Wangdw.Augustus@Gmail.Com

**Name of the Vulnerable Software and Affected Versions** LibTIFF version 4.4.0 **Description** The issue is related to an out-of-bounds read in the `tiffcrop` utility of the LibTIFF library, specifically in the `tools/tiffcrop.c` file at line 3592. This can lead to a denial-of-service when a crafted tiff file is processed. **Recommendations** For version 4.4.0, users who compile libtiff from sources can apply the fix available with commit afaabc3e to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** libtiff version 4.4.0 **Description** The issue is related to an out-of-bounds read in the tiffcrop utility of the libtiff library, which can be exploited to cause a denial-of-service via a crafted tiff file. **Recommendations** For version 4.4.0, users who compile libtiff from sources can apply the fix available with commit afaabc3e.

**Name of the Vulnerable Software and Affected Versions** LibTIFF version 4.4.0 **Description** The issue is related to an out-of-bounds read in the `tiffcrop` function in `tools/tiffcrop.c` at line 3400, which can be exploited by attackers to cause a denial-of-service via a crafted tiff file. The `extractContigSamplesShifted8bits()` function is also associated with this buffer read issue, potentially leading to a denial-of-service. **Recommendations** For LibTIFF version 4.4.0, users who compile libtiff from sources can apply the fix available with commit afaabc3e.

**Name of the Vulnerable Software and Affected Versions** LibTIFF version 4.4.0 **Description** The issue is related to an out-of-bounds read in the `tiffcrop` function, specifically in `libtiff/tif unix.c:368`, which can be invoked by `tools/tiffcrop.c:2903` and `tools/tiffcrop.c:6921`. This allows attackers to cause a denial-of-service via a crafted tiff file. The problem is associated with a buffer read beyond its boundaries in memory, potentially leading to a service disruption. **Recommendations** For LibTIFF version 4.4.0, users who compile libtiff from sources can apply the fix available with commit `afaabc3e`. As a temporary workaround, consider restricting the use of the `tiffcrop` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** LibTIFF version 4.4.0 **Description** The issue is related to an out-of-bounds write in the `tiffcrop` utility, located in `tools/tiffcrop.c:3724`, which can be exploited by attackers to cause a denial-of-service via a crafted tiff file. **Recommendations** For LibTIFF version 4.4.0, users who compile libtiff from sources can apply the fix available with commit 33aee127.

**Name of the Vulnerable Software and Affected Versions** LibTIFF version 4.4.0 **Description** The issue is related to an out-of-bounds write in the `tiffcrop` utility, located in `tools/tiffcrop.c:3609`, which can be exploited to cause a denial-of-service via a crafted tiff file. This can allow attackers to disrupt service. **Recommendations** For LibTIFF version 4.4.0, users who compile libtiff from sources can apply the fix available with commit 33aee127.

**Name of the Vulnerable Software and Affected Versions** LibTIFF version 4.4.0 **Description** The issue is related to an out-of-bounds write in the `tiffcrop` utility, located in `tools/tiffcrop.c:3516`, which can be exploited by attackers to cause a denial-of-service via a crafted tiff file. **Recommendations** For LibTIFF version 4.4.0, users who compile libtiff from sources can apply the fix available with commit 33aee127.

**Name of the Vulnerable Software and Affected Versions** libtiff version 4.4.0 **Description** The issue is related to an out-of-bounds write in the tiffcrop utility of the libtiff library, specifically in tools/tiffcrop.c:3502. This can be exploited to cause a denial-of-service via a crafted tiff file. **Recommendations** For version 4.4.0, the fix is available with commit 33aee127 for users that compile libtiff from sources.

**Name of the Vulnerable Software and Affected Versions** libtiff version 4.4.0 **Description** The issue is related to an out-of-bounds write in the tiffcrop utility of the libtiff library, specifically in the files libtiff/tif unix.c:368, tools/tiffcrop.c:2903, and tools/tiffcrop.c:6778. This can be exploited by attackers to cause a denial-of-service via a crafted tiff file. **Recommendations** For version 4.4.0, users who compile libtiff from sources can apply the fix available with commit 33aee127. As a temporary workaround, consider restricting the use of the tiffcrop utility until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** LibTIFF version 4.4.0 **Description** The issue is related to an out-of-bounds read in the tiffcrop utility, located in tools/tiffcrop.c:3701, which can be exploited by attackers to cause a denial-of-service via a crafted tiff file. This is also related to the use of memory after it has been freed. **Recommendations** For LibTIFF version 4.4.0, the fix is available with commit afaabc3e for users that compile libtiff from sources.

