var-201604-0195
Vulnerability from variot
The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif. LibTIFF is prone to a memory-corruption vulnerability. An attacker could exploit this issue to execute arbitrary code in the affected system. Failed exploit attempts may result in denial-of-service conditions. ============================================================================ Ubuntu Security Notice USN-2939-1 March 23, 2016
tiff vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: libtiff5 4.0.3-12.3ubuntu2.1
Ubuntu 14.04 LTS: libtiff5 4.0.3-7ubuntu0.4
Ubuntu 12.04 LTS: libtiff4 3.9.5-2ubuntu1.9
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: libtiff security update Advisory ID: RHSA-2016:1546-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1546.html Issue date: 2016-08-02 CVE Names: CVE-2014-8127 CVE-2014-8129 CVE-2014-8130 CVE-2014-9330 CVE-2014-9655 CVE-2015-1547 CVE-2015-7554 CVE-2015-8665 CVE-2015-8668 CVE-2015-8683 CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2015-8784 CVE-2016-3632 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5320 =====================================================================
- Summary:
An update for libtiff is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.
Security Fix(es):
-
Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320)
-
Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running applications linked against libtiff must be restarted for this update to take effect.
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: libtiff-4.0.3-25.el7_2.src.rpm
x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: libtiff-4.0.3-25.el7_2.src.rpm
x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: libtiff-4.0.3-25.el7_2.src.rpm
ppc64: libtiff-4.0.3-25.el7_2.ppc.rpm libtiff-4.0.3-25.el7_2.ppc64.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc64.rpm libtiff-devel-4.0.3-25.el7_2.ppc.rpm libtiff-devel-4.0.3-25.el7_2.ppc64.rpm
ppc64le: libtiff-4.0.3-25.el7_2.ppc64le.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc64le.rpm libtiff-devel-4.0.3-25.el7_2.ppc64le.rpm
s390x: libtiff-4.0.3-25.el7_2.s390.rpm libtiff-4.0.3-25.el7_2.s390x.rpm libtiff-debuginfo-4.0.3-25.el7_2.s390.rpm libtiff-debuginfo-4.0.3-25.el7_2.s390x.rpm libtiff-devel-4.0.3-25.el7_2.s390.rpm libtiff-devel-4.0.3-25.el7_2.s390x.rpm
x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: libtiff-debuginfo-4.0.3-25.el7_2.ppc.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc64.rpm libtiff-static-4.0.3-25.el7_2.ppc.rpm libtiff-static-4.0.3-25.el7_2.ppc64.rpm libtiff-tools-4.0.3-25.el7_2.ppc64.rpm
ppc64le: libtiff-debuginfo-4.0.3-25.el7_2.ppc64le.rpm libtiff-static-4.0.3-25.el7_2.ppc64le.rpm libtiff-tools-4.0.3-25.el7_2.ppc64le.rpm
s390x: libtiff-debuginfo-4.0.3-25.el7_2.s390.rpm libtiff-debuginfo-4.0.3-25.el7_2.s390x.rpm libtiff-static-4.0.3-25.el7_2.s390.rpm libtiff-static-4.0.3-25.el7_2.s390x.rpm libtiff-tools-4.0.3-25.el7_2.s390x.rpm
x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: libtiff-4.0.3-25.el7_2.src.rpm
x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-8127 https://access.redhat.com/security/cve/CVE-2014-8129 https://access.redhat.com/security/cve/CVE-2014-8130 https://access.redhat.com/security/cve/CVE-2014-9330 https://access.redhat.com/security/cve/CVE-2014-9655 https://access.redhat.com/security/cve/CVE-2015-1547 https://access.redhat.com/security/cve/CVE-2015-7554 https://access.redhat.com/security/cve/CVE-2015-8665 https://access.redhat.com/security/cve/CVE-2015-8668 https://access.redhat.com/security/cve/CVE-2015-8683 https://access.redhat.com/security/cve/CVE-2015-8781 https://access.redhat.com/security/cve/CVE-2015-8782 https://access.redhat.com/security/cve/CVE-2015-8783 https://access.redhat.com/security/cve/CVE-2015-8784 https://access.redhat.com/security/cve/CVE-2016-3632 https://access.redhat.com/security/cve/CVE-2016-3945 https://access.redhat.com/security/cve/CVE-2016-3990 https://access.redhat.com/security/cve/CVE-2016-3991 https://access.redhat.com/security/cve/CVE-2016-5320 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFXoNKIXlSAg2UNWIIRAn0mAJ49V9uRtJCn4vAWPIfVZ3ptCa4NDQCbBuTb H5YX3gD3gJu8C4EadiP+wtg= =Z4gh -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
Gentoo Linux Security Advisory GLSA 201701-16
https://security.gentoo.org/
Severity: Normal Title: libTIFF: Multiple vulnerabilities Date: January 09, 2017 Bugs: #484542, #534108, #538318, #561880, #572876, #585274, #585508, #599746 ID: 201701-16
Synopsis
Multiple vulnerabilities have been found in libTIFF, the worst of which may allow execution of arbitrary code. It is called by numerous programs, including GNOME and KDE applications, to interpret TIFF images. Please review the CVE identifier and bug reports referenced for details.
Workaround
There is no known workaround at this time.
Resolution
All libTIFF users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/tiff-4.0.7"
References
[ 1 ] CVE-2013-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4243 [ 2 ] CVE-2014-8127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8127 [ 3 ] CVE-2014-8128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8128 [ 4 ] CVE-2014-8129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8129 [ 5 ] CVE-2014-8130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8130 [ 6 ] CVE-2014-9330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9330 [ 7 ] CVE-2014-9655 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9655 [ 8 ] CVE-2015-1547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1547 [ 9 ] CVE-2015-7313 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7313 [ 10 ] CVE-2015-7554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7554 [ 11 ] CVE-2015-8665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8665 [ 12 ] CVE-2015-8668 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8668 [ 13 ] CVE-2015-8683 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8683 [ 14 ] CVE-2015-8781 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8781 [ 15 ] CVE-2015-8782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8782 [ 16 ] CVE-2015-8783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8783 [ 17 ] CVE-2015-8784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8784 [ 18 ] CVE-2016-3186 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3186 [ 19 ] CVE-2016-3619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3619 [ 20 ] CVE-2016-3620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3620 [ 21 ] CVE-2016-3621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3621 [ 22 ] CVE-2016-3622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3622 [ 23 ] CVE-2016-3623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3623 [ 24 ] CVE-2016-3624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3624 [ 25 ] CVE-2016-3625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3625 [ 26 ] CVE-2016-3631 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3631 [ 27 ] CVE-2016-3632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3632 [ 28 ] CVE-2016-3633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3633 [ 29 ] CVE-2016-3634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3634 [ 30 ] CVE-2016-3658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3658 [ 31 ] CVE-2016-3945 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3945 [ 32 ] CVE-2016-3990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3990 [ 33 ] CVE-2016-3991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3991 [ 34 ] CVE-2016-5102 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5102 [ 35 ] CVE-2016-5314 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5314 [ 36 ] CVE-2016-5315 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5315 [ 37 ] CVE-2016-5316 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5316 [ 38 ] CVE-2016-5317 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5317 [ 39 ] CVE-2016-5318 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5318 [ 40 ] CVE-2016-5319 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5319 [ 41 ] CVE-2016-5320 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5320 [ 42 ] CVE-2016-5321 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5321 [ 43 ] CVE-2016-5322 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5322 [ 44 ] CVE-2016-5323 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5323 [ 45 ] CVE-2016-5652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5652 [ 46 ] CVE-2016-5875 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5875 [ 47 ] CVE-2016-6223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6223 [ 48 ] CVE-2016-8331 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8331 [ 49 ] CVE-2016-9273 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9273 [ 50 ] CVE-2016-9297 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9297 [ 51 ] CVE-2016-9318 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9318 [ 52 ] CVE-2016-9448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9448 [ 53 ] CVE-2016-9453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9453 [ 54 ] CVE-2016-9532 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9532
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201701-16
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--WUa5dgL7FmU1aSF31hCrUKc2JiSevbqka--
. Multiple out-of-bounds read and write flaws could cause an application using the tiff library to crash.
For the oldstable distribution (wheezy), these problems have been fixed in version 4.0.2-6+deb7u5.
For the stable distribution (jessie), these problems have been fixed in version 4.0.3-12.3+deb8u1.
For the testing distribution (stretch), these problems have been fixed in version 4.0.6-1.
For the unstable distribution (sid), these problems have been fixed in version 4.0.6-1.
We recommend that you upgrade your tiff packages. 6) - i386, x86_64
3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0195",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "libtiff",
"scope": null,
"trust": 1.4,
"vendor": "libtiff",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "libtiff",
"scope": "lt",
"trust": 1.0,
"vendor": "libtiff",
"version": "4.0.7"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "gnu/linux",
"scope": "eq",
"trust": 0.8,
"vendor": "debian",
"version": "7.0"
},
{
"model": "gnu/linux",
"scope": "eq",
"trust": 0.8,
"vendor": "debian",
"version": "8.0"
},
{
"model": "big-ip aam build",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.66.204.442"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip aam hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.6.1"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "big-ip aam hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "big-ip aam build 685-hf10",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "powerkvm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3.0"
},
{
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"model": "big-ip aam build",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.40.1.256"
},
{
"model": "vm server for",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "x863.4"
},
{
"model": "big-ip aam hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.1"
},
{
"model": "big-ip aam build",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.110.104.180"
},
{
"model": "big-ip aam hf6",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "big-ip aam hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "smartcloud entry appliance fp",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.4"
},
{
"model": "big-ip aam hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.6"
},
{
"model": "powerkvm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "smartcloud entry appliance fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.24"
},
{
"model": "big-ip aam hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.4"
},
{
"model": "libtiff",
"scope": "eq",
"trust": 0.3,
"vendor": "libtiff",
"version": "-0"
},
{
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.2"
},
{
"model": "big-ip aam hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.4"
},
{
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.0"
},
{
"model": "smartcloud entry appliance fi",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.4"
},
{
"model": "big-ip aam hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.3"
},
{
"model": "big-ip aam hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.3"
},
{
"model": "big-ip aam hf11",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.22"
},
{
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.0"
},
{
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "big-ip aam hf8",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4"
},
{
"model": "big-ip aam hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.0"
},
{
"model": "big-ip aam hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "big-ip aam hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "smartcloud entry appliance fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.36"
},
{
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.1.1"
},
{
"model": "big-ip aam hf8",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.6"
},
{
"model": "big-ip aam hf9",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip aam hf10",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "big-ip aam hf10",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.0"
},
{
"model": "big-ip aam hf8",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "smartcloud entry appliance fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.34"
},
{
"model": "big-ip aam build",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.01.14.628"
},
{
"model": "big-ip aam hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "big-ip aam hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "smartcloud entry appliance fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.26"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2"
},
{
"model": "smartcloud entry appliance fi",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.0.4"
},
{
"model": "big-ip aam hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "big-ip aam hf9",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.21"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "big-ip aam hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.1"
},
{
"model": "smartcloud entry appliance fp",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.4"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "vm server for",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "x863.3"
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.31"
},
{
"model": "big-ip aam hf10",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "smartcloud entry appliance fi",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3.0.4"
},
{
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.6.0"
},
{
"model": "big-ip aam hf6",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.6"
