CVE-2014-9330
libtiff 4.0.3 - Denial of Service via Crafted BMP Image Dimensions
Title source: llmDescription
Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) via crafted BMP image, related to dimensions, which triggers an out-of-bounds read.
References (10)
Core 10
Core References
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/71789
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-1547.html
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201701-16
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1031442
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3273
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Dec/97
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-1546.html
Issue Tracking x_refsource_confirm
http://bugzilla.maptools.org/show_bug.cgi?id=2494
Scores
EPSS
0.0135
EPSS Percentile
80.3%
Details
CWE
CWE-189
Status
published
Products (1)
libtiff/libtiff
4.0.3
Published
Jan 20, 2015
Tracked Since
Feb 18, 2026