CVE-2014-8129

Summary

CVE	CVE-2014-8129
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2018-03-12 02:29:00 UTC
Updated	2023-02-13 00:43:00 UTC
Description	LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c.

Risk And Classification

Problem Types: CWE-787

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Apple	Iphone Os	-	All	All	All
Operating System	Apple	Iphone Os	-	All	All	All
Operating System	Apple	Iphone Os	-	All	All	All
Operating System	Apple	Iphone Os	-	All	All	All
Operating System	Apple	Iphone Os	-	All	All	All
Operating System	Apple	Iphone Os	-	All	All	All
Operating System	Apple	Mac Os X	10.10.0	All	All	All
Operating System	Apple	Mac Os X	10.10.1	All	All	All
Operating System	Apple	Mac Os X	10.10.2	All	All	All
Operating System	Apple	Mac Os X	10.10.3	All	All	All
Operating System	Apple	Mac Os X	10.8.5	All	All	All
Operating System	Apple	Mac Os X	10.9.5	All	All	All
Operating System	Apple	Mac Os X	10.10.0	All	All	All
Operating System	Apple	Mac Os X	10.10.1	All	All	All
Operating System	Apple	Mac Os X	10.10.2	All	All	All
Operating System	Apple	Mac Os X	10.10.3	All	All	All
Operating System	Apple	Mac Os X	10.8.5	All	All	All
Operating System	Apple	Mac Os X	10.9.5	All	All	All
Operating System	Debian	Debian Linux	7.0	All	All	All
Operating System	Debian	Debian Linux	7.0	All	All	All
Application	Libtiff	Libtiff	4.0.3	All	All	All
Application	Libtiff	Libtiff	4.0.3	All	All	All
Operating System	Redhat	Enterprise Linux Server	6.0	All	All	All
Operating System	Redhat	Enterprise Linux Server	7.0	All	All	All
Operating System	Redhat	Enterprise Linux Server	6.0	All	All	All
Operating System	Redhat	Enterprise Linux Server	7.0	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	7.2	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	7.3	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	7.4	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	7.2	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	7.3	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	7.4	All	All	All
Operating System	Redhat	Enterprise Linux Server Eus	7.2	All	All	All
Operating System	Redhat	Enterprise Linux Server Eus	7.3	All	All	All
Operating System	Redhat	Enterprise Linux Server Eus	7.4	All	All	All
Operating System	Redhat	Enterprise Linux Server Eus	7.2	All	All	All
Operating System	Redhat	Enterprise Linux Server Eus	7.3	All	All	All
Operating System	Redhat	Enterprise Linux Server Eus	7.4	All	All	All
Operating System	Redhat	Enterprise Linux Server Tus	7.2	All	All	All
Operating System	Redhat	Enterprise Linux Server Tus	7.3	All	All	All
Operating System	Redhat	Enterprise Linux Server Tus	7.2	All	All	All
Operating System	Redhat	Enterprise Linux Server Tus	7.3	All	All	All

References

Reference	Source	Link	Tags
About the security content of OS X Yosemite v10.10.4 and Security Update 2015-005 - Apple Support	CONFIRM	support.apple.com	Third Party Advisory
APPLE-SA-2015-06-30-1 iOS 8.4	APPLE	lists.apple.com	Mailing List
LibTIFF CVE-2014-8129 Out of Bounds Read and Write Multiple Remote Denial of Service Vulnerabilities	BID	www.securityfocus.com	Third Party Advisory, VDB Entry
Bug 2487 – CVE-2014-8129 libtiff: Out-of-bounds Read & Write in the tiff2pdf tool	MISC	bugzilla.maptools.org	Exploit, Issue Tracking
Apple OS X Multiple Flaws Let Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges - SecurityTracker	SECTRACK	www.securitytracker.com	Third Party Advisory, VDB Entry
libTIFF: Multiple vulnerabilities (GLSA 201701-16) — Gentoo Security	GENTOO	security.gentoo.org	Third Party Advisory
oss-security - Multiple vulnerabilities in LibTIFF and associated tools	MLIST	openwall.com	Mailing List
APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005	APPLE	lists.apple.com	Mailing List
Red Hat Customer Portal	REDHAT	rhn.redhat.com	Third Party Advisory
Bug 2488 – CVE-2014-8129 libtiff: Out-of-bounds Read & Write in the tiff2pdf tool	MISC	bugzilla.maptools.org	Exploit, Issue Tracking
1185815 – (CVE-2014-8129) CVE-2014-8129 libtiff: out-of-bounds read/write with malformed TIFF image in tiff2pdf	CONFIRM	bugzilla.redhat.com	Issue Tracking, Patch
Red Hat Customer Portal	MISC	access.redhat.com
About the security content of iOS 8.4 - Apple Support	CONFIRM	support.apple.com	Third Party Advisory
Red Hat Customer Portal	REDHAT	rhn.redhat.com	Third Party Advisory
Red Hat Customer Portal	MISC	access.redhat.com
CVE-2014-8129 - Red Hat Customer Portal	MISC	access.redhat.com
www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt	MISC	www.conostix.com	Third Party Advisory
Debian -- Security Information -- DSA-3273-1 tiff	DEBIAN	www.debian.org	Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

710479 Gentoo Linux libTIFF Multiple Vulnerabilities (GLSA 201701-16)