},
{
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.4"
},
{
"model": "big-ip aam hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.6.0"
},
{
"model": "smartcloud entry appliance fp",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.3"
},
{
"model": "big-ip aam hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.6.0"
},
{
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.3"
}
],
"sources": [
{
"db": "BID",
"id": "81696"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007063"
},
{
"db": "NVD",
"id": "CVE-2015-8784"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-074"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.0.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8784"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Salvatore Bonaccorso",
"sources": [
{
"db": "BID",
"id": "81696"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-074"
}
],
"trust": 0.9
},
"cve": "CVE-2015-8784",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-8784",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-8784",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-8784",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-074",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-8784",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-8784"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007063"
},
{
"db": "NVD",
"id": "CVE-2015-8784"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-074"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif. LibTIFF is prone to a memory-corruption vulnerability. \nAn attacker could exploit this issue to execute arbitrary code in the affected system. Failed exploit attempts may result in denial-of-service conditions. ============================================================================\nUbuntu Security Notice USN-2939-1\nMarch 23, 2016\n\ntiff vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nLibTIFF could be made to crash or run programs as your login if it opened a\nspecially crafted file. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n libtiff5 4.0.3-12.3ubuntu2.1\n\nUbuntu 14.04 LTS:\n libtiff5 4.0.3-7ubuntu0.4\n\nUbuntu 12.04 LTS:\n libtiff4 3.9.5-2ubuntu1.9\n\nIn general, a standard system update will make all the necessary changes. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: libtiff security update\nAdvisory ID: RHSA-2016:1546-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-1546.html\nIssue date: 2016-08-02\nCVE Names: CVE-2014-8127 CVE-2014-8129 CVE-2014-8130 \n CVE-2014-9330 CVE-2014-9655 CVE-2015-1547 \n CVE-2015-7554 CVE-2015-8665 CVE-2015-8668 \n CVE-2015-8683 CVE-2015-8781 CVE-2015-8782 \n CVE-2015-8783 CVE-2015-8784 CVE-2016-3632 \n CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 \n CVE-2016-5320 \n=====================================================================\n\n1. Summary:\n\nAn update for libtiff is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe libtiff packages contain a library of functions for manipulating Tagged\nImage File Format (TIFF) files. \n\nSecurity Fix(es):\n\n* Multiple flaws have been discovered in libtiff. A remote attacker could\nexploit these flaws to cause a crash or memory corruption and, possibly,\nexecute arbitrary code by tricking an application linked against libtiff\ninto processing specially crafted files. (CVE-2014-9655, CVE-2015-1547,\nCVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782,\nCVE-2015-8783, CVE-2016-3990, CVE-2016-5320)\n\n* Multiple flaws have been discovered in various libtiff tools (bmp2tiff,\npal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit,\ntiff2rgba). By tricking a user into processing a specially crafted file, a\nremote attacker could exploit these flaws to cause a crash or memory\ncorruption and, possibly, execute arbitrary code with the privileges of the\nuser running the libtiff tool. (CVE-2014-8127, CVE-2014-8129,\nCVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632,\nCVE-2016-3945, CVE-2016-3991)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running applications linked against libtiff must be restarted for this\nupdate to take effect. \n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nlibtiff-4.0.3-25.el7_2.src.rpm\n\nx86_64:\nlibtiff-4.0.3-25.el7_2.i686.rpm\nlibtiff-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-devel-4.0.3-25.el7_2.i686.rpm\nlibtiff-devel-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-static-4.0.3-25.el7_2.i686.rpm\nlibtiff-static-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-tools-4.0.3-25.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nlibtiff-4.0.3-25.el7_2.src.rpm\n\nx86_64:\nlibtiff-4.0.3-25.el7_2.i686.rpm\nlibtiff-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-devel-4.0.3-25.el7_2.i686.rpm\nlibtiff-devel-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-static-4.0.3-25.el7_2.i686.rpm\nlibtiff-static-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-tools-4.0.3-25.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nlibtiff-4.0.3-25.el7_2.src.rpm\n\nppc64:\nlibtiff-4.0.3-25.el7_2.ppc.rpm\nlibtiff-4.0.3-25.el7_2.ppc64.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.ppc.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.ppc64.rpm\nlibtiff-devel-4.0.3-25.el7_2.ppc.rpm\nlibtiff-devel-4.0.3-25.el7_2.ppc64.rpm\n\nppc64le:\nlibtiff-4.0.3-25.el7_2.ppc64le.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.ppc64le.rpm\nlibtiff-devel-4.0.3-25.el7_2.ppc64le.rpm\n\ns390x:\nlibtiff-4.0.3-25.el7_2.s390.rpm\nlibtiff-4.0.3-25.el7_2.s390x.