SUSE-SU-2015:1475-1 - Vulnerability-Lookup

SUSE-SU-2015:1475-1

Vulnerability from csaf_suse - Published: 2015-08-25 14:15 - Updated: 2015-08-25 14:15

Summary

Security update for tiff

Severity

Moderate

Notes

Title of the patch: Security update for tiff

Description of the patch: LibTiff was updated to the 4.0.4 stable release fixing various security issues and bugs. These security issues were fixed: - CVE-2014-8127: Out-of-bounds write (bnc#914890). - CVE-2014-8128: Out-of-bounds write (bnc#914890). - CVE-2014-8129: Out-of-bounds write (bnc#914890). - CVE-2014-8130: Out-of-bounds write (bnc#914890). - CVE-2014-9655: Access of uninitialized memory (bnc#916927).

Patchnames: SUSE-SLE-DESKTOP-12-2015-473,SUSE-SLE-SDK-12-2015-473,SUSE-SLE-SERVER-12-2015-473

Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

CVE-2014-8127

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2014-8128

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2014-8129

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2014-8130

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2014-9655

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

References

URL

Category

	https://www.suse.com/support/security/rating/	external
	https://ftp.suse.com/pub/projects/security/csaf/s…	self
	https://www.suse.com/support/update/announcement/…	self
	https://lists.suse.com/pipermail/sle-security-upd…	self
	https://bugzilla.suse.com/914890	self
	https://bugzilla.suse.com/916927	self
	https://www.suse.com/security/cve/CVE-2014-8127/	self
	https://www.suse.com/security/cve/CVE-2014-8128/	self
	https://www.suse.com/security/cve/CVE-2014-8129/	self
	https://www.suse.com/security/cve/CVE-2014-8130/	self
	https://www.suse.com/security/cve/CVE-2014-9655/	self
	https://www.suse.com/security/cve/CVE-2014-8127	external
	https://bugzilla.suse.com/1206220	external
	https://bugzilla.suse.com/914890	external
	https://bugzilla.suse.com/916925	external
	https://bugzilla.suse.com/942690	external
	https://bugzilla.suse.com/969783	external
	https://www.suse.com/security/cve/CVE-2014-8128	external
	https://bugzilla.suse.com/1007276	external
	https://bugzilla.suse.com/1017690	external
	https://bugzilla.suse.com/1040322	external
	https://bugzilla.suse.com/1206220	external
	https://bugzilla.suse.com/914890	external
	https://bugzilla.suse.com/916925	external
	https://bugzilla.suse.com/942690	external
	https://bugzilla.suse.com/960341	external
	https://bugzilla.suse.com/969783	external
	https://bugzilla.suse.com/974621	external
	https://bugzilla.suse.com/983436	external
	https://www.suse.com/security/cve/CVE-2014-8129	external
	https://bugzilla.suse.com/1206220	external
	https://bugzilla.suse.com/914890	external
	https://bugzilla.suse.com/916925	external
	https://bugzilla.suse.com/942690	external
	https://bugzilla.suse.com/969783	external
	https://www.suse.com/security/cve/CVE-2014-8130	external
	https://bugzilla.suse.com/1206220	external
	https://bugzilla.suse.com/914890	external
	https://bugzilla.suse.com/916925	external
	https://bugzilla.suse.com/942690	external
	https://bugzilla.suse.com/969783	external
	https://www.suse.com/security/cve/CVE-2014-9655	external
	https://bugzilla.suse.com/1206220	external
	https://bugzilla.suse.com/914890	external
	https://bugzilla.suse.com/916925	external
	https://bugzilla.suse.com/916927	external
	https://bugzilla.suse.com/969783	external

