CVE-2014-8127

Name of the Vulnerable Software and Affected Versions LibTIFF version 4.0.3

Description The issue allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to various functions in different tools, including the checkInkNamesString function in tif dir.c, compresscontig function in tiff2bw.c, putcontig8bitCIELab function in tif getimage.c, LZWPreDecode function in tif lzw.c, NeXTDecode function in tif next.c, and TIFFWriteDirectoryTagLongLong8Array function in tif dirwrite.c.

Recommendations For LibTIFF version 4.0.3, consider disabling the checkInkNamesString, compresscontig, putcontig8bitCIELab, LZWPreDecode, NeXTDecode, and TIFFWriteDirectoryTagLongLong8Array functions until a patch is available. Restrict access to the thumbnail, tiff2bw, tiff2rgba, tiff2ps, tiffdither, and tiffset tools to minimize the risk of exploitation. Avoid using crafted TIFF images in these tools until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.