var-201803-0099
Vulnerability from variot
The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither. LibTIFF Contains a vulnerability related to division by zero.Service operation interruption (DoS) There is a possibility of being put into a state. LibTIFF is prone to a denial-of-service vulnerability. Successful exploits may allow attackers to crash the affected application, denying service to legitimate users. A denial of service vulnerability exists in Silicon Graphics LibTiff prior to 4.0.3. ============================================================================ Ubuntu Security Notice USN-2553-2 April 01, 2015
tiff regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
USN-2553-1 introduced a regression in LibTIFF. One of the security fixes caused a regression when saving certain TIFF files with a Predictor tag. The problematic patch has been temporarily backed out until a more complete fix is available.
We apologize for the inconvenience.
Original advisory details:
William Robinet discovered that LibTIFF incorrectly handled certain malformed images. (CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130) Paris Zoumpouloglou discovered that LibTIFF incorrectly handled certain malformed BMP images. (CVE-2014-9655)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.10: libtiff5 4.0.3-10ubuntu0.2
Ubuntu 14.04 LTS: libtiff5 4.0.3-7ubuntu0.3
Ubuntu 12.04 LTS: libtiff4 3.9.5-2ubuntu1.8
Ubuntu 10.04 LTS: libtiff4 3.9.2-2ubuntu0.16
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: libtiff security update Advisory ID: RHSA-2016:1546-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1546.html Issue date: 2016-08-02 CVE Names: CVE-2014-8127 CVE-2014-8129 CVE-2014-8130 CVE-2014-9330 CVE-2014-9655 CVE-2015-1547 CVE-2015-7554 CVE-2015-8665 CVE-2015-8668 CVE-2015-8683 CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2015-8784 CVE-2016-3632 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5320 =====================================================================
- Summary:
An update for libtiff is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.
Security Fix(es):
-
Multiple flaws have been discovered in libtiff. (CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320)
-
Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running applications linked against libtiff must be restarted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1177893 - CVE-2014-9330 libtiff: Out-of-bounds reads followed by a crash in bmp2tiff 1185805 - CVE-2014-8127 libtiff: out-of-bounds read with malformed TIFF image in multiple tools 1185815 - CVE-2014-8129 libtiff: out-of-bounds read/write with malformed TIFF image in tiff2pdf 1185817 - CVE-2014-8130 libtiff: divide by zero in the tiffdither tool 1190703 - CVE-2014-9655 libtiff: use of uninitialized memory in putcontig8bitYCbCr21tile and NeXTDecode 1190709 - CVE-2015-1547 libtiff: use of uninitialized memory in NeXTDecode 1294417 - CVE-2015-7554 libtiff: Invalid-write in _TIFFVGetField() when parsing some extension tags 1294425 - CVE-2015-8668 libtiff: OOB read in bmp2tiff 1294427 - CVE-2015-8683 libtiff: Out-of-bounds when reading CIE Lab image format files 1294444 - CVE-2015-8665 libtiff: Out-of-bounds read in tif_getimage.c 1301649 - CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 libtiff: invalid assertion 1301652 - CVE-2015-8784 libtiff: out-of-bound write in NeXTDecode() 1325093 - CVE-2016-3945 libtiff: out-of-bounds write in the tiff2rgba tool 1325095 - CVE-2016-3632 libtiff: out-of-bounds write in _TIFFVGetField function 1326246 - CVE-2016-3990 libtiff: out-of-bounds write in horizontalDifference8() 1326249 - CVE-2016-3991 libtiff: out-of-bounds write in loadImage() function 1346687 - CVE-2016-5320 libtiff: Out-of-bounds write in PixarLogDecode() function in tif_pixarlog.c
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: libtiff-4.0.3-25.el7_2.src.rpm
x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: libtiff-4.0.3-25.el7_2.src.rpm
x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: libtiff-4.0.3-25.el7_2.src.rpm
ppc64: libtiff-4.0.3-25.el7_2.ppc.rpm libtiff-4.0.3-25.el7_2.ppc64.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc64.rpm libtiff-devel-4.0.3-25.el7_2.ppc.rpm libtiff-devel-4.0.3-25.el7_2.ppc64.rpm
ppc64le: libtiff-4.0.3-25.el7_2.ppc64le.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc64le.rpm libtiff-devel-4.0.3-25.el7_2.ppc64le.rpm
s390x: libtiff-4.0.3-25.el7_2.s390.rpm libtiff-4.0.3-25.el7_2.s390x.rpm libtiff-debuginfo-4.0.3-25.el7_2.s390.rpm libtiff-debuginfo-4.0.3-25.el7_2.s390x.rpm libtiff-devel-4.0.3-25.el7_2.s390.rpm libtiff-devel-4.0.3-25.el7_2.s390x.rpm
x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: libtiff-debuginfo-4.0.3-25.el7_2.ppc.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc64.rpm libtiff-static-4.0.3-25.el7_2.ppc.rpm libtiff-static-4.0.3-25.el7_2.ppc64.rpm libtiff-tools-4.0.3-25.el7_2.ppc64.rpm
ppc64le: libtiff-debuginfo-4.0.3-25.el7_2.ppc64le.rpm libtiff-static-4.0.3-25.el7_2.ppc64le.rpm libtiff-tools-4.0.3-25.el7_2.ppc64le.rpm
s390x: libtiff-debuginfo-4.0.3-25.el7_2.s390.rpm libtiff-debuginfo-4.0.3-25.el7_2.s390x.rpm libtiff-static-4.0.3-25.el7_2.s390.rpm libtiff-static-4.0.3-25.el7_2.s390x.rpm libtiff-tools-4.0.3-25.el7_2.s390x.rpm
x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: libtiff-4.0.3-25.el7_2.src.rpm
x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-8127 https://access.redhat.com/security/cve/CVE-2014-8129 https://access.redhat.com/security/cve/CVE-2014-8130 https://access.redhat.com/security/cve/CVE-2014-9330 https://access.redhat.com/security/cve/CVE-2014-9655 https://access.redhat.com/security/cve/CVE-2015-1547 https://access.redhat.com/security/cve/CVE-2015-7554 https://access.redhat.com/security/cve/CVE-2015-8665 https://access.redhat.com/security/cve/CVE-2015-8668 https://access.redhat.com/security/cve/CVE-2015-8683 https://access.redhat.com/security/cve/CVE-2015-8781 https://access.redhat.com/security/cve/CVE-2015-8782 https://access.redhat.com/security/cve/CVE-2015-8783 https://access.redhat.com/security/cve/CVE-2015-8784 https://access.redhat.com/security/cve/CVE-2016-3632 https://access.redhat.com/security/cve/CVE-2016-3945 https://access.redhat.com/security/cve/CVE-2016-3990 https://access.redhat.com/security/cve/CVE-2016-3991 https://access.redhat.com/security/cve/CVE-2016-5320 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFXoNKIXlSAg2UNWIIRAn0mAJ49V9uRtJCn4vAWPIfVZ3ptCa4NDQCbBuTb H5YX3gD3gJu8C4EadiP+wtg= =Z4gh -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8127 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8128 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8129 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8130 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9655 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1547 http://advisories.mageia.org/MGASA-2015-0112.html
Updated Packages:
Mandriva Business Server 2/X86_64: 17de6bd824adefbdae0ff3c563d63269 mbs2/x86_64/lib64tiff5-4.0.4-0.1.mbs2.x86_64.rpm f54719a7fc450ee6d6f755276d9e2724 mbs2/x86_64/lib64tiff-devel-4.0.4-0.1.mbs2.x86_64.rpm 919f8e9c688aa4341e3e5a0beec9d845 mbs2/x86_64/lib64tiff-static-devel-4.0.4-0.1.mbs2.x86_64.rpm f144bb33e2e10f9290851a5c8154660c mbs2/x86_64/libtiff-progs-4.0.4-0.1.mbs2.x86_64.rpm 74ddb4270be8dac262dce7cb8e33f2b6 mbs2/SRPMS/libtiff-4.0.4-0.1.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFVGACNmqjQ0CJFipgRAqWHAKCMsgmTovS2eO9vgejrPl3VxblviwCfdmYA gzHy/Xg9PwU1pycCt9bn7Xg= =Qxp+ -----END PGP SIGNATURE----- .
Gentoo Linux Security Advisory GLSA 201701-16
https://security.gentoo.org/
Severity: Normal Title: libTIFF: Multiple vulnerabilities Date: January 09, 2017 Bugs: #484542, #534108, #538318, #561880, #572876, #585274, #585508, #599746 ID: 201701-16
Synopsis
Multiple vulnerabilities have been found in libTIFF, the worst of which may allow execution of arbitrary code. It is called by numerous programs, including GNOME and KDE applications, to interpret TIFF images. Please review the CVE identifier and bug reports referenced for details.
Workaround
There is no known workaround at this time.