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for tiff",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nLibTiff was updated to the 4.0.4 stable release fixing various security\nissues and bugs.\n\nThese security issues were fixed:\n- CVE-2014-8127: Out-of-bounds write (bnc#914890).\n- CVE-2014-8128: Out-of-bounds write (bnc#914890).\n- CVE-2014-8129: Out-of-bounds write (bnc#914890).\n- CVE-2014-8130: Out-of-bounds write (bnc#914890).\n- CVE-2014-9655: Access of uninitialized memory (bnc#916927).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-DESKTOP-12-2015-473,SUSE-SLE-SDK-12-2015-473,SUSE-SLE-SERVER-12-2015-473",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_1475-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2015:1475-1",
        "url": "https://www.suse.com/support/update/announcement/2015/suse-su-20151475-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2015:1475-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2015-September/001561.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 914890",
        "url": "https://bugzilla.suse.com/914890"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 916927",
        "url": "https://bugzilla.suse.com/916927"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-8127 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-8127/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-8128 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-8128/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-8129 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-8129/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-8130 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-8130/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-9655 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-9655/"
      }
    ],
    "title": "Security update for tiff",
    "tracking": {
      "current_release_date": "2015-08-25T14:15:19Z",
      "generator": {
        "date": "2015-08-25T14:15:19Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2015:1475-1",
      "initial_release_date": "2015-08-25T14:15:19Z",
      "revision_history": [
        {
          "date": "2015-08-25T14:15:19Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtiff-devel-4.0.4-12.2.ppc64le",
                "product": {
                  "name": "libtiff-devel-4.0.4-12.2.ppc64le",
                  "product_id": "libtiff-devel-4.0.4-12.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff5-4.0.4-12.2.ppc64le",
                "product": {
                  "name": "libtiff5-4.0.4-12.2.ppc64le",
                  "product_id": "libtiff5-4.0.4-12.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "tiff-4.0.4-12.2.ppc64le",
                "product": {
                  "name": "tiff-4.0.4-12.2.ppc64le",
                  "product_id": "tiff-4.0.4-12.2.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtiff-devel-4.0.4-12.2.s390x",
                "product": {
                  "name": "libtiff-devel-4.0.4-12.2.s390x",
                  "product_id": "libtiff-devel-4.0.4-12.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff5-4.0.4-12.2.s390x",
                "product": {
                  "name": "libtiff5-4.0.4-12.2.s390x",
                  "product_id": "libtiff5-4.0.4-12.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff5-32bit-4.0.4-12.2.s390x",
                "product": {
                  "name": "libtiff5-32bit-4.0.4-12.2.s390x",
                  "product_id": "libtiff5-32bit-4.0.4-12.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "tiff-4.0.4-12.2.s390x",
                "product": {
                  "name": "tiff-4.0.4-12.2.s390x",
                  "product_id": "tiff-4.0.4-12.2.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtiff5-4.0.4-12.2.x86_64",
                "product": {
                  "name": "libtiff5-4.0.4-12.2.x86_64",
                  "product_id": "libtiff5-4.0.4-12.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff5-32bit-4.0.4-12.2.x86_64",
                "product": {
                  "name": "libtiff5-32bit-4.0.4-12.2.x86_64",
                  "product_id": "libtiff5-32bit-4.0.4-12.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libtiff-devel-4.0.4-12.2.x86_64",
                "product": {
                  "name": "libtiff-devel-4.0.4-12.2.x86_64",
                  "product_id": "libtiff-devel-4.0.4-12.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "tiff-4.0.4-12.2.x86_64",
                "product": {
                  "name": "tiff-4.0.4-12.2.x86_64",
                  "product_id": "tiff-4.0.4-12.2.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Desktop 12",
                "product": {
                  "name": "SUSE Linux Enterprise Desktop 12",
                  "product_id": "SUSE Linux Enterprise Desktop 12",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sled:12"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Software Development Kit 12",
                "product": {
                  "name": "SUSE Linux Enterprise Software Development Kit 12",
                  "product_id": "SUSE Linux Enterprise Software Development Kit 12",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-sdk:12"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12",
                  "product_id": "SUSE Linux Enterprise Server 12",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-4.0.4-12.2.x86_64 as component of SUSE Linux Enterprise Desktop 12",
          "product_id": "SUSE Linux Enterprise Desktop 12:libtiff5-4.0.4-12.2.x86_64"
        },
        "product_reference": "libtiff5-4.0.4-12.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-32bit-4.0.4-12.2.x86_64 as component of SUSE Linux Enterprise Desktop 12",
          "product_id": "SUSE Linux Enterprise Desktop 12:libtiff5-32bit-4.0.4-12.2.x86_64"
        },
        "product_reference": "libtiff5-32bit-4.0.4-12.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff-devel-4.0.4-12.2.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.ppc64le"
        },
        "product_reference": "libtiff-devel-4.0.4-12.2.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff-devel-4.0.4-12.2.s390x as component of SUSE Linux Enterprise Software Development Kit 12",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.s390x"
        },
        "product_reference": "libtiff-devel-4.0.4-12.2.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff-devel-4.0.4-12.2.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.x86_64"
        },
        "product_reference": "libtiff-devel-4.0.4-12.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-4.0.4-12.2.ppc64le as component of SUSE Linux Enterprise Server 12",
          "product_id": "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.ppc64le"
        },
        "product_reference": "libtiff5-4.0.4-12.2.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-4.0.4-12.2.s390x as component of SUSE Linux Enterprise Server 12",
          "product_id": "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.s390x"
        },
        "product_reference": "libtiff5-4.0.4-12.2.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-4.0.4-12.2.x86_64 as component of SUSE Linux Enterprise Server 12",
          "product_id": "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.x86_64"
        },
        "product_reference": "libtiff5-4.0.4-12.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-32bit-4.0.4-12.2.s390x as component of SUSE Linux Enterprise Server 12",
          "product_id": "SUSE Linux Enterprise Server 12:libtiff5-32bit-4.0.4-12.2.s390x"
        },
        "product_reference": "libtiff5-32bit-4.0.4-12.2.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-32bit-4.0.4-12.2.x86_64 as component of SUSE Linux Enterprise Server 12",
          "product_id": "SUSE Linux Enterprise Server 12:libtiff5-32bit-4.0.4-12.2.x86_64"
        },
        "product_reference": "libtiff5-32bit-4.0.4-12.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-4.0.4-12.2.ppc64le as component of SUSE Linux Enterprise Server 12",
          "product_id": "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.ppc64le"
        },
        "product_reference": "tiff-4.0.4-12.2.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-4.0.4-12.2.s390x as component of SUSE Linux Enterprise Server 12",
          "product_id": "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.s390x"
        },
        "product_reference": "tiff-4.0.4-12.2.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-4.0.4-12.2.x86_64 as component of SUSE Linux Enterprise Server 12",
          "product_id": "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.x86_64"
        },
        "product_reference": "tiff-4.0.4-12.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-4.0.4-12.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.ppc64le"
        },
        "product_reference": "libtiff5-4.0.4-12.2.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-4.0.4-12.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.s390x"
        },
        "product_reference": "libtiff5-4.0.4-12.2.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-4.0.4-12.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.x86_64"
        },
        "product_reference": "libtiff5-4.0.4-12.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-32bit-4.0.4-12.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-32bit-4.0.4-12.2.s390x"
        },
        "product_reference": "libtiff5-32bit-4.0.4-12.2.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtiff5-32bit-4.0.4-12.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-32bit-4.0.4-12.2.x86_64"
        },
        "product_reference": "libtiff5-32bit-4.0.4-12.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-4.0.4-12.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.ppc64le"
        },
        "product_reference": "tiff-4.0.4-12.2.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-4.0.4-12.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.s390x"
        },
        "product_reference": "tiff-4.0.4-12.2.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tiff-4.0.4-12.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.x86_64"
        },
        "product_reference": "tiff-4.0.4-12.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2014-8127",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-8127"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12:libtiff5-32bit-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Desktop 12:libtiff5-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Server 12:libtiff5-32bit-4.0.4-12.2.s390x",
          "SUSE Linux Enterprise Server 12:libtiff5-32bit-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.ppc64le",
          "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.s390x",
          "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.ppc64le",
          "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.s390x",
          "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-32bit-4.0.4-12.2.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-32bit-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.s390x",
          "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-8127",
          "url": "https://www.suse.com/security/cve/CVE-2014-8127"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1206220 for CVE-2014-8127",
          "url": "https://bugzilla.suse.com/1206220"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 914890 for CVE-2014-8127",
          "url": "https://bugzilla.suse.com/914890"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 916925 for CVE-2014-8127",
          "url": "https://bugzilla.suse.com/916925"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 942690 for CVE-2014-8127",
          "url": "https://bugzilla.suse.com/942690"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 969783 for CVE-2014-8127",
          "url": "https://bugzilla.suse.com/969783"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12:libtiff5-32bit-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Desktop 12:libtiff5-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server 12:libtiff5-32bit-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server 12:libtiff5-32bit-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-32bit-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-32bit-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12:libtiff5-32bit-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Desktop 12:libtiff5-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server 12:libtiff5-32bit-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server 12:libtiff5-32bit-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-32bit-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-32bit-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2015-08-25T14:15:19Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2014-8127"
    },
    {
      "cve": "CVE-2014-8128",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-8128"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12:libtiff5-32bit-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Desktop 12:libtiff5-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Server 12:libtiff5-32bit-4.0.4-12.2.s390x",
          "SUSE Linux Enterprise Server 12:libtiff5-32bit-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.ppc64le",
          "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.s390x",
          "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.ppc64le",
          "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.s390x",
          "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-32bit-4.0.4-12.2.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-32bit-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.s390x",
          "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-8128",
          "url": "https://www.suse.com/security/cve/CVE-2014-8128"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007276 for CVE-2014-8128",
          "url": "https://bugzilla.suse.com/1007276"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1017690 for CVE-2014-8128",
          "url": "https://bugzilla.suse.com/1017690"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1040322 for CVE-2014-8128",
          "url": "https://bugzilla.suse.com/1040322"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1206220 for CVE-2014-8128",
          "url": "https://bugzilla.suse.com/1206220"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 914890 for CVE-2014-8128",
          "url": "https://bugzilla.suse.com/914890"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 916925 for CVE-2014-8128",
          "url": "https://bugzilla.suse.com/916925"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 942690 for CVE-2014-8128",
          "url": "https://bugzilla.suse.com/942690"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 960341 for CVE-2014-8128",
          "url": "https://bugzilla.suse.com/960341"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 969783 for CVE-2014-8128",
          "url": "https://bugzilla.suse.com/969783"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 974621 for CVE-2014-8128",
          "url": "https://bugzilla.suse.com/974621"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 983436 for CVE-2014-8128",
          "url": "https://bugzilla.suse.com/983436"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12:libtiff5-32bit-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Desktop 12:libtiff5-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server 12:libtiff5-32bit-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server 12:libtiff5-32bit-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-32bit-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-32bit-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12:libtiff5-32bit-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Desktop 12:libtiff5-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server 12:libtiff5-32bit-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server 12:libtiff5-32bit-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-32bit-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-32bit-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2015-08-25T14:15:19Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2014-8128"
    },
    {
      "cve": "CVE-2014-8129",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-8129"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12:libtiff5-32bit-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Desktop 12:libtiff5-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Server 12:libtiff5-32bit-4.0.4-12.2.s390x",
          "SUSE Linux Enterprise Server 12:libtiff5-32bit-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.ppc64le",
          "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.s390x",
          "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.ppc64le",
          "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.s390x",
          "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-32bit-4.0.4-12.2.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-32bit-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.s390x",
          "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-8129",
          "url": "https://www.suse.com/security/cve/CVE-2014-8129"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1206220 for CVE-2014-8129",
          "url": "https://bugzilla.suse.com/1206220"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 914890 for CVE-2014-8129",
          "url": "https://bugzilla.suse.com/914890"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 916925 for CVE-2014-8129",
          "url": "https://bugzilla.suse.com/916925"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 942690 for CVE-2014-8129",
          "url": "https://bugzilla.suse.com/942690"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 969783 for CVE-2014-8129",
          "url": "https://bugzilla.suse.com/969783"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12:libtiff5-32bit-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Desktop 12:libtiff5-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server 12:libtiff5-32bit-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server 12:libtiff5-32bit-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-32bit-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-32bit-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12:libtiff5-32bit-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Desktop 12:libtiff5-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server 12:libtiff5-32bit-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server 12:libtiff5-32bit-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-32bit-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-32bit-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2015-08-25T14:15:19Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2014-8129"
    },
    {
      "cve": "CVE-2014-8130",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-8130"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12:libtiff5-32bit-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Desktop 12:libtiff5-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Server 12:libtiff5-32bit-4.0.4-12.2.s390x",
          "SUSE Linux Enterprise Server 12:libtiff5-32bit-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.ppc64le",
          "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.s390x",
          "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.ppc64le",
          "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.s390x",
          "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-32bit-4.0.4-12.2.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-32bit-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.s390x",
          "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-8130",
          "url": "https://www.suse.com/security/cve/CVE-2014-8130"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1206220 for CVE-2014-8130",
          "url": "https://bugzilla.suse.com/1206220"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 914890 for CVE-2014-8130",
          "url": "https://bugzilla.suse.com/914890"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 916925 for CVE-2014-8130",
          "url": "https://bugzilla.suse.com/916925"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 942690 for CVE-2014-8130",
          "url": "https://bugzilla.suse.com/942690"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 969783 for CVE-2014-8130",
          "url": "https://bugzilla.suse.com/969783"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12:libtiff5-32bit-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Desktop 12:libtiff5-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server 12:libtiff5-32bit-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server 12:libtiff5-32bit-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-32bit-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-32bit-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2015-08-25T14:15:19Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2014-8130"
    },
    {
      "cve": "CVE-2014-9655",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-9655"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12:libtiff5-32bit-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Desktop 12:libtiff5-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Server 12:libtiff5-32bit-4.0.4-12.2.s390x",
          "SUSE Linux Enterprise Server 12:libtiff5-32bit-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.ppc64le",
          "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.s390x",
          "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.ppc64le",
          "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.s390x",
          "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-32bit-4.0.4-12.2.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-32bit-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.x86_64",
          "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.s390x",
          "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-9655",
          "url": "https://www.suse.com/security/cve/CVE-2014-9655"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1206220 for CVE-2014-9655",
          "url": "https://bugzilla.suse.com/1206220"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 914890 for CVE-2014-9655",
          "url": "https://bugzilla.suse.com/914890"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 916925 for CVE-2014-9655",
          "url": "https://bugzilla.suse.com/916925"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 916927 for CVE-2014-9655",
          "url": "https://bugzilla.suse.com/916927"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 969783 for CVE-2014-9655",
          "url": "https://bugzilla.suse.com/969783"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12:libtiff5-32bit-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Desktop 12:libtiff5-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server 12:libtiff5-32bit-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server 12:libtiff5-32bit-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-32bit-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-32bit-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12:libtiff5-32bit-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Desktop 12:libtiff5-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server 12:libtiff5-32bit-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server 12:libtiff5-32bit-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server 12:libtiff5-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server 12:tiff-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-32bit-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-32bit-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.4-12.2.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.s390x",
            "SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.4-12.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2015-08-25T14:15:19Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2014-9655"
    }
  ]
}

