CVE-2014-8129

LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c.

Published: Mar 12, 2018
Updated: Apr 13, 2023
CVE: CVE-2014-8129
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
libtiff / libtiff	4.0.3	4.0.3.x
debian / debian_linux	7.0	7.0.x
redhat / enterprise_linux_server_aus	7.2	7.2.x
redhat / enterprise_linux_server_tus	7.2	7.2.x
redhat / enterprise_linux_server	7.0	7.0.x
redhat / enterprise_linux_server_eus	7.2	7.2.x
redhat / enterprise_linux_server	6.0	6.0.x
redhat / enterprise_linux_server_tus	7.3	7.3.x
redhat / enterprise_linux_server_aus	7.3	7.3.x
redhat / enterprise_linux_server_aus	7.4	7.4.x
redhat / enterprise_linux_server_eus	7.3	7.3.x
redhat / enterprise_linux_server_eus	7.4	7.4.x
apple / mac_os_x	10.10.0	10.10.0.x
apple / mac_os_x	10.10.1	10.10.1.x
apple / mac_os_x	10.9.5	10.9.5.x
apple / mac_os_x	10.10.3	10.10.3.x
apple / mac_os_x	10.10.2	10.10.2.x
apple / mac_os_x	10.8.5	10.8.5.x

Vulnerability Database

289,599

CVE-2014-8129