Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2004-0804

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-16 Oct, 2004 | 04:00
Updated At-08 Aug, 2024 | 00:31
Rejected At-
Credits

Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a denial of service (application crash) via a TIFF image that causes a divide-by-zero error when the number of row bytes is zero, a different vulnerability than CVE-2005-2452.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:16 Oct, 2004 | 04:00
Updated At:08 Aug, 2024 | 00:31
Rejected At:
▼CVE Numbering Authority (CNA)

Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a denial of service (application crash) via a TIFF image that causes a divide-by-zero error when the number of row bytes is zero, a different vulnerability than CVE-2005-2452.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.redhat.com/support/errata/RHSA-2004-577.html
vendor-advisory
x_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDKSA-2004:109
vendor-advisory
x_refsource_MANDRAKE
http://www.redhat.com/support/errata/RHSA-2005-021.html
vendor-advisory
x_refsource_REDHAT
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1
vendor-advisory
x_refsource_SUNALERT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100115
vdb-entry
signature
x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11711
vdb-entry
signature
x_refsource_OVAL
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1
vendor-advisory
x_refsource_SUNALERT
http://www.novell.com/linux/security/advisories/2004_38_libtiff.html
vendor-advisory
x_refsource_SUSE
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888
vendor-advisory
x_refsource_CONECTIVA
http://www.mandriva.com/security/advisories?name=MDKSA-2005:052
vendor-advisory
x_refsource_MANDRAKE
http://www.kde.org/info/security/advisory-20041209-2.txt
x_refsource_CONFIRM
http://www.kb.cert.org/vuls/id/555304
third-party-advisory
x_refsource_CERT-VN
http://www.redhat.com/support/errata/RHSA-2005-354.html
vendor-advisory
x_refsource_REDHAT
http://www.debian.org/security/2004/dsa-567
vendor-advisory
x_refsource_DEBIAN
https://exchange.xforce.ibmcloud.com/vulnerabilities/17755
vdb-entry
x_refsource_XF
http://bugzilla.remotesensing.org/show_bug.cgi?id=111
x_refsource_MISC
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-577.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:109
Resource:
vendor-advisory
x_refsource_MANDRAKE
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-021.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100115
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11711
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://www.novell.com/linux/security/advisories/2004_38_libtiff.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888
Resource:
vendor-advisory
x_refsource_CONECTIVA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2005:052
Resource:
vendor-advisory
x_refsource_MANDRAKE
Hyperlink: http://www.kde.org/info/security/advisory-20041209-2.txt
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.kb.cert.org/vuls/id/555304
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-354.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.debian.org/security/2004/dsa-567
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/17755
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://bugzilla.remotesensing.org/show_bug.cgi?id=111
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.redhat.com/support/errata/RHSA-2004-577.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.mandriva.com/security/advisories?name=MDKSA-2004:109
vendor-advisory
x_refsource_MANDRAKE
x_transferred
http://www.redhat.com/support/errata/RHSA-2005-021.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100115
vdb-entry
signature
x_refsource_OVAL
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11711
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
http://www.novell.com/linux/security/advisories/2004_38_libtiff.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888
vendor-advisory
x_refsource_CONECTIVA
x_transferred
http://www.mandriva.com/security/advisories?name=MDKSA-2005:052
vendor-advisory
x_refsource_MANDRAKE
x_transferred
http://www.kde.org/info/security/advisory-20041209-2.txt
x_refsource_CONFIRM
x_transferred
http://www.kb.cert.org/vuls/id/555304
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://www.redhat.com/support/errata/RHSA-2005-354.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.debian.org/security/2004/dsa-567
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/17755
vdb-entry
x_refsource_XF
x_transferred
http://bugzilla.remotesensing.org/show_bug.cgi?id=111
x_refsource_MISC
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-577.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:109
Resource:
vendor-advisory
x_refsource_MANDRAKE
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-021.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100115
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11711
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://www.novell.com/linux/security/advisories/2004_38_libtiff.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888
Resource:
vendor-advisory
x_refsource_CONECTIVA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2005:052
Resource:
vendor-advisory
x_refsource_MANDRAKE
x_transferred
Hyperlink: http://www.kde.org/info/security/advisory-20041209-2.txt
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/555304
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-354.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.debian.org/security/2004/dsa-567
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/17755
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://bugzilla.remotesensing.org/show_bug.cgi?id=111
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:03 Nov, 2004 | 05:00
Updated At:03 Apr, 2025 | 01:03

Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a denial of service (application crash) via a TIFF image that causes a divide-by-zero error when the number of row bytes is zero, a different vulnerability than CVE-2005-2452.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CPE Matches
LibTIFF
libtiff
>>libtiff>>Versions before 3.7.0(exclusive)
cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-369Primarynvd@nist.gov
CWE ID: CWE-369
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://bugzilla.remotesensing.org/show_bug.cgi?id=111cve@mitre.org
Issue Tracking
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888cve@mitre.org
Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1cve@mitre.org
Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1cve@mitre.org
Broken Link
http://www.debian.org/security/2004/dsa-567cve@mitre.org
Vendor Advisory
http://www.kb.cert.org/vuls/id/555304cve@mitre.org
Third Party Advisory
US Government Resource
http://www.kde.org/info/security/advisory-20041209-2.txtcve@mitre.org
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2004:109cve@mitre.org
Broken Link
http://www.mandriva.com/security/advisories?name=MDKSA-2005:052cve@mitre.org
Broken Link
http://www.novell.com/linux/security/advisories/2004_38_libtiff.htmlcve@mitre.org
Broken Link
http://www.redhat.com/support/errata/RHSA-2004-577.htmlcve@mitre.org
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-021.htmlcve@mitre.org
Not Applicable
http://www.redhat.com/support/errata/RHSA-2005-354.htmlcve@mitre.org
Not Applicable
https://exchange.xforce.ibmcloud.com/vulnerabilities/17755cve@mitre.org
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100115cve@mitre.org
Tool Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11711cve@mitre.org
Tool Signature
http://bugzilla.remotesensing.org/show_bug.cgi?id=111af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.debian.org/security/2004/dsa-567af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.kb.cert.org/vuls/id/555304af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
US Government Resource
http://www.kde.org/info/security/advisory-20041209-2.txtaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2004:109af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.mandriva.com/security/advisories?name=MDKSA-2005:052af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.novell.com/linux/security/advisories/2004_38_libtiff.htmlaf854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.redhat.com/support/errata/RHSA-2004-577.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-021.htmlaf854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://www.redhat.com/support/errata/RHSA-2005-354.htmlaf854a3a-2127-422b-91ae-364da2661108
Not Applicable
https://exchange.xforce.ibmcloud.com/vulnerabilities/17755af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100115af854a3a-2127-422b-91ae-364da2661108
Tool Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11711af854a3a-2127-422b-91ae-364da2661108
Tool Signature
Hyperlink: http://bugzilla.remotesensing.org/show_bug.cgi?id=111
Source: cve@mitre.org
Resource:
Issue Tracking
Hyperlink: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.debian.org/security/2004/dsa-567
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.kb.cert.org/vuls/id/555304
Source: cve@mitre.org
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.kde.org/info/security/advisory-20041209-2.txt
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:109
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2005:052
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.novell.com/linux/security/advisories/2004_38_libtiff.html
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-577.html
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-021.html
Source: cve@mitre.org
Resource:
Not Applicable
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-354.html
Source: cve@mitre.org
Resource:
Not Applicable
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/17755
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100115
Source: cve@mitre.org
Resource:
Tool Signature
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11711
Source: cve@mitre.org
Resource:
Tool Signature
Hyperlink: http://bugzilla.remotesensing.org/show_bug.cgi?id=111
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Hyperlink: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.debian.org/security/2004/dsa-567
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.kb.cert.org/vuls/id/555304
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.kde.org/info/security/advisory-20041209-2.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:109
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2005:052
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.novell.com/linux/security/advisories/2004_38_libtiff.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-577.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-021.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Not Applicable
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-354.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Not Applicable
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/17755
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100115
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Tool Signature
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11711
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Tool Signature

Change History

0
Information is not available yet

Similar CVEs

192Records found
CVE-2018-10779
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 52.90%
||
7 Day CHG~0.00%
Published-07 May, 2018 | 07:00
Updated-05 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff.

Action-Not Available
Vendor-n/aLibTIFFCanonical Ltd.
Product-ubuntu_linuxlibtiffn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-10126
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 52.92%
||
7 Day CHG-0.16%
Published-21 Apr, 2018 | 21:00
Updated-20 Aug, 2024 | 05:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ijg-libjpeg before 9d, as used in tiff2pdf (from LibTIFF) and other products, does not check for a NULL pointer at a certain place in jpeg_fdct_16x16 in jfdctint.c.

