Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-8130

Опубликовано: 12 мар. 2018
Источник: nvd
CVSS3: 6.5
CVSS2: 4.3
EPSS Низкий

Описание

The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:libtiff:libtiff:4.0.3:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.9.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.10.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.10.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.10.3:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:ipad2:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:iphone:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:ipodtouch:*

EPSS

Процентиль: 83%
0.02075
Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-369

Связанные уязвимости

ubuntu логотип

CVE-2014-8130

CVSS3: 6.5
ubuntu
больше 7 лет назад

The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.

redhat логотип

CVE-2014-8130

CVSS3: 3.3
redhat
почти 11 лет назад

The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.

debian логотип

CVE-2014-8130

CVSS3: 6.5
debian
больше 7 лет назад

The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not rejec ...

github логотип

GHSA-w6c9-7896-vqpm

CVSS3: 6.5
github
больше 3 лет назад

The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.

suse-cvrf логотип

SUSE-SU-2015:1475-1

suse-cvrf
около 10 лет назад

Security update for tiff

EPSS

Процентиль: 83%
0.02075
Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-369