CVE-2014-9655Improper Restriction of Operations within the Bounds of a Memory Buffer in Tiff

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer13 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
1.1%
top 21.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Debian TiffRemotesensing LibtiffDebian Linux
Timeline
PublishedApr 13
Latest updateMay 14

Description

The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

debiandebian/tiff< tiff 4.0.3-12.1 (bookworm)

Also affects: Debian Linux 7.0, 8.0

🔴Vulnerability Details

4
GHSA
GHSA-f3j8-4rx7-pc28: The (1) putcontig8bitYCbCr21tile function in tif_getimage2022-05-14
OSV
CVE-2014-9655: The (1) putcontig8bitYCbCr21tile function in tif_getimage2016-04-13
OSV
tiff regression2015-04-01
OSV
tiff vulnerabilities2015-03-31

📋Vendor Advisories

4
Ubuntu
LibTIFF regression2015-04-01
Ubuntu
LibTIFF vulnerabilities2015-03-31
Red Hat
libtiff: use of uninitialized memory in putcontig8bitYCbCr21tile and NeXTDecode2014-12-29
Debian
CVE-2014-9655: tiff - The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode fu...2014

💬Community

4
Bugzilla
CVE-2015-1547 CVE-2014-9655 mingw-libtiff: various flaws [epel-7]2015-02-09
Bugzilla
CVE-2015-1547 CVE-2014-9655 libtiff: various flaws [fedora-all]2015-02-09
Bugzilla
CVE-2015-1547 libtiff: use of uninitialized memory in NeXTDecode2015-02-09
Bugzilla
CVE-2014-9655 libtiff: use of uninitialized memory in putcontig8bitYCbCr21tile and NeXTDecode2015-02-09