre.org
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100115cve@mitre.org
Tool Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11711cve@mitre.org
Tool Signature
http://bugzilla.remotesensing.org/show_bug.cgi?id=111af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.debian.org/security/2004/dsa-567af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.kb.cert.org/vuls/id/555304af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
US Government Resource
http://www.kde.org/info/security/advisory-20041209-2.txtaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2004:109af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.mandriva.com/security/advisories?name=MDKSA-2005:052af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.novell.com/linux/security/advisories/2004_38_libtiff.htmlaf854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.redhat.com/support/errata/RHSA-2004-577.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-021.htmlaf854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://www.redhat.com/support/errata/RHSA-2005-354.htmlaf854a3a-2127-422b-91ae-364da2661108
Not Applicable
https://exchange.xforce.ibmcloud.com/vulnerabilities/17755af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100115af854a3a-2127-422b-91ae-364da2661108
Tool Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11711af854a3a-2127-422b-91ae-364da2661108
Tool Signature
Hyperlink: http://bugzilla.remotesensing.org/show_bug.cgi?id=111
Source: cve@mitre.org
Resource:
Issue Tracking
Hyperlink: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.debian.org/security/2004/dsa-567
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.kb.cert.org/vuls/id/555304
Source: cve@mitre.org
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.kde.org/info/security/advisory-20041209-2.txt
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:109
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2005:052
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.novell.com/linux/security/advisories/2004_38_libtiff.html
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-577.html
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-021.html
Source: cve@mitre.org
Resource:
Not Applicable
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-354.html
Source: cve@mitre.org
Resource:
Not Applicable
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/17755
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100115
Source: cve@mitre.org
Resource:
Tool Signature
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11711
Source: cve@mitre.org
Resource:
Tool Signature
Hyperlink: http://bugzilla.remotesensing.org/show_bug.cgi?id=111
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Hyperlink: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.debian.org/security/2004/dsa-567
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.kb.cert.org/vuls/id/555304
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.kde.org/info/security/advisory-20041209-2.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:109
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2005:052
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.novell.com/linux/security/advisories/2004_38_libtiff.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-577.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-021.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Not Applicable
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-354.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Not Applicable
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/17755
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100115
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Tool Signature
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11711
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Tool Signature

Change History

0
Information is not available yet

Similar CVEs

192Records found
CVE-2016-10095
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.35% / 56.69%
||
7 Day CHG~0.00%
Published-01 Mar, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7 and 4.0.8 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file.

Action-Not Available
Vendor-n/aLibTIFF
Product-libtiffn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8683
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.21% / 43.20%
||
7 Day CHG~0.00%
Published-13 Apr, 2016 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image.

Action-Not Available
Vendor-n/aLibTIFFDebian GNU/Linux
Product-libtiffdebian_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8782
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-6.5||MEDIUM
EPSS-1.56% / 80.72%
||
7 Day CHG~0.00%
Published-01 Feb, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781.

Action-Not Available
Vendor-n/aLibTIFFDebian GNU/Linux
Product-libtiffdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-8783
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-6.5||MEDIUM
EPSS-0.66% / 70.06%
||
7 Day CHG~0.00%
Published-01 Feb, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image.

Action-Not Available
Vendor-n/aLibTIFFDebian GNU/Linux
Product-libtiffdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2015-8784
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-6.5||MEDIUM
EPSS-1.52% / 80.52%
||
7 Day CHG~0.00%
Published-13 Apr, 2016 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif.

Action-Not Available
Vendor-n/aLibTIFFDebian GNU/Linux
Product-libtiffdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-8781
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-6.5||MEDIUM
EPSS-2.09% / 83.32%
||
7 Day CHG~0.00%
Published-01 Feb, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782.

Action-Not Available
Vendor-n/aLibTIFFDebian GNU/Linux
Product-libtiffdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-7313
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.22% / 44.15%
||
7 Day CHG-0.01%
Published-17 Mar, 2017 | 14:00
Updated-27 Aug, 2025 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted tiff file.

Action-Not Available
Vendor-n/aLibTIFF
Product-libtiffn/a
CVE-2015-1547
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-4.42% / 88.60%
||
7 Day CHG~0.00%
Published-13 Apr, 2016 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif.

Action-Not Available
Vendor-n/aLibTIFFDebian GNU/Linux
Product-libtiffdebian_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-8127
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.41% / 60.59%
||
7 Day CHG~0.00%
Published-26 Jun, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.

