PT-2014-8420 · Libtiff+5 · Libtiff+5

Michal Zalewski

Published

2014-12-31

Updated

2024-06-15

CVE-2014-8129

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LibTIFF version 4.0.3

Description The issue allows remote attackers to cause a denial of service or possibly have other unspecified impacts via a crafted TIFF image. This is demonstrated by the failure of tif next.c to verify that the BitsPerSample value is 2, and the t2p sample lab signed to unsigned function in tiff2pdf.c.

Recommendations For LibTIFF version 4.0.3, update to a newer version that contains a fix for this issue.

Exploit

Fix

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2019-1628

CESA-2016_1546

CESA-2016_1547

CVE-2014-8129

DLA-221-1

DLA-610-1

DSA-3273-1

MGASA-2015-0112

OPENSUSE-SU-2024:10554-1

RHSA-2016:1546

RHSA-2016:1547

RHSA-2016_1546

RHSA-2016_1547

SUSE-SU-2015:1420-1

SUSE-SU-2015:1475-1

USN-2553-1

USN-2553-2

Affected Products

Alt Linux

Centos

Libtiff

Red Hat

Suse

Ubuntu

PT-2014-8420 · Libtiff+5 · Libtiff+5

CVE-2014-8129

Weakness Enumeration

Related Identifiers

Affected Products

References · 237