**Name of the Vulnerable Software and Affected Versions** LibTIFF version 4.4.0 **Description** The issue is related to an out-of-bounds read in the `tiffcp` utility, located in `tools/tiffcp.c:948`, which can be exploited by attackers to cause a denial-of-service via a crafted tiff file. This can lead to a disruption in service. **Recommendations** For LibTIFF version 4.4.0, users who compile libtiff from sources can apply the fix available with commit e8131125 to resolve the issue. As a temporary workaround, consider restricting the use of the `tiffcp` utility until the fix is applied.

**Name of the Vulnerable Software and Affected Versions** LibTIFF version 4.4.0 **Description** The issue is related to an out-of-bounds write in the `extractContigSamplesShifted24bits` function, allowing attackers to cause a denial-of-service via a crafted tiff file. This can be exploited by a remote attacker to disrupt service. **Recommendations** For LibTIFF version 4.4.0, users who compile libtiff from sources can apply the fix available with commit cfbb883b. As a temporary workaround, consider disabling the `extractContigSamplesShifted24bits` function in tools/tiffcrop.c until a patch is available.

**Name of the Vulnerable Software and Affected Versions** LibTIFF version 4.4.0 **Description** The issue is related to an out-of-bounds write in the ` TIFFmemcpy` function in `libtiff/tif unix.c:346` when called from `extractImageSection` in `tools/tiffcrop.c:6826`, allowing attackers to cause a denial-of-service via a crafted tiff file. This can be exploited by a remote attacker to disrupt service. **Recommendations** For LibTIFF version 4.4.0, users who compile libtiff from sources can apply the fix available with commit 236b7191.

**Name of the Vulnerable Software and Affected Versions** LibTIFF version 4.4.0 **Description** The issue is related to an out-of-bounds read in the `writeSingleSection` function of the LibTIFF library, which can be exploited by attackers to cause a denial-of-service via a crafted tiff file. **Recommendations** For version 4.4.0, users who compile libtiff from sources can apply the fix available with commit e8131125.

**Name of the Vulnerable Software and Affected Versions** LibTIFF version 4.4.0 **Description** The issue is related to an out-of-bounds write in the ` TIFFmemset` function, allowing attackers to cause a denial-of-service via a crafted tiff file. This can be triggered when the ` TIFFmemset` function is called from `processCropSelections` in `tools/tiffcrop.c:7619`. The vulnerability is associated with a memory buffer overflow. **Recommendations** For LibTIFF version 4.4.0, users who compile libtiff from sources can apply the fix available with commit 236b7191. As a temporary workaround, consider restricting the use of crafted tiff files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LibTIFF version 4.4.0 **Description** The issue is related to an out-of-bounds read in the `extractImageSection` function in `tools/tiffcrop.c:6905`, which can be exploited by attackers to cause a denial-of-service via a crafted tiff file. This can allow a remote attacker to cause a service disruption using a specially formed file. **Recommendations** For LibTIFF version 4.4.0, users who compile libtiff from sources can apply the fix available with commit 48d6ece8. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libtiff version 4.4.0 **Description** The issue is related to a Divide By Zero error in the tiffcrop function of libtiff, which can be exploited by attackers to cause a denial-of-service via a crafted tiff file. This can be achieved by a remote attacker. **Recommendations** For libtiff version 4.4.0, users who compile libtiff from sources can apply the fix available with commit f3a5e010.

**Name of the Vulnerable Software and Affected Versions** libtiff version 4.4.0 **Description** The issue is related to a Divide By Zero error in the tiffcrop function of libtiff, which can be exploited by attackers to cause a denial-of-service via a crafted tiff file. This can be achieved by a remote attacker using a specially designed tiff file. **Recommendations** For version 4.4.0, users who compile libtiff from sources can apply the fix available with commit f3a5e010. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libtiff version 4.4.0 **Description** The issue is related to a Divide By Zero error in the `tiffcrop` function of the LibTIFF library. This error can be exploited by a remote attacker to cause a denial-of-service using a specially crafted tiff file. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** For libtiff version 4.4.0, users who compile libtiff from sources can apply the fix available with commit f3a5e010. As a temporary workaround, consider restricting the use of the `tiffcrop` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** LibTIFF master branch **Description** The issue is related to an out-of-bounds read in the `LZWDecode` function in `libtiff/tif lzw.c:624`, which can be exploited by attackers to cause a denial-of-service via a crafted tiff file. This can be done remotely. **Recommendations** For users that compile libtiff from sources, the fix is available with commit b4e79bfa. As a temporary workaround, consider disabling the `LZWDecode` function until a patch is available. Restrict access to the `libtiff/tif lzw.c` module to minimize the risk of exploitation. Avoid using crafted tiff files in the affected `LZWDecode` function until the issue is resolved.