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.s390.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.s390x.rpm\nlibtiff-devel-4.0.3-25.el7_2.s390.rpm\nlibtiff-devel-4.0.3-25.el7_2.s390x.rpm\n\nx86_64:\nlibtiff-4.0.3-25.el7_2.i686.rpm\nlibtiff-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-devel-4.0.3-25.el7_2.i686.rpm\nlibtiff-devel-4.0.3-25.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nlibtiff-debuginfo-4.0.3-25.el7_2.ppc.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.ppc64.rpm\nlibtiff-static-4.0.3-25.el7_2.ppc.rpm\nlibtiff-static-4.0.3-25.el7_2.ppc64.rpm\nlibtiff-tools-4.0.3-25.el7_2.ppc64.rpm\n\nppc64le:\nlibtiff-debuginfo-4.0.3-25.el7_2.ppc64le.rpm\nlibtiff-static-4.0.3-25.el7_2.ppc64le.rpm\nlibtiff-tools-4.0.3-25.el7_2.ppc64le.rpm\n\ns390x:\nlibtiff-debuginfo-4.0.3-25.el7_2.s390.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.s390x.rpm\nlibtiff-static-4.0.3-25.el7_2.s390.rpm\nlibtiff-static-4.0.3-25.el7_2.s390x.rpm\nlibtiff-tools-4.0.3-25.el7_2.s390x.rpm\n\nx86_64:\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-static-4.0.3-25.el7_2.i686.rpm\nlibtiff-static-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-tools-4.0.3-25.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nlibtiff-4.0.3-25.el7_2.src.rpm\n\nx86_64:\nlibtiff-4.0.3-25.el7_2.i686.rpm\nlibtiff-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-devel-4.0.3-25.el7_2.i686.rpm\nlibtiff-devel-4.0.3-25.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-static-4.0.3-25.el7_2.i686.rpm\nlibtiff-static-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-tools-4.0.3-25.el7_2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-8127\nhttps://access.redhat.com/security/cve/CVE-2014-8129\nhttps://access.redhat.com/security/cve/CVE-2014-8130\nhttps://access.redhat.com/security/cve/CVE-2014-9330\nhttps://access.redhat.com/security/cve/CVE-2014-9655\nhttps://access.redhat.com/security/cve/CVE-2015-1547\nhttps://access.redhat.com/security/cve/CVE-2015-7554\nhttps://access.redhat.com/security/cve/CVE-2015-8665\nhttps://access.redhat.com/security/cve/CVE-2015-8668\nhttps://access.redhat.com/security/cve/CVE-2015-8683\nhttps://access.redhat.com/security/cve/CVE-2015-8781\nhttps://access.redhat.com/security/cve/CVE-2015-8782\nhttps://access.redhat.com/security/cve/CVE-2015-8783\nhttps://access.redhat.com/security/cve/CVE-2015-8784\nhttps://access.redhat.com/security/cve/CVE-2016-3632\nhttps://access.redhat.com/security/cve/CVE-2016-3945\nhttps://access.redhat.com/security/cve/CVE-2016-3990\nhttps://access.redhat.com/security/cve/CVE-2016-3991\nhttps://access.redhat.com/security/cve/CVE-2016-5320\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXoNKIXlSAg2UNWIIRAn0mAJ49V9uRtJCn4vAWPIfVZ3ptCa4NDQCbBuTb\nH5YX3gD3gJu8C4EadiP+wtg=\n=Z4gh\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201701-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: libTIFF: Multiple vulnerabilities\n Date: January 09, 2017\n Bugs: #484542, #534108, #538318, #561880, #572876, #585274,\n #585508, #599746\n ID: 201701-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in libTIFF, the worst of which\nmay allow execution of arbitrary code. It is called by numerous programs, including GNOME\nand KDE applications, to interpret TIFF images. Please review\nthe CVE identifier and bug reports referenced for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll libTIFF users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=media-libs/tiff-4.0.7\"\n\nReferences\n==========\n\n[ 1 ] CVE-2013-4243\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4243\n[ 2 ] CVE-2014-8127\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8127\n[ 3 ] CVE-2014-8128\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8128\n[ 4 ] CVE-2014-8129\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8129\n[ 5 ] CVE-2014-8130\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8130\n[ 6 ] CVE-2014-9330\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9330\n[ 7 ] CVE-2014-9655\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9655\n[ 8 ] CVE-2015-1547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1547\n[ 9 ] CVE-2015-7313\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7313\n[ 10 ] CVE-2015-7554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7554\n[ 11 ] CVE-2015-8665\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8665\n[ 12 ] CVE-2015-8668\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8668\n[ 13 ] CVE-2015-8683\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8683\n[ 14 ] CVE-2015-8781\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8781\n[ 15 ] CVE-2015-8782\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8782\n[ 16 ] CVE-2015-8783\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8783\n[ 17 ] CVE-2015-8784\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8784\n[ 18 ] CVE-2016-3186\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3186\n[ 19 ] CVE-2016-3619\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3619\n[ 20 ] CVE-2016-3620\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3620\n[ 21 ] CVE-2016-3621\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3621\n[ 22 ] CVE-2016-3622\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3622\n[ 23 ] CVE-2016-3623\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3623\n[ 24 ] CVE-2016-3624\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3624\n[ 25 ] CVE-2016-3625\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3625\n[ 26 ] CVE-2016-3631\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3631\n[ 