← Back

CVE-2014-8130

nvd nist
Published: Mar 12, 2018Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.

Affected (24)

Libtiff
1 product
Libtiff
Redhat
6 products
Enterprise Linux Desktop
Enterprise Linux Server
Enterprise Linux Server Aus
Enterprise Linux Server Eus
Enterprise Linux Server Tus
Enterprise Linux Workstation
Apple
2 products
Mac Os X
Iphone Os
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Libtiff
Version 4.0.3
Configuration B
14 vulnerable
Vulnerable SoftwareAffected Versions
Redhat
Enterprise Linux Desktop
Version 6.0
Enterprise Linux Desktop
Version 7.0
Redhat
Enterprise Linux Server
Version 6.0
Enterprise Linux Server
Version 7.0
Redhat
Enterprise Linux Server Aus
Version 7.2
Enterprise Linux Server Aus
Version 7.3
Enterprise Linux Server Aus
Version 7.4
Redhat
Enterprise Linux Server Eus
Version 7.2
Enterprise Linux Server Eus
Version 7.3
Enterprise Linux Server Eus
Version 7.4
Redhat
Enterprise Linux Server Tus
Version 7.2
Enterprise Linux Server Tus
Version 7.3
Redhat
Enterprise Linux Workstation
Version 6.0
Enterprise Linux Workstation
Version 7.0
Configuration C
6 vulnerable
Vulnerable SoftwareAffected Versions
Apple
Mac Os X
Version 10.10.0
Mac Os X
Version 10.10.1
Mac Os X
Version 10.10.2
Mac Os X
Version 10.10.3
Mac Os X
Version 10.8.5
Mac Os X
Version 10.9.5
Configuration D
3 vulnerable
Vulnerable SoftwareAffected Versions
Apple
Iphone Os
All versions
Iphone Os
All versions
Iphone Os
All versions

Related CWEs

CWE-369
Divide By Zero
The product divides a value by zero.

References (28)

Source: secalert@redhat.com
ExploitIssue Tracking
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Mailing List
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party AdvisoryVDB Entry
Source: secalert@redhat.com
Third Party AdvisoryVDB Entry
Source: secalert@redhat.com
Issue TrackingPatch
Source: secalert@redhat.com
Patch
Source: secalert@redhat.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue Tracking
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.