Action-Not Available
Vendor-n/aopenSUSELibTIFF
Product-opensuselibtiffn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2014-8128
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.70% / 71.06%
||
7 Day CHG~0.00%
Published-12 Feb, 2020 | 02:15
Updated-06 Aug, 2024 | 13:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image.

Action-Not Available
Vendor-n/aLibTIFFApple Inc.
Product-iphone_osmac_os_xlibtiffLibTIFF
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-1056
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.04%
||
7 Day CHG~0.00%
Published-28 Mar, 2022 | 00:00
Updated-02 Aug, 2024 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.

Action-Not Available
Vendor-NetApp, Inc.LibTIFF
Product-libtiffactive_iq_unified_managerlibtiff
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-0865
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 21.64%
||
7 Day CHG~0.00%
Published-07 Mar, 2022 | 00:00
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.

Action-Not Available
Vendor-NetApp, Inc.LibTIFFFedora ProjectDebian GNU/Linux
Product-libtiffdebian_linuxactive_iq_unified_managerfedoralibtiff
CWE ID-CWE-617
Reachable Assertion
CVE-2018-10801
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.40% / 60.04%
||
7 Day CHG~0.00%
Published-08 May, 2018 | 06:00
Updated-16 Sep, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory leaks, as demonstrated by bmp2tiff.

Action-Not Available
Vendor-n/aLibTIFF
Product-libtiffn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2018-10126
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.31% / 53.83%
||
7 Day CHG-0.14%
Published-21 Apr, 2018 | 21:00
Updated-20 Aug, 2024 | 05:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ijg-libjpeg before 9d, as used in tiff2pdf (from LibTIFF) and other products, does not check for a NULL pointer at a certain place in jpeg_fdct_16x16 in jfdctint.c.

Action-Not Available
Vendor-n/aLibTIFF
Product-libtiffn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-9404
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.96% / 75.57%
||
7 Day CHG~0.00%
Published-02 Jun, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.LibTIFF
Product-ubuntu_linuxdebian_linuxlibtiffn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-9403
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.96% / 75.57%
||
7 Day CHG~0.00%
Published-02 Jun, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.LibTIFF
Product-ubuntu_linuxdebian_linuxlibtiffn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-7594
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.44% / 62.33%
||
7 Day CHG~0.00%
Published-09 Apr, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image.

Action-Not Available
Vendor-n/aLibTIFF
Product-libtiffn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2022-22844
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 27.00%
||
7 Day CHG~0.00%
Published-08 Jan, 2022 | 00:00
Updated-03 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.

Action-Not Available
Vendor-n/aNetApp, Inc.LibTIFFDebian GNU/Linux
Product-ontap_select_deploy_administration_utilitylibtiffdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-35522
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 19.50%
||
7 Day CHG~0.00%
Published-09 Mar, 2021 | 19:16
Updated-04 Aug, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.

Action-Not Available
Vendor-n/aNetApp, Inc.Red Hat, Inc.Fedora ProjectLibTIFF
Product-ontap_select_deploy_administration_utilitylibtifffedoraenterprise_linuxlibtiff
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-1622
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 19.94%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 00:00
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.

Action-Not Available
Vendor-NetApp, Inc.Fedora ProjectLibTIFFApple Inc.
Product-iphone_oswatchostvosontap_select_deploy_administration_utilitylibtifffedoramacoslibtiff
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-1210
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 11.62%
||
7 Day CHG-0.02%
Published-03 Apr, 2022 | 00:00
Updated-15 Apr, 2025 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LibTIFF tiff2ps resource consumption

A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-unspecifiedNetApp, Inc.LibTIFF
Product-ontap_select_deploy_administration_utilitylibtiffLibTIFF
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2022-0907
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 21.35%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 00:00
Updated-02 Aug, 2024 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.

Action-Not Available
Vendor-NetApp, Inc.LibTIFFFedora ProjectDebian GNU/Linux
Product-ontap_select_deploy_administration_utilitylibtiffdebian_linuxfedoralibtiff
CWE ID-CWE-252
Unchecked Return Value
CVE-2022-0562
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 19.36%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 00:00
Updated-02 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.

