Published: 12/03/2018 Updated: 13/02/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

LibTIFF 4.0.3 allows remote malicious users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libtiff libtiff 4.0.3
debian debian linux 7.0
redhat enterprise linux server aus 7.2
redhat enterprise linux server tus 7.2
redhat enterprise linux server 7.0
redhat enterprise linux server eus 7.2
redhat enterprise linux server 6.0
redhat enterprise linux server tus 7.3
redhat enterprise linux server aus 7.3
redhat enterprise linux server aus 7.4
redhat enterprise linux server eus 7.3
redhat enterprise linux server eus 7.4
apple mac os x 10.10.0
apple mac os x 10.10.1
apple mac os x 10.9.5
apple mac os x 10.10.3
apple mac os x 10.10.2
apple mac os x 10.8.5
apple iphone os -

Debian Bug report logs - #776185 tiff: CVE-2014-8127 CVE-2014-8128 CVE-2014-8130 Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 25 Jan 2015 06:51:02 UTC Severity: important Tags: security, upstream Found in ver ...

USN-2553-1 introduced a regression in LibTIFF ...

LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file ...

William Robinet and Michal Zalewski discovered multiple vulnerabilities in the TIFF library and its tools, which may result in denial of service or the execution of arbitrary code if a malformed TIFF file is processed For the oldstable distribution (wheezy), these problems have been fixed in version 402-6+deb7u4 For the stable distribution (jes ...

Multiple flaws have been discovered in libtiff A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files (CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, ...

CWE-787 https://bugzilla.redhat.com/show_bug.cgi?id=1185815 http://www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt http://support.apple.com/kb/HT204942 http://support.apple.com/kb/HT204941 http://openwall.com/lists/oss-security/2015/01/24/15 http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html http://bugzilla.maptools.org/show_bug.cgi?id=2488 http://bugzilla.maptools.org/show_bug.cgi?id=2487 https://www.debian.org/security/2015/dsa-3273 https://security.gentoo.org/glsa/201701-16 http://www.securitytracker.com/id/1032760 http://www.securityfocus.com/bid/72352 http://rhn.redhat.com/errata/RHSA-2016-1547.html http://rhn.redhat.com/errata/RHSA-2016-1546.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776185 https://nvd.nist.gov https://usn.ubuntu.com/2553-2/

CVE-2014-8129

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect