CVE-2014-9655
published 2016-04-13CVE-2014-9655: The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of…
PriorityP427medium6.5CVSS 3.0
AVNACLPRNUIRSUCNINAH
EPSS
2.53%
83.0th percentile
The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | tiff | < tiff 4.0.3-12.1 (bookworm) | tiff 4.0.3-12.1 (bookworm) |
| remotesensing | libtiff | <= 4.0.6 | — |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
vendor_ubuntu6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
LibTIFF regression
vendor_ubuntu·2015-04-01·CVSS 6.5
[MEDIUM] LibTIFF regression
Title: LibTIFF regression
Summary: USN-2553-1 introduced a regression in LibTIFF.
USN-2553-1 fixed vulnerabilities in LibTIFF. One of the security fixes
caused a regression when saving certain TIFF files with a Predictor tag.
The problematic patch has been temporarily backed out until a more complete
fix is available.
We apologize for the inconvenience.
Original advisory details:
William Robinet discovered that LibTIFF incorrectly handled certain
malformed images. If a user or automated system were tricked into opening a
specially crafted image, a remote attacker could crash the application,
leading to a denial of service, or possibly execute arbitrary code with
user privileges. (CVE-2014-8127, CVE-2014-8128, CVE-2014-8129,
CVE-2014-8130)
Paris Zoumpouloglou discovered that LibTIFF i
Ubuntu
LibTIFF vulnerabilities
vendor_ubuntu·2015-03-31·CVSS 6.5
CVE-2014-8127 [MEDIUM] LibTIFF vulnerabilities
Title: LibTIFF vulnerabilities
Summary: LibTIFF could be made to crash or run programs as your login if it opened a
specially crafted file.
William Robinet discovered that LibTIFF incorrectly handled certain
malformed images. If a user or automated system were tricked into opening a
specially crafted image, a remote attacker could crash the application,
leading to a denial of service, or possibly execute arbitrary code with
user privileges. (CVE-2014-8127, CVE-2014-8128, CVE-2014-8129,
CVE-2014-8130)
Paris Zoumpouloglou discovered that LibTIFF incorrectly handled certain
malformed BMP images. If a user or automated system were tricked into
opening a specially crafted BMP image, a remote attacker could crash the
application, leading to a denial of service. (CVE-2014-9330)
Michal Zalewsk
Red Hat
libtiff: use of uninitialized memory in putcontig8bitYCbCr21tile and NeXTDecode
vendor_redhat·2014-12-29·CVSS 6.5
CVE-2014-9655 [MEDIUM] libtiff: use of uninitialized memory in putcontig8bitYCbCr21tile and NeXTDecode
libtiff: use of uninitialized memory in putcontig8bitYCbCr21tile and NeXTDecode
The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif.
Statement: This issue affects the version of libtiff package as shipped with Red Hat Enterprise Linux 5, 6 and 7. A further update may address this flaw in Red Hat Enterprise Linux 6 and 7.
Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates.
Package: libtiff (Red Hat En
Debian
CVE-2014-9655: tiff - The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode fu...
vendor_debian·2014·CVSS 6.5
CVE-2014-9655 [MEDIUM] CVE-2014-9655: tiff - The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode fu...
The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif.
Scope: local
bookworm: resolved (fixed in 4.0.3-12.1)
bullseye: resolved (fixed in 4.0.3-12.1)
forky: resolved (fixed in 4.0.3-12.1)
sid: resolved (fixed in 4.0.3-12.1)
trixie: resolved (fixed in 4.0.3-12.1)
GHSA
GHSA-f3j8-4rx7-pc28: The (1) putcontig8bitYCbCr21tile function in tif_getimage
ghsa_unreviewed·2022-05-14
CVE-2014-9655 [MEDIUM] CWE-119 GHSA-f3j8-4rx7-pc28: The (1) putcontig8bitYCbCr21tile function in tif_getimage
The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif.
OSV
CVE-2014-9655: The (1) putcontig8bitYCbCr21tile function in tif_getimage
osv·2016-04-13·CVSS 6.5
CVE-2014-9655 [MEDIUM] CVE-2014-9655: The (1) putcontig8bitYCbCr21tile function in tif_getimage
The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif.
OSV
tiff regression
osv·2015-04-01·CVSS 6.5
[MEDIUM] tiff regression
tiff regression
USN-2553-1 fixed vulnerabilities in LibTIFF. One of the security fixes
caused a regression when saving certain TIFF files with a Predictor tag.
The problematic patch has been temporarily backed out until a more complete
fix is available.
We apologize for the inconvenience.
