UBUNTU-CVE-2014-8127
- Source
- https://ubuntu.com/security/CVE-2014-8127
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-8127.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2014-8127
- Related
- Published
- 2014-12-31T00:00:00Z
- Modified
- 2014-12-31T00:00:00Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tifdir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tifgetimage.c in the tiff2rgba tool, LZWPreDecode function in tiflzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tifnext.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.
- References
Affected packages
Ubuntu:14.04:LTS / tiff
Package
- Name
- tiff
- Purl
- pkg:deb/ubuntu/tiff?arch=src?distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.0.3-7ubuntu0.2
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "4.0.3-7ubuntu0.2",
"binary_name": "libtiff-doc"
},
{
"binary_version": "4.0.3-7ubuntu0.2",
"binary_name": "libtiff-opengl"
},
{
"binary_version": "4.0.3-7ubuntu0.2",
"binary_name": "libtiff-tools"
},
{
"binary_version": "4.0.3-7ubuntu0.2",
"binary_name": "libtiff4-dev"
},
{
"binary_version": "4.0.3-7ubuntu0.2",
"binary_name": "libtiff5"
},
{
"binary_version": "4.0.3-7ubuntu0.2",
"binary_name": "libtiff5-alt-dev"
},
{
"binary_version": "4.0.3-7ubuntu0.2",
"binary_name": "libtiff5-dev"
},
{
"binary_version": "4.0.3-7ubuntu0.2",
"binary_name": "libtiffxx5"
}
]
}