CVE-2014-8127 (GCVE-0-2014-8127)

Vulnerability from cvelistv5 – Published: 2017-06-26 15:00 – Updated: 2024-08-06 13:10

Summary

LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

redhat

References

URL

Tags

	http://lists.opensuse.org/opensuse-updates/2015-0…	vendor-advisoryx_refsource_SUSE
	http://www.securityfocus.com/bid/72323	vdb-entryx_refsource_BID
	http://rhn.redhat.com/errata/RHSA-2016-1547.html	vendor-advisoryx_refsource_REDHAT
	https://security.gentoo.org/glsa/201701-16	vendor-advisoryx_refsource_GENTOO
	http://bugzilla.maptools.org/show_bug.cgi?id=2497	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1032760	vdb-entryx_refsource_SECTRACK
	http://bugzilla.maptools.org/show_bug.cgi?id=2496	x_refsource_CONFIRM
	http://bugzilla.maptools.org/show_bug.cgi?id=2486	x_refsource_CONFIRM
	http://bugzilla.maptools.org/show_bug.cgi?id=2484	x_refsource_CONFIRM
	http://www.debian.org/security/2015/dsa-3273	vendor-advisoryx_refsource_DEBIAN
	http://rhn.redhat.com/errata/RHSA-2016-1546.html	vendor-advisoryx_refsource_REDHAT
	http://bugzilla.maptools.org/show_bug.cgi?id=2485	x_refsource_CONFIRM
	http://bugzilla.maptools.org/show_bug.cgi?id=2500	x_refsource_CONFIRM
	http://www.conostix.com/pub/adv/CVE-2014-8127-Lib…	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2015/0…	mailing-listx_refsource_MLIST

Date Public ?

2015-01-24 00:00

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:10:50.812Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2015:0450",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00022.html"
          },
          {
            "name": "72323",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/72323"
          },
          {
            "name": "RHSA-2016:1547",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2497"
          },
          {
            "name": "1032760",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032760"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2496"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2486"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2484"
          },
          {
            "name": "DSA-3273",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3273"
          },
          {
            "name": "RHSA-2016:1546",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2485"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2500"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.conostix.com/pub/adv/CVE-2014-8127-LibTIFF-Out-of-bounds_Reads.txt"
          },
          {
            "name": "[oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/01/24/15"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "openSUSE-SU-2015:0450",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00022.html"
        },
        {
          "name": "72323",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/72323"
        },
        {
          "name": "RHSA-2016:1547",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2497"
        },
        {
          "name": "1032760",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032760"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2496"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2486"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2484"
        },
        {
          "name": "DSA-3273",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3273"
        },
        {
          "name": "RHSA-2016:1546",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2485"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2500"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.conostix.com/pub/adv/CVE-2014-8127-LibTIFF-Out-of-bounds_Reads.txt"
        },
        {
          "name": "[oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/01/24/15"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-8127",
    "datePublished": "2017-06-26T15:00:00.000Z",
    "dateReserved": "2014-10-10T00:00:00.000Z",
    "dateUpdated": "2024-08-06T13:10:50.812Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-8129 (GCVE-0-2014-8129)

Vulnerability from cvelistv5 – Published: 2018-03-12 02:00 – Updated: 2024-08-06 13:10

Summary

LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

redhat

References

URL

Tags

	http://support.apple.com/kb/HT204941	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-1547.html	vendor-advisoryx_refsource_REDHAT
	http://bugzilla.maptools.org/show_bug.cgi?id=2488	x_refsource_MISC
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://openwall.com/lists/oss-security/2015/01/24/15	mailing-listx_refsource_MLIST
	http://www.securityfocus.com/bid/72352	vdb-entryx_refsource_BID
	https://security.gentoo.org/glsa/201701-16	vendor-advisoryx_refsource_GENTOO
	https://bugzilla.redhat.com/show_bug.cgi?id=1185815	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1032760	vdb-entryx_refsource_SECTRACK
	http://bugzilla.maptools.org/show_bug.cgi?id=2487	x_refsource_MISC
	http://support.apple.com/kb/HT204942	x_refsource_CONFIRM
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://rhn.redhat.com/errata/RHSA-2016-1546.html	vendor-advisoryx_refsource_REDHAT
	https://www.debian.org/security/2015/dsa-3273	vendor-advisoryx_refsource_DEBIAN
	http://www.conostix.com/pub/adv/CVE-2014-8129-Lib…	x_refsource_MISC

Date Public ?

