Описание
LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| tiff | fixed | 4.0.3-12.3 | package | |
| tiff3 | removed | package |
Примечания
Advisory: http://www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt
http://bugzilla.maptools.org/show_bug.cgi?id=2489 (thumbnail)
http://bugzilla.maptools.org/show_bug.cgi?id=2490 (tiffdither)
http://bugzilla.maptools.org/show_bug.cgi?id=2491 (tiffdither)
http://bugzilla.maptools.org/show_bug.cgi?id=2492 (tiffdither)
http://bugzilla.maptools.org/show_bug.cgi?id=2493 (thumbnail and tiffcmp)
http://bugzilla.maptools.org/show_bug.cgi?id=2495 (tiff2pdf)
http://bugzilla.maptools.org/show_bug.cgi?id=2499 (thumbnail and tiffcmp) [not fixed yet in CVS HEAD]
http://bugzilla.maptools.org/show_bug.cgi?id=2501 (tiffdither)
The tiff3 source package doesn't build the TIFF tools, but most of these bugs are in the library
EPSS
Связанные уязвимости
LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image.
LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image.
LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image.
LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image.
EPSS