Search CVE reports
1 – 9 of 9 results
CVE-2024-7006
Medium prioritySome fixes available 6 of 20
A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults,...
5 affected packages
gdal, neuron, qtwebengine-opensource-src, texmaker, tiff
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gdal | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| neuron | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | — |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tiff | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2024-6716
Low priorityRejected reason: Invalid security issue.
5 affected packages
gdal, neuron, qtwebengine-opensource-src, texmaker, tiff
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gdal | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| neuron | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | — |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tiff | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
CVE-2023-52356
Medium prioritySome fixes available 7 of 20
A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.
4 affected packages
gdal, qtwebengine-opensource-src, texmaker, tiff
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gdal | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tiff | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2023-52355
Negligible priorityAn out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a...
5 affected packages
gdal, neuron, qtwebengine-opensource-src, texmaker, tiff
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gdal | — | Not affected | Not affected | Not affected | Ignored |
| neuron | — | Ignored | Ignored | Ignored | Not in release |
| qtwebengine-opensource-src | — | Ignored | Ignored | Ignored | Not in release |
| texmaker | — | Ignored | Ignored | Ignored | Ignored |
| tiff | — | Ignored | Ignored | Ignored | Ignored |
CVE-2021-45943
Medium priorityGDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment).
1 affected packages
gdal
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gdal | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2019-25050
Medium prioritynetCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and netCDFDataset::~netCDFDataset).
1 affected packages
gdal
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gdal | Not affected | Not affected | Not affected | Vulnerable | Needs evaluation |
CVE-2019-17546
Medium prioritySome fixes available 5 of 53
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param"...
17 affected packages
blender, chromium-browser, gdal, insighttoolkit4, ivtools...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| blender | Not affected | Not affected | Not affected | Not affected | Not affected |
| chromium-browser | Not affected | Not affected | Not affected | Not affected | Not affected |
| gdal | Not affected | Not affected | Not affected | Not affected | Vulnerable |
| insighttoolkit4 | Not in release | Not affected | Not affected | Not affected | Not affected |
| ivtools | Not affected | Not affected | Not affected | Not affected | Not affected |
| libtk-img | Not affected | Not affected | Not affected | Not affected | Not affected |
| neuron | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| openjpeg2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| paraview | Not affected | Not affected | Not affected | Not affected | Not affected |
| povray | Not affected | Not affected | Not affected | Not affected | Not affected |
| qt4-x11 | Not in release | Not in release | Not in release | Not affected | Not affected |
| qtimageformats-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| sfftobmp | Not affected | Not affected | Not affected | Not affected | Not affected |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not affected |
| tiff | Not affected | Not affected | Not affected | Fixed | Fixed |
| xloadimage | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2019-17545
Medium prioritySome fixes available 1 of 5
GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.
1 affected packages
gdal
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gdal | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
CVE-2019-7663
Medium prioritySome fixes available 4 of 49
An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this...
9 affected packages
chromium, gdal, openjpeg2, qt4-x11, qtimageformats-opensource-src...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| chromium | Not in release | Not in release | Not in release | Not in release | Not in release |
| gdal | Not affected | Not affected | Not affected | Not affected | Vulnerable |
| openjpeg2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| qt4-x11 | Not in release | Not in release | Not in release | Not affected | Not affected |
| qtimageformats-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tiff | Not affected | Not affected | Not affected | Fixed | Fixed |
| tiff3 | Not in release | Not in release | Not in release | Not in release | Not in release |