27 ] CVE-2016-3632\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3632\n[ 28 ] CVE-2016-3633\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3633\n[ 29 ] CVE-2016-3634\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3634\n[ 30 ] CVE-2016-3658\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3658\n[ 31 ] CVE-2016-3945\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3945\n[ 32 ] CVE-2016-3990\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3990\n[ 33 ] CVE-2016-3991\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3991\n[ 34 ] CVE-2016-5102\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5102\n[ 35 ] CVE-2016-5314\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5314\n[ 36 ] CVE-2016-5315\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5315\n[ 37 ] CVE-2016-5316\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5316\n[ 38 ] CVE-2016-5317\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5317\n[ 39 ] CVE-2016-5318\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5318\n[ 40 ] CVE-2016-5319\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5319\n[ 41 ] CVE-2016-5320\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5320\n[ 42 ] CVE-2016-5321\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5321\n[ 43 ] CVE-2016-5322\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5322\n[ 44 ] CVE-2016-5323\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5323\n[ 45 ] CVE-2016-5652\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5652\n[ 46 ] CVE-2016-5875\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5875\n[ 47 ] CVE-2016-6223\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6223\n[ 48 ] CVE-2016-8331\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8331\n[ 49 ] CVE-2016-9273\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9273\n[ 50 ] CVE-2016-9297\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9297\n[ 51 ] CVE-2016-9318\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9318\n[ 52 ] CVE-2016-9448\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9448\n[ 53 ] CVE-2016-9453\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9453\n[ 54 ] CVE-2016-9532\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9532\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201701-16\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n--WUa5dgL7FmU1aSF31hCrUKc2JiSevbqka--\n\n. Multiple out-of-bounds read and write flaws could cause an\napplication using the tiff library to crash. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 4.0.2-6+deb7u5. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 4.0.3-12.3+deb8u1. \n\nFor the testing distribution (stretch), these problems have been fixed\nin version 4.0.6-1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.0.6-1. \n\nWe recommend that you upgrade your tiff packages. 6) - i386, x86_64\n\n3",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8784"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007063"
},
{
"db": "BID",
"id": "81696"
},
{
"db": "VULMON",
"id": "CVE-2015-8784"
},
{
"db": "PACKETSTORM",
"id": "136385"
},
{
"db": "PACKETSTORM",
"id": "138137"
},
{
"db": "PACKETSTORM",
"id": "140402"
},
{
"db": "PACKETSTORM",
"id": "135662"
},
{
"db": "PACKETSTORM",
"id": "138138"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-8784",
"trust": 3.3
},
{
"db": "BID",
"id": "81696",
"trust": 2.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2016/01/24/4",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2016/01/24/8",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007063",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201602-074",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2015-8784",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136385",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "138137",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140402",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135662",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "138138",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-8784"
},
{
"db": "BID",
"id": "81696"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007063"
},
{
"db": "PACKETSTORM",
"id": "136385"
},
{
"db": "PACKETSTORM",
"id": "138137"
},
{
"db": "PACKETSTORM",
"id": "140402"
},
{
"db": "PACKETSTORM",
"id": "135662"
},
{
"db": "PACKETSTORM",
"id": "138138"
},
{
"db": "NVD",
"id": "CVE-2015-8784"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-074"
}
]
},
"id": "VAR-201604-0195",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.44532526
},
"last_update_date": "2023-12-18T10:53:49.464000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Bug 2508",
"trust": 0.8,
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2508"
},
{
"title": "DSA-3467",
"trust": 0.8,
"url": "https://www.debian.org/security/2016/dsa-3467"
},
{
"title": "* libtiff/tif_next.c: fix potential out-of-bound write in NeXTDecode()",
"trust": 0.8,
"url": "https://github.com/vadz/libtiff/commit/b18012dae552f85dcc5c57d3bf4e997a15b1cc1c"
},
{
"title": "Silicon Graphics LibTiff\u0027NeXTDecode()\u0027 Fixes for function denial of service vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=60064"
},
{
"title": "Red Hat: CVE-2015-8784",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-8784"
},
{
"title": "Ubuntu Security Notice: tiff vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2939-1"
},
{
"title": "Debian CVElist Bug Report Logs: tiff: CVE-2015-8683: out-of-bounds read in CIE Lab image format",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=390434416e4acde3bf8b99e4da032c83"