Original advisory details:
William Robinet discovered that LibTIFF incorrectly handled certain
malformed images. If a user or automated system were tricked into opening a
specially crafted image, a remote attacker could crash the application,
leading to a denial of service, or possibly execute arbitrary code with
user privileges. (CVE-2014-8127, CVE-2014-8128, CVE-2014-8129,
CVE-2014-8130)
Paris Zoumpouloglou discovered that LibTIFF incorrectly handled certain
malformed BMP images. If a user or autom
OSV
tiff vulnerabilities
osv·2015-03-31·CVSS 6.5
CVE-2014-8127 [MEDIUM] tiff vulnerabilities
tiff vulnerabilities
William Robinet discovered that LibTIFF incorrectly handled certain
malformed images. If a user or automated system were tricked into opening a
specially crafted image, a remote attacker could crash the application,
leading to a denial of service, or possibly execute arbitrary code with
user privileges. (CVE-2014-8127, CVE-2014-8128, CVE-2014-8129,
CVE-2014-8130)
Paris Zoumpouloglou discovered that LibTIFF incorrectly handled certain
malformed BMP images. If a user or automated system were tricked into
opening a specially crafted BMP image, a remote attacker could crash the
application, leading to a denial of service. (CVE-2014-9330)
Michal Zalewski discovered that LibTIFF incorrectly handled certain
malformed images. If a user or automated system were tricked into
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-1547 CVE-2014-9655 mingw-libtiff: various flaws [epel-7]
bugzilla·2015-02-09·CVSS 6.5
CVE-2015-1547 [MEDIUM] CVE-2015-1547 CVE-2014-9655 mingw-libtiff: various flaws [epel-7]
CVE-2015-1547 CVE-2014-9655 mingw-libtiff: various flaws [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-7 tracking bug for mingw-libtiff: see blocks bug list for
Bugzilla
CVE-2015-1547 CVE-2014-9655 libtiff: various flaws [fedora-all]
bugzilla·2015-02-09·CVSS 6.5
CVE-2015-1547 [MEDIUM] CVE-2015-1547 CVE-2014-9655 libtiff: various flaws [fedora-all]
CVE-2015-1547 CVE-2014-9655 libtiff: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While
Bugzilla
CVE-2015-1547 libtiff: use of uninitialized memory in NeXTDecode
bugzilla·2015-02-09·CVSS 6.5
CVE-2015-1547 [MEDIUM] CVE-2015-1547 libtiff: use of uninitialized memory in NeXTDecode
CVE-2015-1547 libtiff: use of uninitialized memory in NeXTDecode
Use of uninitialized memory was reported [1] in NeXTDecode in libtiff.
The example TIFF file that triggers this behavious can be found here:
http://lcamtuf.coredump.cx/afl/vulns/libtiff5.tif
[1]: http://seclists.org/oss-sec/2015/q1/454
Discussion:
Created libtiff tracking bugs for this issue:
Affects: fedora-all [bug 1190710]
---
Created mingw-libtiff tracking bugs for this issue:
Affects: epel-7 [bug 1190712]
---
Patch
There is no proper information of fixing this flaw anywhere according to
http://seclists.org/oss-sec/2015/q1/454
- uninitialized memory in NeXTDecode
Fixed in:
2014-12-29 Even Rouault
* libtiff/tif_next.c: add new tests to check that we don't read outside of
the compressed input stream buffer.
I
Bugzilla
CVE-2014-9655 libtiff: use of uninitialized memory in putcontig8bitYCbCr21tile and NeXTDecode
bugzilla·2015-02-09·CVSS 6.5
CVE-2014-9655 [MEDIUM] CVE-2014-9655 libtiff: use of uninitialized memory in putcontig8bitYCbCr21tile and NeXTDecode
CVE-2014-9655 libtiff: use of uninitialized memory in putcontig8bitYCbCr21tile and NeXTDecode
Below issues were reported [1] and fixed upstream in libtiff:
- uninitialized memory in putcontig8bitYCbCr21tile
Fixed in:
2014-12-29 Even Rouault
* libtiff/tif_getimage.c: in OJPEG case, fix checks on strile width/height
in the putcontig8bitYCbCr42tile, putcontig8bitYCbCr41tile and
putcontig8bitYCbCr21tile cases.
- uninitialized memory in NeXTDecode
Fixed in:
2014-12-29 Even Rouault
* libtiff/tif_next.c: add new tests to check that we don't read outside of
the compressed input stream buffer.
[1]: http://seclists.org/oss-sec/2015/q1/454
Discussion:
Created libtiff tracking bugs for this issue:
Affects: fedora-all [bug 1190710]
---
Created mingw-libtiff tracking bugs for this issue:
A
http://openwall.com/lists/oss-security/2015/02/07/5http://rhn.redhat.com/errata/RHSA-2016-1546.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1547.htmlhttp://www.debian.org/security/2015/dsa-3273http://www.debian.org/security/2016/dsa-3467http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.htmlhttp://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlhttps://security.gentoo.org/glsa/201701-16http://openwall.com/lists/oss-security/2015/02/07/5http://rhn.redhat.com/errata/RHSA-2016-1546.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1547.htmlhttp://www.debian.org/security/2015/dsa-3273http://www.debian.org/security/2016/dsa-3467http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.htmlhttp://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlhttps://security.gentoo.org/glsa/201701-16
2016-04-13
Published