2015-06-30 00:00

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:10:50.996Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT204941"
          },
          {
            "name": "RHSA-2016:1547",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2488"
          },
          {
            "name": "APPLE-SA-2015-06-30-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
          },
          {
            "name": "[oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2015/01/24/15"
          },
          {
            "name": "72352",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/72352"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185815"
          },
          {
            "name": "1032760",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032760"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2487"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT204942"
          },
          {
            "name": "APPLE-SA-2015-06-30-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
          },
          {
            "name": "RHSA-2016:1546",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
          },
          {
            "name": "DSA-3273",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2015/dsa-3273"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-06-30T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-12T09:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT204941"
        },
        {
          "name": "RHSA-2016:1547",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2488"
        },
        {
          "name": "APPLE-SA-2015-06-30-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
        },
        {
          "name": "[oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2015/01/24/15"
        },
        {
          "name": "72352",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/72352"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185815"
        },
        {
          "name": "1032760",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032760"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2487"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT204942"
        },
        {
          "name": "APPLE-SA-2015-06-30-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
        },
        {
          "name": "RHSA-2016:1546",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
        },
        {
          "name": "DSA-3273",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2015/dsa-3273"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-8129",
    "datePublished": "2018-03-12T02:00:00.000Z",
    "dateReserved": "2014-10-10T00:00:00.000Z",
    "dateUpdated": "2024-08-06T13:10:50.996Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-8130 (GCVE-0-2014-8130)

Vulnerability from cvelistv5 – Published: 2018-03-12 02:00 – Updated: 2024-08-06 13:10

Summary

The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

redhat

References

URL

Tags

	http://support.apple.com/kb/HT204941	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-1547.html	vendor-advisoryx_refsource_REDHAT
	http://www.securityfocus.com/bid/72353	vdb-entryx_refsource_BID
	https://github.com/vadz/libtiff/commit/3c5eb8b1be…	x_refsource_CONFIRM
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://openwall.com/lists/oss-security/2015/01/24/15	mailing-listx_refsource_MLIST
	https://security.gentoo.org/glsa/201701-16	vendor-advisoryx_refsource_GENTOO
	http://www.securitytracker.com/id/1032760	vdb-entryx_refsource_SECTRACK
	http://support.apple.com/kb/HT204942	x_refsource_CONFIRM
	http://www.conostix.com/pub/adv/CVE-2014-8130-Lib…	x_refsource_MISC
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://rhn.redhat.com/errata/RHSA-2016-1546.html	vendor-advisoryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=1185817	x_refsource_CONFIRM
	http://bugzilla.maptools.org/show_bug.cgi?id=2483	x_refsource_CONFIRM

Date Public ?

2015-06-30 00:00

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:10:50.880Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT204941"
          },
          {
            "name": "RHSA-2016:1547",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
          },
          {
            "name": "72353",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/72353"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/vadz/libtiff/commit/3c5eb8b1be544e41d2c336191bc4936300ad7543"
          },
          {
            "name": "APPLE-SA-2015-06-30-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
          },
          {
            "name": "[oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2015/01/24/15"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "name": "1032760",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032760"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT204942"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.conostix.com/pub/adv/CVE-2014-8130-LibTIFF-Division_By_Zero.txt"
          },
          {
            "name": "APPLE-SA-2015-06-30-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
          },
          {
            "name": "RHSA-2016:1546",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185817"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2483"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-06-30T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-12T09:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT204941"
        },
        {
          "name": "RHSA-2016:1547",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
        },
        {
          "name": "72353",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/72353"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vadz/libtiff/commit/3c5eb8b1be544e41d2c336191bc4936300ad7543"
        },
        {
          "name": "APPLE-SA-2015-06-30-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
        },
        {
          "name": "[oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2015/01/24/15"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "name": "1032760",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032760"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT204942"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.conostix.com/pub/adv/CVE-2014-8130-LibTIFF-Division_By_Zero.txt"
        },
        {
          "name": "APPLE-SA-2015-06-30-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
        },
        {
          "name": "RHSA-2016:1546",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185817"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2483"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-8130",
    "datePublished": "2018-03-12T02:00:00.000Z",
    "dateReserved": "2014-10-10T00:00:00.000Z",
    "dateUpdated": "2024-08-06T13:10:50.880Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-9655 (GCVE-0-2014-9655)

Vulnerability from cvelistv5 – Published: 2016-04-13 17:00 – Updated: 2024-08-06 13:47

Summary

The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-1547.html	vendor-advisoryx_refsource_REDHAT
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201701-16	vendor-advisoryx_refsource_GENTOO
	http://www.debian.org/security/2015/dsa-3273	vendor-advisoryx_refsource_DEBIAN
	http://rhn.redhat.com/errata/RHSA-2016-1546.html	vendor-advisoryx_refsource_REDHAT
	http://openwall.com/lists/oss-security/2015/02/07/5	mailing-listx_refsource_MLIST
	http://www.debian.org/security/2016/dsa-3467	vendor-advisoryx_refsource_DEBIAN

Date Public ?

2015-02-07 00:00

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:47:41.964Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "name": "RHSA-2016:1547",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "name": "GLSA-201701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-16"
          },
          {
            "name": "DSA-3273",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3273"
          },
          {
            "name": "RHSA-2016:1546",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
          },
          {
            "name": "[oss-security] 20150207 Re: Multiple vulnerabilities in LibTIFF and associated tools",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2015/02/07/5"
          },
          {
            "name": "DSA-3467",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3467"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-02-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "name": "RHSA-2016:1547",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "name": "GLSA-201701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-16"
        },
        {
          "name": "DSA-3273",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3273"
        },
        {
          "name": "RHSA-2016:1546",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
        },
        {
          "name": "[oss-security] 20150207 Re: Multiple vulnerabilities in LibTIFF and associated tools",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2015/02/07/5"
        },
        {
          "name": "DSA-3467",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3467"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-9655",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "name": "RHSA-2016:1547",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "GLSA-201701-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-16"
            },
            {
              "name": "DSA-3273",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3273"
            },
            {
              "name": "RHSA-2016:1546",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
            },
            {
              "name": "[oss-security] 20150207 Re: Multiple vulnerabilities in LibTIFF and associated tools",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2015/02/07/5"
            },
            {
              "name": "DSA-3467",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3467"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-9655",
    "datePublished": "2016-04-13T17:00:00.000Z",
    "dateReserved": "2015-02-07T00:00:00.000Z",
    "dateUpdated": "2024-08-06T13:47:41.964Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-8128 (GCVE-0-2014-8128)

Vulnerability from cvelistv5 – Published: 2020-02-12 02:15 – Updated: 2024-08-06 13:10

Summary

LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image.

Severity ?

No CVSS data available.

CWE

Other

Assigner

redhat

References

URL

Tags

	http://www.conostix.com/pub/adv/CVE-2014-8128-Lib…	x_refsource_MISC
	http://openwall.com/lists/oss-security/2015/01/24/15	x_refsource_MISC
	http://support.apple.com/kb/HT204941	x_refsource_MISC
	http://support.apple.com/kb/HT204942	x_refsource_MISC
	https://bugzilla.redhat.com/show_bug.cgi?id=1185812	x_refsource_MISC
	http://lists.apple.com/archives/security-announce…	x_refsource_MISC
	http://lists.apple.com/archives/security-announce…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	LibTIFF	Affected: prior to 4.0.4

Date Public ?

2015-06-30 00:00

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:10:51.039Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2015/01/24/15"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT204941"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT204942"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185812"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "LibTIFF",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "prior to 4.0.4"
            }
          ]
        }
      ],
      "datePublic": "2015-06-30T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Other",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-12T02:15:44.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://openwall.com/lists/oss-security/2015/01/24/15"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://support.apple.com/kb/HT204941"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://support.apple.com/kb/HT204942"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185812"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-8128",
    "datePublished": "2020-02-12T02:15:44.000Z",
    "dateReserved": "2014-10-10T00:00:00.000Z",
    "dateUpdated": "2024-08-06T13:10:51.039Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.