Published: 13/04/2016 Updated: 05/01/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote malicious users to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif.

Vulnerable Product	Search on Vulmon	Subscribe to Product
debian debian linux 7.0
debian debian linux 8.0
remotesensing libtiff

Debian Bug report logs - #776185 tiff: CVE-2014-8127 CVE-2014-8128 CVE-2014-8130 Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 25 Jan 2015 06:51:02 UTC Severity: important Tags: security, upstream Found in ver ...

Debian Bug report logs - #777390 tiff: CVE-2015-1547 Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 7 Feb 2015 22:27:06 UTC Severity: important Tags: security, upstream Found in version tiff/403-12 Fixed in ...

USN-2553-1 introduced a regression in LibTIFF ...

LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file ...

William Robinet and Michal Zalewski discovered multiple vulnerabilities in the TIFF library and its tools, which may result in denial of service or the execution of arbitrary code if a malformed TIFF file is processed For the oldstable distribution (wheezy), these problems have been fixed in version 402-6+deb7u4 For the stable distribution (jes ...

The (1) putcontig8bitYCbCr21tile function in tif_getimagec or (2) NeXTDecode function in tif_nextc in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1tif and libtiff-cvs-2tif ...

Use of uninitialized memory was reported in in libtiff ...

Multiple flaws have been discovered in libtiff A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files (CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, ...

CWE-119 http://openwall.com/lists/oss-security/2015/02/07/5 http://www.debian.org/security/2016/dsa-3467 http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html https://security.gentoo.org/glsa/201701-16 http://www.debian.org/security/2015/dsa-3273 http://rhn.redhat.com/errata/RHSA-2016-1547.html http://rhn.redhat.com/errata/RHSA-2016-1546.html https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776185 https://usn.ubuntu.com/2553-2/

CVE-2014-9655

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect