← Back

CVE-2014-8129

nvd nist
Published: Mar 12, 2018Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c.

Affected (21)

Show all products
Libtiff: Libtiff · Debian: Debian Linux · Redhat: Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Server Eus, Enterprise Linux Server Tus · Apple: Mac Os X, Iphone Os
Libtiff
1 product
Libtiff
Debian
1 product
Debian Linux
Redhat
4 products
Enterprise Linux Server
Enterprise Linux Server Aus
Enterprise Linux Server Eus
Enterprise Linux Server Tus
Apple
2 products
Mac Os X
Iphone Os
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Libtiff
Version 4.0.3
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 7.0
Configuration C
10 vulnerable
Vulnerable SoftwareAffected Versions
Redhat
Enterprise Linux Server
Version 6.0
Enterprise Linux Server
Version 7.0
Redhat
Enterprise Linux Server Aus
Version 7.2
Enterprise Linux Server Aus
Version 7.3
Enterprise Linux Server Aus
Version 7.4
Redhat
Enterprise Linux Server Eus
Version 7.2
Enterprise Linux Server Eus
Version 7.3
Enterprise Linux Server Eus
Version 7.4
Redhat
Enterprise Linux Server Tus
Version 7.2
Enterprise Linux Server Tus
Version 7.3
Configuration D
6 vulnerable
Vulnerable SoftwareAffected Versions
Apple
Mac Os X
Version 10.10.0
Mac Os X
Version 10.10.1
Mac Os X
Version 10.10.2
Mac Os X
Version 10.10.3
Mac Os X
Version 10.8.5
Mac Os X
Version 10.9.5
Configuration E
3 vulnerable
Vulnerable SoftwareAffected Versions
Apple
Iphone Os
All versions
Iphone Os
All versions
Iphone Os
All versions

Related CWEs

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (30)

Source: secalert@redhat.com
ExploitIssue Tracking
Source: secalert@redhat.com
ExploitIssue Tracking
Source: secalert@redhat.com
Mailing List
Source: secalert@redhat.com
Mailing List
Source: secalert@redhat.com
Mailing List
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party AdvisoryVDB Entry
Source: secalert@redhat.com
Third Party AdvisoryVDB Entry
Source: secalert@redhat.com
Issue TrackingPatch
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue Tracking
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue Tracking
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.