CVE-2014-8127Out-of-bounds Read in Tiff

CWE-125Out-of-bounds Read15 documents8 sources
Severity
6.5MEDIUMNVD
EPSS
0.5%
top 32.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Debian TiffApple IOSApple OS X Yosemite V10.10.4 AND Security Update 2015-005+2 more
Timeline
PublishedJun 26
Latest updateMay 14

Description

LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectory

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

NVDlibtiff/libtiff4.0.3
debiandebian/tiff< tiff 4.0.6-3 (bookworm)
Appleapple/ios8.4
NVDopensuse/opensuse13.1, 13.2+1

🔴Vulnerability Details

4
GHSA
GHSA-5fvh-vxjv-m955: LibTIFF 42022-05-14
OSV
CVE-2014-8127: LibTIFF 42017-06-26
OSV
tiff regression2015-04-01
OSV
tiff vulnerabilities2015-03-31

📋Vendor Advisories

7
Red Hat
libtiff: out-of-bounds read in the TIFFWriteDirectoryTagLongLong8Array function2016-04-08
Ubuntu
LibTIFF regression2015-04-01
Ubuntu
LibTIFF vulnerabilities2015-03-31
Red Hat
libtiff: out-of-bounds read with malformed TIFF image in multiple tools2014-12-07
Debian
CVE-2014-8127: tiff - LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bound...2014

💬Community

3
Bugzilla
CVE-2016-3658 libtiff: out-of-bounds read in the TIFFWriteDirectoryTagLongLong8Array function2016-04-12
Bugzilla
CVE-2014-8127 libtiff: out-of-bounds read with malformed TIFF image in multiple tools2015-01-26
Bugzilla
CVE-2014-8130 libtiff: divide by zero in the tiffdither tool2015-01-26