Action-Not Available
Vendor-NetApp, Inc.LibTIFFFedora ProjectDebian GNU/Linux
Product-ontap_select_deploy_administration_utilitylibtiffdebian_linuxfedoralibtiff
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-0924
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 25.83%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 00:00
Updated-02 Aug, 2024 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.

Action-Not Available
Vendor-NetApp, Inc.LibTIFFFedora ProjectDebian GNU/Linux
Product-ontap_select_deploy_administration_utilitylibtiffdebian_linuxfedoralibtiff
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-0908
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-7.7||HIGH
EPSS-0.06% / 18.31%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 00:00
Updated-02 Aug, 2024 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.

Action-Not Available
Vendor-NetApp, Inc.LibTIFFFedora ProjectDebian GNU/Linux
Product-ontap_select_deploy_administration_utilitylibtiffdebian_linuxfedoralibtiff
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-0561
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 28.56%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 00:00
Updated-02 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.

Action-Not Available
Vendor-NetApp, Inc.Red Hat, Inc.LibTIFFFedora ProjectDebian GNU/Linux
Product-debian_linuxontap_select_deploy_administration_utilitylibtifffedoraenterprise_linuxlibtiff
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-7663
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.57% / 80.80%
||
7 Day CHG~0.00%
Published-09 Feb, 2019 | 16:00
Updated-04 Aug, 2024 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900.

Action-Not Available
Vendor-n/aopenSUSELibTIFFDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxlibtiffdebian_linuxleapn/a
CVE-2015-8665
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.21% / 43.30%
||
7 Day CHG~0.00%
Published-13 Apr, 2016 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image.

Action-Not Available
Vendor-n/aLibTIFF
Product-libtiffn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-9147
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-4.35% / 88.48%
||
7 Day CHG~0.00%
Published-22 May, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file.

Action-Not Available
Vendor-n/aLibTIFF
Product-libtiffn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-5323
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.10% / 77.18%
||
7 Day CHG~0.00%
Published-20 Jan, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image.

Action-Not Available
Vendor-n/aopenSUSELibTIFF
Product-opensuselibtiffn/a
CWE ID-CWE-369
Divide By Zero
CVE-2016-3623
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.58% / 80.87%
||
7 Day CHG~0.00%
Published-03 Oct, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0.

Action-Not Available
Vendor-n/aLibTIFFopenSUSE
Product-libtiffopensusen/a
CWE ID-CWE-369
Divide By Zero
CVE-2017-9202
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.40% / 60.17%
||
7 Day CHG~0.00%
Published-23 May, 2017 | 03:56
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

imagew-cmd.c:854:45 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c.

Action-Not Available
Vendor-entropyminen/a
Product-imageworsenern/a
CWE ID-CWE-369
Divide By Zero
CVE-2017-8535
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-4.95% / 89.24%
||
7 Day CHG~0.00%
Published-26 May, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8536, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_defenderwindows_7endpoint_protectionsecurity_essentialswindows_server_2016exchange_serverwindows_8.1forefront_endpoint_protectionwindows_rt_8.1windows_10system_center_endpoint_protectionwindows_intune_endpoint_protectionMalware Protection Engine
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-369
Divide By Zero
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2017-8539
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-19.18% / 95.12%
||
7 Day CHG~0.00%
Published-26 May, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8542.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_defenderwindows_7windows_server_2012malware_protection_enginewindows_server_2016exchange_serverwindows_8.1windows_rt_8.1windows_10forefront_securityMalware Protection Engine
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-369
Divide By Zero
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2017-8542
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-19.18% / 95.12%
||
7 Day CHG~0.00%
Published-26 May, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8539.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_defenderwindows_7windows_server_2012malware_protection_enginewindows_server_2016exchange_serverwindows_8.1windows_rt_8.1windows_10forefront_securityMalware Protection
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-369
Divide By Zero
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2017-8842
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 40.39%
||
7 Day CHG~0.00%
Published-08 May, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted archive.

Action-Not Available
Vendor-long_range_zip_projectn/a
Product-long_range_zipn/a
CWE ID-CWE-369
Divide By Zero
CVE-2017-8536
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-4.95% / 89.24%
||
7 Day CHG~0.00%
Published-26 May, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_defenderwindows_7endpoint_protectionsecurity_essentialswindows_server_2016exchange_serverwindows_8.1forefront_endpoint_protectionwindows_rt_8.1windows_10system_center_endpoint_protectionwindows_intune_endpoint_protectionMalware Protection Engine
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-369
Divide By Zero
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2017-9239
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 33.63%
||
7 Day CHG~0.00%
Published-26 May, 2017 | 10:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this vulnerability, someone must open a crafted tiff file.

