CVE-2014-8127: LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString…

CVE-2016-3658 [MEDIUM] CWE-125 libtiff: out-of-bounds read in the TIFFWriteDirectoryTagLongLong8Array function libtiff: out-of-bounds read in the TIFFWriteDirectoryTagLongLong8Array function The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving the ma variable. Statement: This flaw was found to be a duplicate of CVE-2014-8127. Please see https://access.redhat.com/security/cve/CVE-2014-8127 for information about affected products and security errata. Package: libtiff (Red Hat Enterprise Linux 5) - Not affected Package: libtiff (Red Hat Enterprise Linux 6) - Not affected Package: compat-libtiff3 (Red Hat Enterprise Linux 7) - Not affected Package: libtiff (Red Hat Enterprise Linux 7) - Not affected

[MEDIUM] LibTIFF regression Title: LibTIFF regression Summary: USN-2553-1 introduced a regression in LibTIFF. USN-2553-1 fixed vulnerabilities in LibTIFF. One of the security fixes caused a regression when saving certain TIFF files with a Predictor tag. The problematic patch has been temporarily backed out until a more complete fix is available. We apologize for the inconvenience. Original advisory details: William Robinet discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130) Paris Zoumpouloglou discovered that LibTIFF i

CVE-2014-8127 [MEDIUM] LibTIFF vulnerabilities Title: LibTIFF vulnerabilities Summary: LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. William Robinet discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130) Paris Zoumpouloglou discovered that LibTIFF incorrectly handled certain malformed BMP images. If a user or automated system were tricked into opening a specially crafted BMP image, a remote attacker could crash the application, leading to a denial of service. (CVE-2014-9330) Michal Zalewsk

CVE-2014-8127 [MEDIUM] CWE-125 libtiff: out-of-bounds read with malformed TIFF image in multiple tools libtiff: out-of-bounds read with malformed TIFF image in multiple tools LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool. Statement: Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw in libtiff. Package: libtiff (Red

CVE-2014-8127 [MEDIUM] CVE-2014-8127: tiff - LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bound... LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool. Scope: local bookworm: resolved (fixed in 4.0.6-3) bullseye: resolved (fixed in 4.0.6-3) forky: resolved (fixed in 4.0.6-3) sid: resolved (fixed in 4.0.6-3) trixie: resolved (fixed in 4.0.6-3)

CVE-2014-8127 [MEDIUM] CVE-2014-8127: OS X Yosemite v10.10.4 and Security Update 2015-005 Apple Security Update: About the security content of OS X Yosemite v10.10.4 and Security Update 2015-005 Product: OS X Yosemite v10.10.4 and Security Update 2015-005 CVE: CVE-2014-8127 Component: CVE-2014-8127

CVE-2014-8127 [MEDIUM] CVE-2014-8127: iOS 8.4 Apple Security Update: About the security content of iOS 8.4 Product: iOS Version: 8.4 CVE: CVE-2014-8127 Component: CVE-2014-8127

CVE-2014-8127 [MEDIUM] CWE-125 GHSA-5fvh-vxjv-m955: LibTIFF 4 LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.

CVE-2014-8127 [MEDIUM] CVE-2014-8127: LibTIFF 4 LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.

[MEDIUM] tiff regression tiff regression USN-2553-1 fixed vulnerabilities in LibTIFF. One of the security fixes caused a regression when saving certain TIFF files with a Predictor tag. The problematic patch has been temporarily backed out until a more complete fix is available. We apologize for the inconvenience. Original advisory details: William Robinet discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130) Paris Zoumpouloglou discovered that LibTIFF incorrectly handled certain malformed BMP images. If a user or autom

CVE-2014-8127 [MEDIUM] tiff vulnerabilities tiff vulnerabilities William Robinet discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130) Paris Zoumpouloglou discovered that LibTIFF incorrectly handled certain malformed BMP images. If a user or automated system were tricked into opening a specially crafted BMP image, a remote attacker could crash the application, leading to a denial of service. (CVE-2014-9330) Michal Zalewski discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into

CVE-2016-3658 [MEDIUM] CVE-2016-3658 libtiff: out-of-bounds read in the TIFFWriteDirectoryTagLongLong8Array function CVE-2016-3658 libtiff: out-of-bounds read in the TIFFWriteDirectoryTagLongLong8Array function A vulnerability was found in the libtiff library. Using a tiffset command on a maliciously crafted image could result in a denial-of-service. Vulnerable code: /libtiff/tif_dirwrite.c: 1625 1623 for (q=p, ma=value, mb=0; mb0xFFFFFFFF) 1626 { 1627 TIFFErrorExt(tif->tif_clientdata,module, 1628 "Attempt to write value larger than 0xFFFFFFFF in Classic TIFF file."); 1629 _TIFFfree(p); 1630 return(0); 1631 } 1632 *q= (uint32)(*ma); 1633 } References: http://www.openwall.com/lists/oss-security/2016/04/08/12 Discussion: External References: http://bugzilla.maptools.org/show_bug.cgi?id=2546 --- *** This bug has been marked as a duplicate of bug 1185805 *** --- Statement: This flaw was found to

CVE-2014-8127 [MEDIUM] CVE-2014-8127 libtiff: out-of-bounds read with malformed TIFF image in multiple tools CVE-2014-8127 libtiff: out-of-bounds read with malformed TIFF image in multiple tools Multiple out-of-bounds reads were reported in various libtiff tools: http://bugzilla.maptools.org/show_bug.cgi?id=2500 http://bugzilla.maptools.org/show_bug.cgi?id=2497 http://bugzilla.maptools.org/show_bug.cgi?id=2496 http://bugzilla.maptools.org/show_bug.cgi?id=2485 http://bugzilla.maptools.org/show_bug.cgi?id=2486 http://bugzilla.maptools.org/show_bug.cgi?id=2484 Above upstream bugs were fixed by the below commits: 2014-12-21 Even Rouault * tools/pal2rgb.c, tools/thumbnail.c: fix crash by disabling TIFFTAG_INKNAMES copying. The right fix would be to properly copy it, but not worth the burden for those esoteric utilities. http://bugzilla.maptools.org/show_bug.cgi?id=2484 (CVE-2014-8127) 2014-12-21

CVE-2014-8130 [MEDIUM] CVE-2014-8130 libtiff: divide by zero in the tiffdither tool CVE-2014-8130 libtiff: divide by zero in the tiffdither tool Divide by zero was reported in the libtiff tiffdither tool: - CVE-2014-8130 libtiff: Divide By Zero in the tiffdither tool http://bugzilla.maptools.org/show_bug.cgi?id=2483 The above upstream bug was fixed by one of the commits that fix CVE-2014-8127 / CVE-2014-8128 / CVE-2014-8129 Discussion: Patch https://github.com/vadz/libtiff/commit/3c5eb8b1be544e41d2c336191bc4936300ad7543 libtiff/tif_unix.c @@ -257,6 +257,9 @@ TIFFOpenW(const wchar_t* name, const char* mode) void* _TIFFmalloc(tmsize_t s) { + if (s == 0) + return ((void *) NULL); + return (malloc((size_t) s)); } above patch seems to suppresses this flaw --- Statement: Red Hat Product Security has rated this issue as having low security impact, a future update may