},
{
"title": "Debian CVElist Bug Report Logs: tiff: CVE-2015-8665: out-of-bound read in tif_getimage.c",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=6ec319e5239f23b8cfa3b133cf8edbf4"
},
{
"title": "Debian Security Advisories: DSA-3467-1 tiff -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a8a45052489cbaa9fb33682f27d831b9"
},
{
"title": "Amazon Linux AMI: ALAS-2016-734",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-734"
},
{
"title": "Amazon Linux AMI: ALAS-2016-733",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-733"
},
{
"title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=6c15273f6bf4a785175f27073b98a1ce"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=0bd8c924b56aac98dda0f5b45f425f38"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=976a4da35d55283870dbb31b88a6c655"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-8784"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007063"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-074"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007063"
},
{
"db": "NVD",
"id": "CVE-2015-8784"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2508"
},
{
"trust": 2.0,
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"trust": 2.0,
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/81696"
},
{
"trust": 1.8,
"url": "http://www.ubuntu.com/usn/usn-2939-1"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/201701-16"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1547.html"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1546.html"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2016/01/24/4"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2016/01/24/8"
},
{
"trust": 1.7,
"url": "https://github.com/vadz/libtiff/commit/b18012dae552f85dcc5c57d3bf4e997a15b1cc1c"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2016/dsa-3467"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8784"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8784"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8782"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8781"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8683"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8784"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8665"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8783"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-8784"
},
{
"trust": 0.3,
"url": "http://www.libtiff.org/"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024132"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024193"
},
{
"trust": 0.3,
"url": "http://seclists.org/oss-sec/2016/q1/191"
},
{
"trust": 0.3,
"url": "https://support.f5.com/kb/en-us/solutions/public/k/89/sol89096577.html?sr=59127075"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3632"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8668"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8127"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7554"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8130"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9655"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8129"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9330"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1547"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-8129"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-9330"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-3991"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-8665"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-8683"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-3632"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-3945"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-8782"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3945"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-8127"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-8781"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5320"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-9655"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-5320"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3990"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3991"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-8783"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-8130"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-1547"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-3990"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-7554"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-8668"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2939-1/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tiff/3.9.5-2ubuntu1.9"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tiff/4.0.3-7ubuntu0.4"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tiff/4.0.3-12.3ubuntu2.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3625"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6223"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7313"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3990"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5319"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8127"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8128"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3634"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5321"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8783"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9655"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3633"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8782"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3632"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7554"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5875"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3622"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3631"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8784"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3624"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3623"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5314"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-8331"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3624"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4243"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1547"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5317"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3631"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9330"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3620"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9453"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3620"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9273"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8129"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8128"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5316"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5652"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3991"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3621"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3186"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3623"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9448"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5315"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3186"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3622"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5102"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3658"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5323"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8130"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5322"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3625"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8665"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5318"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3945"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3619"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3633"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8668"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5320"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8683"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7313"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9532"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4243"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-8784"
},
{
"db": "BID",
"id": "81696"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007063"
},
{
"db": "PACKETSTORM",
"id": "136385"
},
{
"db": "PACKETSTORM",
"id": "138137"
},
{
"db": "PACKETSTORM",
"id": "140402"
},
{
"db": "PACKETSTORM",
"id": "135662"
},
{
"db": "PACKETSTORM",
"id": "138138"
},
{
"db": "NVD",
"id": "CVE-2015-8784"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-074"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2015-8784"
},
{
"db": "BID",
"id": "81696"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007063"
},
{
"db": "PACKETSTORM",
"id": "136385"
},
{
"db": "PACKETSTORM",
"id": "138137"
},
{
"db": "PACKETSTORM",
"id": "140402"
},
{
"db": "PACKETSTORM",
"id": "135662"
},
{
"db": "PACKETSTORM",
"id": "138138"
},
{
"db": "NVD",
"id": "CVE-2015-8784"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-074"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-13T00:00:00",
"db": "VULMON",
"id": "CVE-2015-8784"
},
{
"date": "2016-01-24T00:00:00",
"db": "BID",
"id": "81696"
},
{
"date": "2016-04-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007063"
},
{
"date": "2016-03-23T23:14:58",
"db": "PACKETSTORM",
"id": "136385"
},
{
"date": "2016-08-02T23:00:03",
"db": "PACKETSTORM",
"id": "138137"
},
{
"date": "2017-01-09T19:12:35",
"db": "PACKETSTORM",
"id": "140402"
},
{
"date": "2016-02-08T18:25:00",
"db": "PACKETSTORM",
"id": "135662"
},
{
"date": "2016-08-02T23:00:12",
"db": "PACKETSTORM",
"id": "138138"
},
{
"date": "2016-04-13T17:59:06.490000",
"db": "NVD",
"id": "CVE-2015-8784"
},
{
"date": "2016-01-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-074"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-31T00:00:00",
"db": "VULMON",
"id": "CVE-2015-8784"
},
{
"date": "2016-12-20T01:01:00",
"db": "BID",
"id": "81696"
},
{
"date": "2016-04-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007063"
},
{
"date": "2019-12-31T18:56:22.940000",
"db": "NVD",
"id": "CVE-2015-8784"
},
{
"date": "2020-01-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-074"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "136385"
},
{
"db": "PACKETSTORM",
"id": "138137"
},
{
"db": "PACKETSTORM",
"id": "138138"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-074"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LibTIFF of tif_next.c of NeXTDecode Service disruption in functions (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007063"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-074"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.