Action-Not Available
Vendor-n/aCanonical Ltd.Exiv2
Product-ubuntu_linuxexiv2n/a
CWE ID-CWE-369
Divide By Zero
CVE-2017-9201
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.40% / 60.17%
||
7 Day CHG~0.00%
Published-23 May, 2017 | 03:56
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

imagew-cmd.c:850:46 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c.

Action-Not Available
Vendor-entropyminen/a
Product-imageworsenern/a
CWE ID-CWE-369
Divide By Zero
CVE-2017-7448
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.28% / 51.40%
||
7 Day CHG~0.00%
Published-05 Apr, 2017 | 23:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The allocate_channel_framebuffer function in uncompressed_components.hh in Dropbox Lepton 1.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed JPEG image.

Action-Not Available
Vendor-dropboxn/a
Product-leptonn/a
CWE ID-CWE-369
Divide By Zero
CVE-2017-7962
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.26% / 49.67%
||
7 Day CHG~0.00%
Published-19 Apr, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The iwgif_read_image function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.

Action-Not Available
Vendor-entropyminen/a
Product-imageworsenern/a
CWE ID-CWE-369
Divide By Zero
CVE-2017-5844
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.76% / 72.28%
||
7 Day CHG~0.00%
Published-09 Feb, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file.

Action-Not Available
Vendor-gstreamer_projectn/a
Product-gstreamern/a
CWE ID-CWE-369
Divide By Zero
CVE-2020-16299
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.48% / 63.91%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 02:08
Updated-04 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Division by Zero vulnerability in bj10v_print_page() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxArtifex Software Inc.
Product-ubuntu_linuxdebian_linuxghostscriptn/a
CWE ID-CWE-369
Divide By Zero
CVE-2020-16310
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.48% / 63.91%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 02:10
Updated-04 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxArtifex Software Inc.
Product-ubuntu_linuxdebian_linuxghostscriptn/a
CWE ID-CWE-369
Divide By Zero
CVE-2017-17054
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 38.02%
||
7 Day CHG~0.00%
Published-29 Nov, 2017 | 07:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In aubio 0.4.6, a divide-by-zero error exists in the function new_aubio_source_wavread() in source_wavread.c, which may lead to DoS when playing a crafted audio file.

Action-Not Available
Vendor-aubion/a
Product-aubion/a
CWE ID-CWE-369
Divide By Zero
CVE-2017-17508
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.46% / 63.41%
||
7 Day CHG~0.00%
Published-11 Dec, 2017 | 03:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.

Action-Not Available
Vendor-n/aThe HDF Group
Product-hdf5n/a
CWE ID-CWE-369
Divide By Zero
CVE-2017-16942
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 51.41%
||
7 Day CHG~0.00%
Published-25 Nov, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file.

Action-Not Available
Vendor-libsndfile_projectn/a
Product-libsndfilen/a
CWE ID-CWE-369
Divide By Zero
CVE-2017-15266
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.36% / 57.64%
||
7 Day CHG~0.00%
Published-11 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via a zero sample rate.

Action-Not Available
Vendor-n/aGNU
Product-libextractorn/a
CWE ID-CWE-369
Divide By Zero
CVE-2021-46244
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.42%
||
7 Day CHG~0.00%
Published-21 Jan, 2022 | 20:32
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the function H5T__complete_copy () at /hdf5/src/H5T.c. This vulnerability causes an aritmetic exception, leading to a Denial of Service (DoS).

Action-Not Available
Vendor-n/aThe HDF Group
Product-hdf5n/a
CWE ID-CWE-369
Divide By Zero
CVE-2021-44917
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 41.08%
||
7 Day CHG~0.00%
Published-21 Dec, 2021 | 19:57
Updated-04 Aug, 2024 | 04:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Divide by Zero vulnerability exists in gnuplot 5.4 in the boundary3d function in graph3d.c, which could cause a Arithmetic exception and application crash.

Action-Not Available
Vendor-gnuplotn/a
Product-gnuplotn/a
CWE ID-CWE-369
Divide By Zero
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found