CVE-2014-8129

HIGH

LibTIFF 4.0.3 - Out-of-bounds Write via Crafted TIFF Image

Title source: llm

Description

LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c.

References (15)

Core 15

Core References

Third Party Advisory x_refsource_confirm

http://support.apple.com/kb/HT204941

Third Party Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2016-1547.html

Exploit, Issue Tracking x_refsource_misc

http://bugzilla.maptools.org/show_bug.cgi?id=2488

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html

Mailing List mailing-list x_refsource_mlist

http://openwall.com/lists/oss-security/2015/01/24/15

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/72352

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201701-16

Issue Tracking, Patch x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=1185815

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1032760

Exploit, Issue Tracking x_refsource_misc

http://bugzilla.maptools.org/show_bug.cgi?id=2487

Third Party Advisory x_refsource_confirm

http://support.apple.com/kb/HT204942

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html

Third Party Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2016-1546.html

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2015/dsa-3273

Third Party Advisory x_refsource_misc

http://www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt

Scores

CVSS v3 8.8

EPSS 0.0146

EPSS Percentile 81.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (19)

apple/iphone_os (3 CPE variants)

apple/mac_os_x 10.8.5

apple/mac_os_x 10.9.5

apple/mac_os_x 10.10.0

apple/mac_os_x 10.10.1

apple/mac_os_x 10.10.2

apple/mac_os_x 10.10.3

debian/debian_linux 7.0

libtiff/libtiff 4.0.3

redhat/enterprise_linux_server 6.0

... and 9 more

Published Mar 12, 2018

Tracked Since Feb 18, 2026