Resolution
All libTIFF users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/tiff-4.0.7"
References
[ 1 ] CVE-2013-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4243 [ 2 ] CVE-2014-8127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8127 [ 3 ] CVE-2014-8128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8128 [ 4 ] CVE-2014-8129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8129 [ 5 ] CVE-2014-8130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8130 [ 6 ] CVE-2014-9330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9330 [ 7 ] CVE-2014-9655 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9655 [ 8 ] CVE-2015-1547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1547 [ 9 ] CVE-2015-7313 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7313 [ 10 ] CVE-2015-7554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7554 [ 11 ] CVE-2015-8665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8665 [ 12 ] CVE-2015-8668 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8668 [ 13 ] CVE-2015-8683 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8683 [ 14 ] CVE-2015-8781 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8781 [ 15 ] CVE-2015-8782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8782 [ 16 ] CVE-2015-8783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8783 [ 17 ] CVE-2015-8784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8784 [ 18 ] CVE-2016-3186 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3186 [ 19 ] CVE-2016-3619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3619 [ 20 ] CVE-2016-3620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3620 [ 21 ] CVE-2016-3621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3621 [ 22 ] CVE-2016-3622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3622 [ 23 ] CVE-2016-3623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3623 [ 24 ] CVE-2016-3624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3624 [ 25 ] CVE-2016-3625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3625 [ 26 ] CVE-2016-3631 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3631 [ 27 ] CVE-2016-3632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3632 [ 28 ] CVE-2016-3633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3633 [ 29 ] CVE-2016-3634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3634 [ 30 ] CVE-2016-3658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3658 [ 31 ] CVE-2016-3945 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3945 [ 32 ] CVE-2016-3990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3990 [ 33 ] CVE-2016-3991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3991 [ 34 ] CVE-2016-5102 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5102 [ 35 ] CVE-2016-5314 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5314 [ 36 ] CVE-2016-5315 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5315 [ 37 ] CVE-2016-5316 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5316 [ 38 ] CVE-2016-5317 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5317 [ 39 ] CVE-2016-5318 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5318 [ 40 ] CVE-2016-5319 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5319 [ 41 ] CVE-2016-5320 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5320 [ 42 ] CVE-2016-5321 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5321 [ 43 ] CVE-2016-5322 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5322 [ 44 ] CVE-2016-5323 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5323 [ 45 ] CVE-2016-5652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5652 [ 46 ] CVE-2016-5875 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5875 [ 47 ] CVE-2016-6223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6223 [ 48 ] CVE-2016-8331 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8331 [ 49 ] CVE-2016-9273 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9273 [ 50 ] CVE-2016-9297 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9297 [ 51 ] CVE-2016-9318 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9318 [ 52 ] CVE-2016-9448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9448 [ 53 ] CVE-2016-9453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9453 [ 54 ] CVE-2016-9532 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9532
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201701-16
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--WUa5dgL7FmU1aSF31hCrUKc2JiSevbqka--
. 6) - i386, x86_64
3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-0099",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "libtiff",
"scope": "eq",
"trust": 2.1,
"vendor": "libtiff",
"version": "4.0.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.10.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.10.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.8.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.9.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.10.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.10.2"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "*"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "mac os x",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "enterprise linux desktop",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise linux server",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise linux server aus",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise linux server eus",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise linux server tus",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise linux workstation",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "iphone"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "ipad2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "ipodtouch"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "powerkvm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3.0"
},
{
"model": "vm server for",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "x863.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.3"
},
{
"model": "smartcloud entry appliance fp",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "powerkvm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1x8664"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.2"
},
{
"model": "ios beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.1"
},
{
"model": "smartcloud entry appliance fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.24"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.1"
},
{
"model": "ios beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "64"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "8.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.10"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "smartcloud entry appliance fi",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.4"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.22"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "smartcloud entry appliance fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.36"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.4"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "ios beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.0"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "smartcloud entry appliance fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.34"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "smartcloud entry appliance fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.26"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.10"
},
{
"model": "ios for developer",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "smartcloud entry appliance fi",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.0.4"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.21"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "smartcloud entry appliance fp",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.4"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "vm server for",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "x863.3"
},
{
"model": "smartcloud entry fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.31"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "smartcloud entry appliance fi",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3.0.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.3"
},
{
"model": "smartcloud entry appliance fp",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
}
],
"sources": [
{
"db": "BID",
"id": "72353"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008536"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-711"
},
{
"db": "NVD",
"id": "CVE-2014-8130"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:libtiff:libtiff:4.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.9.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:ipodtouch:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:iphone:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:ipad2:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8130"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "William Robinet and american fuzzy lop",
"sources": [
{
"db": "BID",
"id": "72353"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-711"
}
],
"trust": 0.9
},
"cve": "CVE-2014-8130",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-8130",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-76075",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-8130",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-8130",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201501-711",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-76075",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2014-8130",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76075"
},
{
"db": "VULMON",
"id": "CVE-2014-8130"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008536"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-711"
},
{
"db": "NVD",
"id": "CVE-2014-8130"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither. LibTIFF Contains a vulnerability related to division by zero.Service operation interruption (DoS) There is a possibility of being put into a state. LibTIFF is prone to a denial-of-service vulnerability. \nSuccessful exploits may allow attackers to crash the affected application, denying service to legitimate users. A denial of service vulnerability exists in Silicon Graphics LibTiff prior to 4.0.3. ============================================================================\nUbuntu Security Notice USN-2553-2\nApril 01, 2015\n\ntiff regression\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nUSN-2553-1 introduced a regression in LibTIFF. One of the security fixes\ncaused a regression when saving certain TIFF files with a Predictor tag. \nThe problematic patch has been temporarily backed out until a more complete\nfix is available. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\n William Robinet discovered that LibTIFF incorrectly handled certain\n malformed images. (CVE-2014-8127, CVE-2014-8128, CVE-2014-8129,\n CVE-2014-8130)\n Paris Zoumpouloglou discovered that LibTIFF incorrectly handled certain\n malformed BMP images. (CVE-2014-9655)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.10:\n libtiff5 4.0.3-10ubuntu0.2\n\nUbuntu 14.04 LTS:\n libtiff5 4.0.3-7ubuntu0.3\n\nUbuntu 12.04 LTS:\n libtiff4 3.9.5-2ubuntu1.8\n\nUbuntu 10.04 LTS:\n libtiff4 3.9.2-2ubuntu0.16\n\nIn general, a standard system update will make all the necessary changes. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: libtiff security update\nAdvisory ID: RHSA-2016:1546-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-1546.html\nIssue date: 2016-08-02\nCVE Names: CVE-2014-8127 CVE-2014-8129 CVE-2014-8130 \n CVE-2014-9330 CVE-2014-9655 CVE-2015-1547 \n CVE-2015-7554 CVE-2015-8665 CVE-2015-8668 \n CVE-2015-8683 CVE-2015-8781 CVE-2015-8782 \n CVE-2015-8783 CVE-2015-8784 CVE-2016-3632 \n CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 \n CVE-2016-5320 \n=====================================================================\n\n1. Summary:\n\nAn update for libtiff is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe libtiff packages contain a library of functions for manipulating Tagged\nImage File Format (TIFF) files. \n\nSecurity Fix(es):\n\n* Multiple flaws have been discovered in libtiff. (CVE-2014-9655, CVE-2015-1547,\nCVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782,\nCVE-2015-8783, CVE-2016-3990, CVE-2016-5320)\n\n* Multiple flaws have been discovered in various libtiff tools (bmp2tiff,\npal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit,\ntiff2rgba). By tricking a user into processing a specially crafted file, a\nremote attacker could exploit these flaws to cause a crash or memory\ncorruption and, possibly, execute arbitrary code with the privileges of the\nuser running the libtiff tool. (CVE-2014-8127, CVE-2014-8129,\nCVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632,\nCVE-2016-3945, CVE-2016-3991)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running applications linked against libtiff must be restarted for this\nupdate to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1177893 - CVE-2014-9330 libtiff: Out-of-bounds reads followed by a crash in bmp2tiff\n1185805 - CVE-2014-8127 libtiff: out-of-bounds read with malformed TIFF image in multiple tools\n1185815 - CVE-2014-8129 libtiff: out-of-bounds read/write with malformed TIFF image in tiff2pdf\n1185817 - CVE-2014-8130 libtiff: divide by zero in the tiffdither tool\n1190703 - CVE-2014-9655 libtiff: use of uninitialized memory in putcontig8bitYCbCr21tile and NeXTDecode\n1190709 - CVE-2015-1547 libtiff: use of uninitialized memory in NeXTDecode\n1294417 - CVE-2015-7554 libtiff: Invalid-write in _TIFFVGetField() when parsing some extension tags\n1294425 - CVE-2015-8668 libtiff: OOB read in bmp2tiff\n1294427 - CVE-2015-8683 libtiff: Out-of-bounds when reading CIE Lab image format files\n1294444 - CVE-2015-8665 libtiff: Out-of-bounds read in tif_getimage.c\n1301649 - CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 libtiff: invalid assertion\n1301652 - CVE-2015-8784 libtiff: out-of-bound write in NeXTDecode()\n1325093 - CVE-2016-3945 libtiff: out-of-bounds write in the tiff2rgba tool\n1325095 - CVE-2016-3632 libtiff: out-of-bounds write in _TIFFVGetField function\n1326246 - CVE-2016-3990 libtiff: out-of-bounds write in horizontalDifference8()\n1326249 - CVE-2016-3991 libtiff: out-of-bounds write in loadImage() function\n1346687 - CVE-2016-5320 libtiff: Out-of-bounds write in PixarLogDecode() function in tif_pixarlog.c\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nlibtiff-4.0.3-25.el7_2.src.rpm\n\nx86_64:\nlibtiff-4.0.3-25.el7_2.i686.rpm\nlibtiff-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-devel-4.0.3-25.el7_2.i686.rpm\nlibtiff-devel-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-static-4.0.3-25.el7_2.i686.rpm\nlibtiff-static-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-tools-4.0.3-25.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nlibtiff-4.0.3-25.el7_2.src.rpm\n\nx86_64:\nlibtiff-4.0.3-25.el7_2.i686.rpm\nlibtiff-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-devel-4.0.3-25.el7_2.i686.rpm\nlibtiff-devel-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-static-4.0.3-25.el7_2.i686.rpm\nlibtiff-static-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-tools-4.0.3-25.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nlibtiff-4.0.3-25.el7_2.src.rpm\n\nppc64:\nlibtiff-4.0.3-25.el7_2.ppc.rpm\nlibtiff-4.0.3-25.el7_2.ppc64.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.ppc.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.ppc64.rpm\nlibtiff-devel-4.0.3-25.el7_2.ppc.rpm\nlibtiff-devel-4.0.3-25.el7_2.ppc64.rpm\n\nppc64le:\nlibtiff-4.0.3-25.el7_2.ppc64le.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.ppc64le.rpm\nlibtiff-devel-4.0.3-25.el7_2.ppc64le.rpm\n\ns390x:\nlibtiff-4.0.3-25.el7_2.s390.rpm\nlibtiff-4.0.3-25.el7_2.s390x.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.s390.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.s390x.rpm\nlibtiff-devel-4.0.3-25.el7_2.s390.rpm\nlibtiff-devel-4.0.3-25.el7_2.s390x.rpm\n\nx86_64:\nlibtiff-4.0.3-25.el7_2.i686.rpm\nlibtiff-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-devel-4.0.3-25.el7_2.i686.rpm\nlibtiff-devel-4.0.3-25.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nlibtiff-debuginfo-4.0.3-25.el7_2.ppc.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.ppc64.rpm\nlibtiff-static-4.0.3-25.el7_2.ppc.rpm\nlibtiff-static-4.0.3-25.el7_2.ppc64.rpm\nlibtiff-tools-4.0.3-25.el7_2.ppc64.rpm\n\nppc64le:\nlibtiff-debuginfo-4.0.3-25.el7_2.ppc64le.rpm\nlibtiff-static-4.0.3-25.el7_2.ppc64le.rpm\nlibtiff-tools-4.0.3-25.el7_2.ppc64le.rpm\n\ns390x:\nlibtiff-debuginfo-4.0.3-25.el7_2.s390.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.s390x.rpm\nlibtiff-static-4.0.3-25.el7_2.s390.rpm\nlibtiff-static-4.0.3-25.el7_2.s390x.rpm\nlibtiff-tools-4.0.3-25.el7_2.s390x.rpm\n\nx86_64:\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-static-4.0.3-25.el7_2.i686.rpm\nlibtiff-static-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-tools-4.0.3-25.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nlibtiff-4.0.3-25.el7_2.src.rpm\n\nx86_64:\nlibtiff-4.0.3-25.el7_2.i686.rpm\nlibtiff-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-devel-4.0.3-25.el7_2.i686.rpm\nlibtiff-devel-4.0.3-25.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nlibtiff-debuginfo-4.0.3-25.el7_2.i686.rpm\nlibtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-static-4.0.3-25.el7_2.i686.rpm\nlibtiff-static-4.0.3-25.el7_2.x86_64.rpm\nlibtiff-tools-4.0.3-25.el7_2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-8127\nhttps://access.redhat.com/security/cve/CVE-2014-8129\nhttps://access.redhat.com/security/cve/CVE-2014-8130\nhttps://access.redhat.com/security/cve/CVE-2014-9330\nhttps://access.redhat.com/security/cve/CVE-2014-9655\nhttps://access.redhat.com/security/cve/CVE-2015-1547\nhttps://access.redhat.com/security/cve/CVE-2015-7554\nhttps://access.redhat.com/security/cve/CVE-2015-8665\nhttps://access.redhat.com/security/cve/CVE-2015-8668\nhttps://access.redhat.com/security/cve/CVE-2015-8683\nhttps://access.redhat.com/security/cve/CVE-2015-8781\nhttps://access.redhat.com/security/cve/CVE-2015-8782\nhttps://access.redhat.com/security/cve/CVE-2015-8783\nhttps://access.redhat.com/security/cve/CVE-2015-8784\nhttps://access.redhat.com/security/cve/CVE-2016-3632\nhttps://access.redhat.com/security/cve/CVE-2016-3945\nhttps://access.redhat.com/security/cve/CVE-2016-3990\nhttps://access.redhat.com/security/cve/CVE-2016-3991\nhttps://access.redhat.com/security/cve/CVE-2016-5320\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXoNKIXlSAg2UNWIIRAn0mAJ49V9uRtJCn4vAWPIfVZ3ptCa4NDQCbBuTb\nH5YX3gD3gJu8C4EadiP+wtg=\n=Z4gh\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8127\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8128\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8129\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8130\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9655\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1547\n http://advisories.mageia.org/MGASA-2015-0112.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 17de6bd824adefbdae0ff3c563d63269 mbs2/x86_64/lib64tiff5-4.0.4-0.1.mbs2.x86_64.rpm\n f54719a7fc450ee6d6f755276d9e2724 mbs2/x86_64/lib64tiff-devel-4.0.4-0.1.mbs2.x86_64.rpm\n 919f8e9c688aa4341e3e5a0beec9d845 mbs2/x86_64/lib64tiff-static-devel-4.0.4-0.1.mbs2.x86_64.rpm\n f144bb33e2e10f9290851a5c8154660c mbs2/x86_64/libtiff-progs-4.0.4-0.1.mbs2.x86_64.rpm \n 74ddb4270be8dac262dce7cb8e33f2b6 mbs2/SRPMS/libtiff-4.0.4-0.1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVGACNmqjQ0CJFipgRAqWHAKCMsgmTovS2eO9vgejrPl3VxblviwCfdmYA\ngzHy/Xg9PwU1pycCt9bn7Xg=\n=Qxp+\n-----END PGP SIGNATURE-----\n. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201701-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: libTIFF: Multiple vulnerabilities\n Date: January 09, 2017\n Bugs: #484542, #534108, #538318, #561880, #572876, #585274,\n #585508, #599746\n ID: 201701-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in libTIFF, the worst of which\nmay allow execution of arbitrary code. It is called by numerous programs, including GNOME\nand KDE applications, to interpret TIFF images. Please review\nthe CVE identifier and bug reports referenced for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll libTIFF users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=media-libs/tiff-4.0.7\"\n\nReferences\n==========\n\n[ 1 ] CVE-2013-4243\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4243\n[ 2 ] CVE-2014-8127\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8127\n[ 3 ] CVE-2014-8128\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8128\n[ 4 ] CVE-2014-8129\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8129\n[ 5 ] CVE-2014-8130\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8130\n[ 6 ] CVE-2014-9330\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9330\n[ 7 ] CVE-2014-9655\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9655\n[ 8 ] CVE-2015-1547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1547\n[ 9 ] CVE-2015-7313\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7313\n[ 10 ] CVE-2015-7554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7554\n[ 11 ] CVE-2015-8665\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8665\n[ 12 ] CVE-2015-8668\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8668\n[ 13 ] CVE-2015-8683\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8683\n[ 14 ] CVE-2015-8781\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8781\n[ 15 ] CVE-2015-8782\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8782\n[ 16 ] CVE-2015-8783\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8783\n[ 17 ] CVE-2015-8784\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8784\n[ 18 ] CVE-2016-3186\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3186\n[ 19 ] CVE-2016-3619\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3619\n[ 20 ] CVE-2016-3620\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3620\n[ 21 ] CVE-2016-3621\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3621\n[ 22 ] CVE-2016-3622\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3622\n[ 23 ] CVE-2016-3623\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3623\n[ 24 ] CVE-2016-3624\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3624\n[ 25 ] CVE-2016-3625\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3625\n[ 26 ] CVE-2016-3631\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3631\n[ 27 ] CVE-2016-3632\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3632\n[ 28 ] CVE-2016-3633\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3633\n[ 29 ] CVE-2016-3634\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3634\n[ 30 ] CVE-2016-3658\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3658\n[ 31 ] CVE-2016-3945\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3945\n[ 32 ] CVE-2016-3990\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3990\n[ 33 ] CVE-2016-3991\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3991\n[ 34 ] CVE-2016-5102\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5102\n[ 35 ] CVE-2016-5314\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5314\n[ 36 ] CVE-2016-5315\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5315\n[ 37 ] CVE-2016-5316\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5316\n[ 38 ] CVE-2016-5317\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5317\n[ 39 ] CVE-2016-5318\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5318\n[ 40 ] CVE-2016-5319\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5319\n[ 41 ] CVE-2016-5320\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5320\n[ 42 ] CVE-2016-5321\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5321\n[ 43 ] CVE-2016-5322\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5322\n[ 44 ] CVE-2016-5323\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5323\n[ 45 ] CVE-2016-5652\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5652\n[ 46 ] CVE-2016-5875\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5875\n[ 47 ] CVE-2016-6223\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6223\n[ 48 ] CVE-2016-8331\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8331\n[ 49 ] CVE-2016-9273\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9273\n[ 50 ] CVE-2016-9297\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9297\n[ 51 ] CVE-2016-9318\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9318\n[ 52 ] CVE-2016-9448\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9448\n[ 53 ] CVE-2016-9453\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9453\n[ 54 ] CVE-2016-9532\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9532\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201701-16\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n--WUa5dgL7FmU1aSF31hCrUKc2JiSevbqka--\n\n. 6) - i386, x86_64\n\n3",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8130"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008536"
},
{
"db": "BID",
"id": "72353"
},
{
"db": "VULHUB",
"id": "VHN-76075"
},
{
"db": "VULMON",
"id": "CVE-2014-8130"
},
{
"db": "PACKETSTORM",
"id": "131257"
},
{
"db": "PACKETSTORM",
"id": "138137"
},
{
"db": "PACKETSTORM",
"id": "131226"
},
{
"db": "PACKETSTORM",
"id": "131177"
},
{
"db": "PACKETSTORM",
"id": "140402"
},
{
"db": "PACKETSTORM",
"id": "138138"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8130",
"trust": 3.5
},
{
"db": "BID",
"id": "72353",
"trust": 2.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2015/01/24/15",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1032760",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008536",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201501-711",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "29124",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "131257",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-76075",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-8130",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "138137",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131226",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131177",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140402",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "138138",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76075"
},
{
"db": "VULMON",
"id": "CVE-2014-8130"
},
{
"db": "BID",
"id": "72353"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008536"
},
{
"db": "PACKETSTORM",
"id": "131257"
},
{
"db": "PACKETSTORM",
"id": "138137"
},
{
"db": "PACKETSTORM",
"id": "131226"
},
{
"db": "PACKETSTORM",
"id": "131177"
},
{
"db": "PACKETSTORM",
"id": "140402"
},
{
"db": "PACKETSTORM",
"id": "138138"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-711"
},
{
"db": "NVD",
"id": "CVE-2014-8130"
}
]
},
"id": "VAR-201803-0099",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-76075"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:49:16.122000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT204941",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht204941"
},
{
"title": "HT204942",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht204942"
},
{
"title": "HT204941",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht204941"
},
{
"title": "HT204942",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht204942"
},
{
"title": "* libtiff/tif_{unix,vms,win32}.c (_TIFFmalloc):",
"trust": 0.8,
"url": "https://github.com/vadz/libtiff/commit/3c5eb8b1be544e41d2c336191bc4936300ad7543"
},
{
"title": "Bug 1185817",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185817"
},
{
"title": "RHSA-2016:1546",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1546.html"
},
{
"title": "RHSA-2016:1547",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1547.html"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2014-8130"
},
{
"title": "Ubuntu Security Notice: tiff vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2553-1"
},
{
"title": "Ubuntu Security Notice: tiff regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2553-2"
},
{
"title": "Debian CVElist Bug Report Logs: tiff: CVE-2014-8127 CVE-2014-8128 CVE-2014-8130",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=b9d749356a17e64ae08267d2b44915c1"
},
{
"title": "Apple: OS X Yosemite v10.10.4 and Security Update 2015-005",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=50398602701d671602946005c7864211"
},
{
"title": "Amazon Linux AMI: ALAS-2016-733",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-733"
},
{
"title": "Arch Linux Advisories: [ASA-201611-26] libtiff: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201611-26"
},
{
"title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=6c15273f6bf4a785175f27073b98a1ce"
},
{
"title": "Arch Linux Advisories: [ASA-201611-27] lib32-libtiff: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201611-27"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=0bd8c924b56aac98dda0f5b45f425f38"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6283337cd31f81f24d445925f2138c0e"
},
{
"title": "afl-cve",
"trust": 0.1,
"url": "https://github.com/mrash/afl-cve "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-8130"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008536"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-369",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76075"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008536"
},
{
"db": "NVD",
"id": "CVE-2014-8130"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2483"
},
{
"trust": 2.1,
"url": "http://www.conostix.com/pub/adv/cve-2014-8130-libtiff-division_by_zero.txt"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/72353"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00001.html"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html"
},
{
"trust": 1.8,
"url": "http://openwall.com/lists/oss-security/2015/01/24/15"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht204941"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht204942"
},
{
"trust": 1.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185817"
},
{
"trust": 1.8,
"url": "https://github.com/vadz/libtiff/commit/3c5eb8b1be544e41d2c336191bc4936300ad7543"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8130"
},
{
"trust": 1.3,
"url": "https://security.gentoo.org/glsa/201701-16"
},
{
"trust": 1.3,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1546.html"
},
{
"trust": 1.3,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1547.html"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1032760"
},
{
"trust": 0.9,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8130"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9655"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/29124"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9330"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8127"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8129"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1547"
},
{
"trust": 0.3,
"url": "http://www.libtiff.org/"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024132"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024193"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3632"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8668"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8783"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7554"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8665"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8782"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8781"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8784"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8683"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8128"
},
{
"trust": 0.2,
"url": "http://www.ubuntu.com/usn/usn-2553-1"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-8129"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-9330"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-3991"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-8665"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-8683"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-3632"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-3945"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-8782"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3945"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-8127"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-8784"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-8781"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5320"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-9655"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-5320"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3990"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3991"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-8783"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-8130"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-1547"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-3990"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-7554"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-8668"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/369.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://security.archlinux.org/cve-2014-8130"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2553-1/"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39581"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1439186"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tiff/4.0.3-7ubuntu0.3"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-2553-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tiff/3.9.5-2ubuntu1.8"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tiff/4.0.3-10ubuntu0.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tiff/3.9.2-2ubuntu0.16"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tiff/3.9.2-2ubuntu0.15"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tiff/4.0.3-7ubuntu0.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tiff/3.9.5-2ubuntu1.7"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tiff/4.0.3-10ubuntu0.1"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8127"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2015-0112.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8129"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8128"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9655"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1547"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3625"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6223"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7313"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3990"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5319"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8127"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3619"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3634"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5321"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8783"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9655"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3633"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8782"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3632"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7554"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5875"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3622"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3631"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8784"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3624"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3623"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5314"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-8331"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3624"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4243"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1547"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5317"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3631"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9330"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3620"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9453"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3620"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9273"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8129"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8128"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5316"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5652"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3991"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3621"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3186"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3623"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9448"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5315"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3186"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3622"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5102"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3658"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5323"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8130"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5322"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3625"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8665"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5318"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3945"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3619"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3633"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8668"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5320"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8683"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7313"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9532"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4243"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76075"
},
{
"db": "VULMON",
"id": "CVE-2014-8130"
},
{
"db": "BID",
"id": "72353"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008536"
},
{
"db": "PACKETSTORM",
"id": "131257"
},
{
"db": "PACKETSTORM",
"id": "138137"
},
{
"db": "PACKETSTORM",
"id": "131226"
},
{
"db": "PACKETSTORM",
"id": "131177"
},
{
"db": "PACKETSTORM",
"id": "140402"
},
{
"db": "PACKETSTORM",
"id": "138138"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-711"
},
{
"db": "NVD",
"id": "CVE-2014-8130"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-76075"
},
{
"db": "VULMON",
"id": "CVE-2014-8130"
},
{
"db": "BID",
"id": "72353"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008536"
},
{
"db": "PACKETSTORM",
"id": "131257"
},
{
"db": "PACKETSTORM",
"id": "138137"
},
{
"db": "PACKETSTORM",
"id": "131226"
},
{
"db": "PACKETSTORM",
"id": "131177"
},
{
"db": "PACKETSTORM",
"id": "140402"
},
{
"db": "PACKETSTORM",
"id": "138138"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-711"
},
{
"db": "NVD",
"id": "CVE-2014-8130"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-12T00:00:00",
"db": "VULHUB",
"id": "VHN-76075"
},
{
"date": "2018-03-12T00:00:00",
"db": "VULMON",
"id": "CVE-2014-8130"
},
{
"date": "2015-01-24T00:00:00",
"db": "BID",
"id": "72353"
},
{
"date": "2018-04-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008536"
},
{
"date": "2015-04-02T00:39:26",
"db": "PACKETSTORM",
"id": "131257"
},
{
"date": "2016-08-02T23:00:03",
"db": "PACKETSTORM",
"id": "138137"
},
{
"date": "2015-04-01T00:37:57",
"db": "PACKETSTORM",
"id": "131226"
},
{
"date": "2015-03-30T23:09:44",
"db": "PACKETSTORM",
"id": "131177"
},
{
"date": "2017-01-09T19:12:35",
"db": "PACKETSTORM",
"id": "140402"
},
{
"date": "2016-08-02T23:00:12",
"db": "PACKETSTORM",
"id": "138138"
},
{
"date": "2015-01-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-711"
},
{
"date": "2018-03-12T02:29:00.307000",
"db": "NVD",
"id": "CVE-2014-8130"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-05T00:00:00",
"db": "VULHUB",
"id": "VHN-76075"
},
{
"date": "2018-04-05T00:00:00",
"db": "VULMON",
"id": "CVE-2014-8130"
},
{
"date": "2016-09-28T01:01:00",
"db": "BID",
"id": "72353"
},
{
"date": "2018-04-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008536"
},
{
"date": "2018-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-711"
},
{
"date": "2018-04-05T21:07:22.410000",
"db": "NVD",
"id": "CVE-2014-8130"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "138137"
},
{
"db": "PACKETSTORM",
"id": "131226"
},
{
"db": "PACKETSTORM",
"id": "138138"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-711"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LibTIFF Vulnerable to division by zero",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008536"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-711"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.