Action-Not Available
Vendor-n/aLibTIFF
Product-libtiffn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-9815
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.47% / 63.87%
||
7 Day CHG~0.00%
Published-22 Jun, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a denial of service (memory leak within the function _TIFFmalloc in tif_unix.c) via a crafted file.

Action-Not Available
Vendor-n/aLibTIFFCanonical Ltd.
Product-ubuntu_linuxlibtiffn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-9937
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.54% / 67.08%
||
7 Day CHG-0.33%
Published-26 Jun, 2017 | 12:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack.

Action-Not Available
Vendor-n/aLibTIFF
Product-libtiffn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-9404
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.96% / 76.10%
||
7 Day CHG~0.00%
Published-02 Jun, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.LibTIFF
Product-ubuntu_linuxdebian_linuxlibtiffn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-9147
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-4.35% / 88.68%
||
7 Day CHG~0.00%
Published-22 May, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file.

Action-Not Available
Vendor-n/aLibTIFF
Product-libtiffn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-7594
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.44% / 62.74%
||
7 Day CHG~0.00%
Published-09 Apr, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image.

Action-Not Available
Vendor-n/aLibTIFF
Product-libtiffn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2018-10963
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.36% / 57.35%
||
7 Day CHG~0.00%
Published-10 May, 2018 | 02:00
Updated-05 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726.

Action-Not Available
Vendor-n/aLibTIFFDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxlibtiffdebian_linuxn/a
CWE ID-CWE-617
Reachable Assertion
CVE-2017-9936
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-6.04% / 90.52%
||
7 Day CHG~0.00%
Published-26 Jun, 2017 | 12:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.LibTIFF
Product-ubuntu_linuxdebian_linuxlibtiffn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-18013
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.39% / 59.65%
||
7 Day CHG~0.00%
Published-01 Jan, 2018 | 08:00
Updated-05 Aug, 2024 | 21:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.

Action-Not Available
Vendor-n/aLibTIFF
Product-libtiffn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-7663
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.70% / 71.49%
||
7 Day CHG~0.00%
Published-09 Feb, 2019 | 16:00
Updated-04 Aug, 2024 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900.

Action-Not Available
Vendor-n/aopenSUSELibTIFFDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxlibtiffdebian_linuxleapn/a
CVE-2016-5319
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.51% / 65.67%
||
7 Day CHG~0.00%
Published-20 Jan, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file.

Action-Not Available
Vendor-n/aLibTIFF
Product-libtiffn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-5102
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.50% / 65.36%
||
7 Day CHG~0.00%
Published-06 Feb, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file.

Action-Not Available
Vendor-n/aLibTIFF
Product-libtiffn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-5315
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.42% / 61.20%
||
7 Day CHG~0.00%
Published-07 Mar, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.

Action-Not Available
Vendor-n/aLibTIFFDebian GNU/Linux
Product-debian_linuxlibtiffn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-5321
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 38.65%
||
7 Day CHG~0.00%
Published-20 Jan, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image.

Action-Not Available
Vendor-n/aopenSUSELibTIFF
Product-opensuselibtiffn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-5318
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.88% / 74.91%
||
7 Day CHG~0.00%
Published-20 Jan, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff.

Action-Not Available
Vendor-n/aLibTIFF
Product-libtiffn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-4665
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-2.31% / 84.43%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the ReadDirectory function in tiffdump.c in tiffdump in LibTIFF before 3.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF file containing a directory data structure with many directory entries.

Action-Not Available
Vendor-n/aLibTIFF
Product-libtiffn/a
CVE-2015-7313
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 33.04%
||
7 Day CHG~0.00%
Published-17 Mar, 2017 | 14:00
Updated-27 Aug, 2025 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted tiff file.

Action-Not Available
Vendor-n/aLibTIFF
Product-libtiffn/a
CVE-2010-2631
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-5.37% / 89.87%
||
7 Day CHG~0.00%
Published-06 Jul, 2010 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during the second stage, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.

Action-Not Available
Vendor-n/aLibTIFF
Product-libtiffn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-2630
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-3.94% / 88.06%
||
7 Day CHG~0.00%
Published-06 Jul, 2010 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.

Action-Not Available
Vendor-n/aLibTIFF
Product-libtiffn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-2481
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.61% / 81.41%
||
7 Day CHG~0.00%
Published-06 Jul, 2010 | 14:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file.

Action-Not Available
Vendor-n/aLibTIFF
Product-libtiffn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-2595
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.63% / 81.58%
||
7 Day CHG~0.00%
Published-01 Jul, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to "downsampled OJPEG input."

Action-Not Available
Vendor-n/aLibTIFF
Product-libtiffn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-14973
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.97% / 76.16%
||
7 Day CHG~0.00%
Published-14 Aug, 2019 | 05:15
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash.

Action-Not Available
Vendor-n/aopenSUSELibTIFFFedora ProjectDebian GNU/Linux
Product-libtiffdebian_linuxfedoraleapn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2010-2596
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.00% / 76.59%
||
7 Day CHG~0.00%
Published-01 Jul, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2, as used in tiff2ps, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF image, related to "downsampled OJPEG input."

Action-Not Available
Vendor-n/aLibTIFF
Product-libtiffn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-2482
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-18.83% / 95.13%
||
7 Day CHG~0.00%
Published-06 Jul, 2010 | 14:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443.

Action-Not Available
Vendor-n/aLibTIFF
Product-libtiffn/a
CVE-2010-2483
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.27% / 79.15%
||
7 Day CHG~0.00%
Published-06 Jul, 2010 | 14:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values.

Action-Not Available
Vendor-n/aLibTIFF
Product-libtiffn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-7456
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.69% / 71.29%
||
7 Day CHG+0.03%
Published-24 Feb, 2018 | 06:00
Updated-05 Aug, 2024 | 06:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)

Action-Not Available
Vendor-n/aLibTIFFDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxlibtiffdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-5784
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 51.53%
||
7 Day CHG~0.00%
Published-19 Jan, 2018 | 08:00
Updated-05 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries.

Action-Not Available
Vendor-n/aLibTIFFDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxlibtiffdebian_linuxn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-35521
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 28.43%
||
7 Day CHG~0.00%
Published-09 Mar, 2021 | 19:16
Updated-04 Aug, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.

Action-Not Available
Vendor-n/aNetApp, Inc.Red Hat, Inc.Fedora ProjectLibTIFF
Product-ontap_select_deploy_administration_utilitylibtiffenterprise_linuxfedoralibtiff
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3623
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.58% / 81.27%
||
7 Day CHG~0.00%
Published-03 Oct, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0.

Action-Not Available
Vendor-n/aLibTIFFopenSUSE
Product-libtiffopensusen/a
CWE ID-CWE-369
Divide By Zero
CVE-2016-5323
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.10% / 77.72%
||
7 Day CHG~0.00%
Published-20 Jan, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image.

Action-Not Available
Vendor-n/aopenSUSELibTIFF
Product-opensuselibtiffn/a
CWE ID-CWE-369
Divide By Zero
CVE-2018-20544
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.98% / 76.37%
||
7 Day CHG~0.00%
Published-28 Dec, 2018 | 03:00
Updated-05 Aug, 2024 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is floating point exception at caca/dither.c (function caca_dither_bitmap) in libcaca 0.99.beta19.

Action-Not Available
Vendor-libcaca_projectn/aCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxlibcacan/a
CWE ID-CWE-369
Divide By Zero
CVE-2018-20845
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.61% / 69.21%
||
7 Day CHG~0.00%
Published-26 Jun, 2019 | 17:07
Updated-05 Aug, 2024 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).

Action-Not Available
Vendor-uclouvainn/a
Product-openjpegn/a
CWE ID-CWE-369
Divide By Zero
CVE-2018-19872
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.26% / 49.08%
||
7 Day CHG-0.01%
Published-15 Mar, 2019 | 22:00
Updated-05 Aug, 2024 | 11:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.

Action-Not Available
Vendor-qtn/aopenSUSEFedora Project
Product-qtfedoraleapn/a
CWE ID-CWE-369
Divide By Zero
CVE-2017-14249
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.61% / 69.12%
||
7 Day CHG~0.00%
Published-11 Sep, 2017 | 09:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-369
Divide By Zero
CVE-2017-14634
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.15% / 78.17%
||
7 Day CHG~0.00%
Published-21 Sep, 2017 | 07:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file.

Action-Not Available
Vendor-libsndfile_projectn/aDebian GNU/Linux
Product-debian_linuxlibsndfilen/a
CWE ID-CWE-369
Divide By Zero
CVE-2016-10506
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-4.29% / 88.61%
||
7 Day CHG+1.09%
Published-30 Aug, 2017 | 09:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.

