Published: 26/06/2017 Updated: 13/02/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

LibTIFF 4.0.3 allows remote malicious users to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libtiff libtiff 4.0.3
opensuse opensuse 13.1
opensuse opensuse 13.2

Debian Bug report logs - #776185 tiff: CVE-2014-8127 CVE-2014-8128 CVE-2014-8130 Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 25 Jan 2015 06:51:02 UTC Severity: important Tags: security, upstream Found in ver ...

USN-2553-1 introduced a regression in LibTIFF ...

LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file ...

William Robinet and Michal Zalewski discovered multiple vulnerabilities in the TIFF library and its tools, which may result in denial of service or the execution of arbitrary code if a malformed TIFF file is processed For the oldstable distribution (wheezy), these problems have been fixed in version 402-6+deb7u4 For the stable distribution (jes ...

Multiple flaws have been discovered in libtiff A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files (CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, ...

LibTIFF provides support for the Tag Image File Format (TIFF), a widely used format for storing image data It is composed of a library for working with TIFF files along with a small collection of tools for doing simple manipulations of TIFF images Multiple out-of-bounds reads can be triggered with malformed TIFF images in the following LibTIFF to ...

CWE-125 http://www.openwall.com/lists/oss-security/2015/01/24/15 http://www.conostix.com/pub/adv/CVE-2014-8127-LibTIFF-Out-of-bounds_Reads.txt http://lists.opensuse.org/opensuse-updates/2015-03/msg00022.html http://bugzilla.maptools.org/show_bug.cgi?id=2500 http://bugzilla.maptools.org/show_bug.cgi?id=2497 http://bugzilla.maptools.org/show_bug.cgi?id=2496 http://bugzilla.maptools.org/show_bug.cgi?id=2486 http://bugzilla.maptools.org/show_bug.cgi?id=2485 http://bugzilla.maptools.org/show_bug.cgi?id=2484 http://www.securityfocus.com/bid/72323 https://security.gentoo.org/glsa/201701-16 http://www.securitytracker.com/id/1032760 http://www.debian.org/security/2015/dsa-3273 http://rhn.redhat.com/errata/RHSA-2016-1547.html http://rhn.redhat.com/errata/RHSA-2016-1546.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776185 https://nvd.nist.gov https://usn.ubuntu.com/2553-2/

CVE-2014-8127

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect