PT-2014-8420 · Libtiff+5 · Libtiff+5

Michal Zalewski

Publicado

2014-12-31

Atualizado

2024-06-15

CVE-2014-8129

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LibTIFF version 4.0.3

Description The issue allows remote attackers to cause a denial of service or possibly have other unspecified impacts via a crafted TIFF image. This is demonstrated by the failure of tif next.c to verify that the BitsPerSample value is 2, and the t2p sample lab signed to unsigned function in tiff2pdf.c.

Recommendations For LibTIFF version 4.0.3, update to a newer version that contains a fix for this issue.

Exploit

Correção

DoS

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

ALT-PU-2019-1628

CESA-2016_1546

CESA-2016_1547

CVE-2014-8129

DLA-221-1

DLA-610-1

DSA-3273-1

MGASA-2015-0112

OPENSUSE-SU-2024:10554-1

RHSA-2016:1546

RHSA-2016:1547

RHSA-2016_1546

RHSA-2016_1547

SUSE-SU-2015:1420-1

SUSE-SU-2015:1475-1

USN-2553-1

USN-2553-2

Produtos afetados

Alt Linux

Centos

Libtiff

Red Hat

Suse

Ubuntu

PT-2014-8420 · Libtiff+5 · Libtiff+5

CVE-2014-8129

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 237