Vulnerability CVE-2014-8129: Information

Description

LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2014-8129
Published: March 12, 2018
Modified: Feb. 13, 2023
Error type identifier: CWE-787

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
libtiffsisyphus4.0.10.0.57.f9fc01c3-alt14.4.0-alt4ALT-PU-2019-1628-1226958Fixed
libtiffp104.0.10.0.57.f9fc01c3-alt14.4.0-alt2ALT-PU-2019-1628-1226958Fixed
libtiffp94.0.10.0.57.f9fc01c3-alt14.0.10.0.57.f9fc01c3-alt1ALT-PU-2019-1628-1226958Fixed
libtiffc10f14.0.10.0.57.f9fc01c3-alt14.4.0-alt2ALT-PU-2019-1628-1226958Fixed
libtiffc9f24.0.10.0.57.f9fc01c3-alt14.3.0-alt1ALT-PU-2019-1628-1226958Fixed
libtiffp114.0.10.0.57.f9fc01c3-alt14.4.0-alt4ALT-PU-2019-1628-1226958Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1185815
  • Issue Tracking
  • Patch
http://www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt
  • Third Party Advisory
http://support.apple.com/kb/HT204942
  • Third Party Advisory
http://support.apple.com/kb/HT204941
  • Third Party Advisory
[oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools
  • Mailing List
APPLE-SA-2015-06-30-2
  • Mailing List
APPLE-SA-2015-06-30-1
  • Mailing List
http://bugzilla.maptools.org/show_bug.cgi?id=2488
  • Exploit
  • Issue Tracking
http://bugzilla.maptools.org/show_bug.cgi?id=2487
  • Exploit
  • Issue Tracking
DSA-3273
  • Third Party Advisory
GLSA-201701-16
  • Third Party Advisory
1032760
  • Third Party Advisory
  • VDB Entry
72352
  • Third Party Advisory
  • VDB Entry
RHSA-2016:1547
  • Third Party Advisory
RHSA-2016:1546
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:libtiff:libtiff:4.0.3:*:*:*:*:*:*:*

      Configuration 2

      cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

      Configuration 3

      cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

      Configuration 4

      cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*
      cpe:2.3:o:apple:mac_os_x:10.10.1:*:*:*:*:*:*:*
      cpe:2.3:o:apple:mac_os_x:10.9.5:*:*:*:*:*:*:*
      cpe:2.3:o:apple:mac_os_x:10.10.3:*:*:*:*:*:*:*
      cpe:2.3:o:apple:mac_os_x:10.10.2:*:*:*:*:*:*:*
      cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*

      Configuration 5

      cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:iphone:*
      cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:ipad2:*
      cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:ipodtouch:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top