Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-8127

Опубликовано: 07 дек. 2014
Источник: redhat
CVSS3: 3.3
CVSS2: 3.6
EPSS Низкий

Описание

LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.

Отчет

Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw in libtiff.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5libtiffWill not fix
Red Hat Enterprise Linux 6libtiffFixedRHSA-2016:154702.08.2016
Red Hat Enterprise Linux 7libtiffFixedRHSA-2016:154602.08.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1185805libtiff: out-of-bounds read with malformed TIFF image in multiple tools

EPSS

Процентиль: 61%
0.00411
Низкий

3.3 Low

CVSS3

3.6 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-8127

CVSS3: 6.5
ubuntu
около 8 лет назад

LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.

nvd логотип

CVE-2014-8127

CVSS3: 6.5
nvd
около 8 лет назад

LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.

debian логотип

CVE-2014-8127

CVSS3: 6.5
debian
около 8 лет назад

LibTIFF 4.0.3 allows remote attackers to cause a denial of service (ou ...

github логотип

GHSA-5fvh-vxjv-m955

CVSS3: 6.5
github
больше 3 лет назад

LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.

suse-cvrf логотип

SUSE-SU-2015:1475-1

suse-cvrf
около 10 лет назад

Security update for tiff

EPSS

Процентиль: 61%
0.00411
Низкий

3.3 Low

CVSS3

3.6 Low

CVSS2