CVE-2014-8130

The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.

Published: Mar 12, 2018
Updated: Nov 9, 2025
CVE: CVE-2014-8130
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

CWEs:

CWE-369

Affected Software
References

Software	From	Fixed in
libtiff / libtiff	4.0.3	4.0.3.x
redhat / enterprise_linux_desktop	7.0	7.0.x
redhat / enterprise_linux_server_aus	7.2	7.2.x
redhat / enterprise_linux_workstation	7.0	7.0.x
redhat / enterprise_linux_server_tus	7.2	7.2.x
redhat / enterprise_linux_server	7.0	7.0.x
redhat / enterprise_linux_server_eus	7.2	7.2.x
redhat / enterprise_linux_desktop	6.0	6.0.x
redhat / enterprise_linux_server	6.0	6.0.x
redhat / enterprise_linux_workstation	6.0	6.0.x
redhat / enterprise_linux_server_tus	7.3	7.3.x
redhat / enterprise_linux_server_aus	7.3	7.3.x
redhat / enterprise_linux_server_aus	7.4	7.4.x
redhat / enterprise_linux_server_eus	7.3	7.3.x
redhat / enterprise_linux_server_eus	7.4	7.4.x
apple / mac_os_x	10.10.0	10.10.0.x
apple / mac_os_x	10.10.1	10.10.1.x
apple / mac_os_x	10.9.5	10.9.5.x
apple / mac_os_x	10.10.3	10.10.3.x
apple / mac_os_x	10.10.2	10.10.2.x
apple / mac_os_x	10.8.5	10.8.5.x
apple / iphone_os	-	-

Vulnerability Database

313,664

CVE-2014-8130

Deep Security Visibility Without the Complexity