CVE-2014-8127

CVE Details

Release Date:2014-12-07

Description


LibTIFF 4.0.3 allows remote attackers to cause a denial of service(out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.

See more information about CVE-2014-8127 from MITRE CVE dictionary and NIST NVD


CVSS v2.0 metrics


NOTE: The following CVSS v2.0 metrics and score provided are preliminary and subject to review.

Base Score: 3.6 Base Metrics: AV:L/AC:L/Au:N/C:P/I:N/A:P
Access Vector: Local network Attack Complexity: Low
Authentication: None required Confidentiality Impact: Partial
Integrity Impact: None Availability Impact: Partial

Errata information


PlatformErrataRelease Date
Oracle Linux version 6 (libtiff)ELSA-2016-15472016-08-02
Oracle Linux version 7 (libtiff)ELSA-2016-15462016-08-02
Oracle VM version 3.3 (libtiff)OVMSA-2016-00932016-08-02
Oracle VM version 3.4 (libtiff)OVMSA-2016-00932016-08-02



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete