Libtiff: >> Libtiff >> 4.0.9 Security Vulnerabilities
In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.
CVSS Score
6.5
EPSS Score
0.004
Published
2018-01-01
In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c.
CVSS Score
8.8
EPSS Score
0.004
Published
2017-12-28
tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.
CVSS Score
8.8
EPSS Score
0.04
Published
2017-12-02
Page 8