Vulnerability CVE-2014-8127: Information

Description

LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2014-8127
Published: June 26, 2017
Modified: Feb. 13, 2023
Error type identifier: CWE-125

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
libtiffsisyphus4.0.10.0.57.f9fc01c3-alt14.4.0-alt4ALT-PU-2019-1628-1226958Fixed
libtiffp104.0.10.0.57.f9fc01c3-alt14.4.0-alt2ALT-PU-2019-1628-1226958Fixed
libtiffp94.0.10.0.57.f9fc01c3-alt14.0.10.0.57.f9fc01c3-alt1ALT-PU-2019-1628-1226958Fixed
libtiffc10f14.0.10.0.57.f9fc01c3-alt14.4.0-alt2ALT-PU-2019-1628-1226958Fixed
libtiffc9f24.0.10.0.57.f9fc01c3-alt14.3.0-alt1ALT-PU-2019-1628-1226958Fixed
libtiffp114.0.10.0.57.f9fc01c3-alt14.4.0-alt4ALT-PU-2019-1628-1226958Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
[oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools
  • Mailing List
  • Third Party Advisory
http://www.conostix.com/pub/adv/CVE-2014-8127-LibTIFF-Out-of-bounds_Reads.txt
  • Third Party Advisory
openSUSE-SU-2015:0450
  • Third Party Advisory
http://bugzilla.maptools.org/show_bug.cgi?id=2500
  • Issue Tracking
http://bugzilla.maptools.org/show_bug.cgi?id=2497
  • Issue Tracking
http://bugzilla.maptools.org/show_bug.cgi?id=2496
  • Issue Tracking
http://bugzilla.maptools.org/show_bug.cgi?id=2486
  • Issue Tracking
http://bugzilla.maptools.org/show_bug.cgi?id=2485
  • Issue Tracking
http://bugzilla.maptools.org/show_bug.cgi?id=2484
  • Issue Tracking
72323
  • Third Party Advisory
  • VDB Entry
GLSA-201701-16
    1032760
      DSA-3273
        RHSA-2016:1547
          RHSA-2016:1546

              1. Configuration 1

                cpe:2.3:a:libtiff:libtiff:4.0.3:*:*:*:*:*:*:*

                Configuration 2

                cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
                cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
            VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
            Version: v24.5.3
            Back to top