Action-Not Available
Vendor-uclouvainn/a
Product-openjpegn/a
CWE ID-CWE-369
Divide By Zero
CVE-2016-10219
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.98% / 76.33%
||
7 Day CHG~0.00%
Published-03 Apr, 2017 | 05:44
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.

Action-Not Available
Vendor-n/aArtifex Software Inc.
Product-ghostscriptn/a
CWE ID-CWE-369
Divide By Zero
CVE-2017-11332
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-4.54% / 88.92%
||
7 Day CHG~0.00%
Published-31 Jul, 2017 | 13:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file.

Action-Not Available
Vendor-n/aSoX - Sound eXchangeDebian GNU/Linux
Product-debian_linuxsound_exchangen/a
CWE ID-CWE-369
Divide By Zero
CVE-2017-11546
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.21% / 43.14%
||
7 Day CHG~0.00%
Published-31 Jul, 2017 | 13:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mid file. NOTE: a crash might be relevant when using the --background option.

Action-Not Available
Vendor-timidity\+\+_projectn/a
Product-timidity\+\+n/a
CWE ID-CWE-369
Divide By Zero
CVE-2016-8697
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.24% / 47.02%
||
7 Day CHG~0.00%
Published-31 Jan, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The bm_new function in bitmap.h in potrace before 1.13 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted BMP image.

Action-Not Available
Vendor-potrace_projectn/a
Product-potracen/a
CWE ID-CWE-369
Divide By Zero
CVE-2016-8691
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.47% / 64.04%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command.

Action-Not Available
Vendor-n/aDebian GNU/LinuxJasPerFedora Project
Product-fedoradebian_linuxjaspern/a
CWE ID-CWE-369
Divide By Zero
CVE-2016-6505
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-2.28% / 84.35%
||
7 Day CHG~0.00%
Published-06 Aug, 2016 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-369
Divide By Zero
CVE-2016-4797
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.52% / 66.15%
||
7 Day CHG~0.00%
Published-03 Feb, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947.

Action-Not Available
Vendor-uclouvainn/aFedora Project
Product-fedoraopenjpegn/a
CWE ID-CWE-369
Divide By Zero
CVE-2018-17434
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.27% / 50.34%
||
7 Day CHG~0.00%
Published-24 Sep, 2018 | 00:00
Updated-05 Aug, 2024 | 10:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.

Action-Not Available
Vendor-n/aThe HDF Group
Product-hdf5n/a
CWE ID-CWE-369
Divide By Zero
CVE-2016-9265
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.22% / 44.26%
||
7 Day CHG~0.00%
Published-23 Mar, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The printMP3Headers function in listmp3.c in Libming 0.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp3 file.

Action-Not Available
Vendor-libmingn/a
Product-libmingn/a
CWE ID-CWE-369
Divide By Zero
CVE-2018-18195
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 51.41%
||
7 Day CHG~0.00%
Published-09 Oct, 2018 | 20:00
Updated-05 Aug, 2024 | 11:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in libgig 4.1.0. There is an FPE (divide-by-zero error) in DLS::Sample::Sample in DLS.cpp.

Action-Not Available
Vendor-linuxsamplern/a
Product-libgign/a
CWE ID-CWE-369
Divide By Zero
CVE-2021-28856
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.20% / 41.70%
||
7 Day CHG~0.00%
Published-14 Apr, 2021 | 16:11
Updated-26 Jan, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Deark before v1.5.8, a specially crafted input file can cause a division by zero in (src/fmtutil.c) because of the value of pixelsize.

Action-Not Available
Vendor-entropyminen/a
Product-dearkn/a
CWE ID-CWE-369
Divide By Zero
CVE-2021-27550
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 39.38%
||
7 Day CHG~0.00%
Published-23 Feb, 2021 | 14:35
Updated-03 Aug, 2024 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Polaris Office v9.102.66 is affected by a divide-by-zero error in PolarisOffice.exe and EngineDLL.dll that may cause a local denial of service. To exploit the vulnerability, someone must open a crafted PDF file.

Action-Not Available
Vendor-polarisofficen/a
Product-polaris_officen/a
CWE ID-CWE-369
Divide By Zero
CVE-2019-10025
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 37.40%
||
7 Day CHG~0.00%
Published-24 Mar, 2019 | 23:12
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits.

Action-Not Available
Vendor-xpdfreadern/a
Product-xpdfn/a
CWE ID-CWE-369
Divide By Zero
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found