Vulnerabilities > CVE-2014-8128 - Out-of-bounds Write vulnerability in Libtiff
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-221.NASL description Several vulnerabilities have been discovered in the LibTIFF library and utilities for the Tag Image File Format. These could lead to a denial of service, information disclosure or privilege escalation. CVE-2014-8128 William Robinet discovered that out-of-bounds writes are triggered in several of the LibTIFF utilities when processing crafted TIFF files. Other applications using LibTIFF are also likely to be affected in the same way. CVE-2014-8129 William Robinet discovered that out-of-bounds reads and writes are triggered in tiff2pdf when processing crafted TIFF files. Other applications using LibTIFF are also likely to be affected in the same way. CVE-2014-9330 Paris Zoumpouloglou discovered that out-of-bounds reads and writes are triggered in bmp2tiff when processing crafted BMP files. CVE-2014-9655 Michal Zalewski discovered that out-of-bounds reads and writes are triggered in LibTIFF when processing crafted TIFF files. For the oldoldstable distribution (squeeze), these problems have been fixed in version 3.9.4-5+squeeze12. For the oldstable distribution (wheezy), these problems will be fixed soon. The stable distribution (jessie) was not affected by these problems as they were fixed before release. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2015-05-18 plugin id 83499 published 2015-05-18 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83499 title Debian DLA-221-1 : tiff security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-221-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(83499); script_version("2.11"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-8128", "CVE-2014-8129", "CVE-2014-9330", "CVE-2014-9655"); script_bugtraq_id(71789, 72326, 72352, 73441); script_name(english:"Debian DLA-221-1 : tiff security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in the LibTIFF library and utilities for the Tag Image File Format. These could lead to a denial of service, information disclosure or privilege escalation. CVE-2014-8128 William Robinet discovered that out-of-bounds writes are triggered in several of the LibTIFF utilities when processing crafted TIFF files. Other applications using LibTIFF are also likely to be affected in the same way. CVE-2014-8129 William Robinet discovered that out-of-bounds reads and writes are triggered in tiff2pdf when processing crafted TIFF files. Other applications using LibTIFF are also likely to be affected in the same way. CVE-2014-9330 Paris Zoumpouloglou discovered that out-of-bounds reads and writes are triggered in bmp2tiff when processing crafted BMP files. CVE-2014-9655 Michal Zalewski discovered that out-of-bounds reads and writes are triggered in LibTIFF when processing crafted TIFF files. For the oldoldstable distribution (squeeze), these problems have been fixed in version 3.9.4-5+squeeze12. For the oldstable distribution (wheezy), these problems will be fixed soon. The stable distribution (jessie) was not affected by these problems as they were fixed before release. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2015/05/msg00005.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze-lts/tiff" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libtiff-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libtiff-opengl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libtiff-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libtiff4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libtiff4-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libtiffxx0c2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"patch_publication_date", value:"2015/05/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"libtiff-doc", reference:"3.9.4-5+squeeze12")) flag++; if (deb_check(release:"6.0", prefix:"libtiff-opengl", reference:"3.9.4-5+squeeze12")) flag++; if (deb_check(release:"6.0", prefix:"libtiff-tools", reference:"3.9.4-5+squeeze12")) flag++; if (deb_check(release:"6.0", prefix:"libtiff4", reference:"3.9.4-5+squeeze12")) flag++; if (deb_check(release:"6.0", prefix:"libtiff4-dev", reference:"3.9.4-5+squeeze12")) flag++; if (deb_check(release:"6.0", prefix:"libtiffxx0c2", reference:"3.9.4-5+squeeze12")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-31.NASL description This update for tiff to version 4.0.9 fixes the following issues : Security issues fixed : - CVE-2014-8128: Fix out-of-bounds read with malformed TIFF image in multiple tools (bsc#969783). - CVE-2015-7554: Fix invalid write in tiffsplit / _TIFFVGetField (bsc#960341). - CVE-2016-10095: Fix stack-based buffer overflow in _TIFFVGetField (tif_dir.c) (bsc#1017690). - CVE-2016-5318: Fix stackoverflow in thumbnail (bsc#983436). - CVE-2017-16232: Fix memory-based DoS in tiff2bw (bsc#1069213). This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2018-01-16 plugin id 106060 published 2018-01-16 reporter This script is Copyright (C) 2018-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/106060 title openSUSE Security Update : tiff (openSUSE-2018-31) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2018-31. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(106060); script_version("3.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-8128", "CVE-2015-7554", "CVE-2016-10095", "CVE-2016-5318", "CVE-2017-16232"); script_name(english:"openSUSE Security Update : tiff (openSUSE-2018-31)"); script_summary(english:"Check for the openSUSE-2018-31 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for tiff to version 4.0.9 fixes the following issues : Security issues fixed : - CVE-2014-8128: Fix out-of-bounds read with malformed TIFF image in multiple tools (bsc#969783). - CVE-2015-7554: Fix invalid write in tiffsplit / _TIFFVGetField (bsc#960341). - CVE-2016-10095: Fix stack-based buffer overflow in _TIFFVGetField (tif_dir.c) (bsc#1017690). - CVE-2016-5318: Fix stackoverflow in thumbnail (bsc#983436). - CVE-2017-16232: Fix memory-based DoS in tiff2bw (bsc#1069213). This update was imported from the SUSE:SLE-12:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1017690" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1069213" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=960341" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=969783" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=983436" ); script_set_attribute(attribute:"solution", value:"Update the affected tiff packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtiff-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtiff-devel-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtiff5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtiff5-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtiff5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtiff5-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tiff"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tiff-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tiff-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3"); script_set_attribute(attribute:"patch_publication_date", value:"2018/01/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.2|SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2 / 42.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.2", reference:"libtiff-devel-4.0.9-17.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libtiff5-4.0.9-17.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libtiff5-debuginfo-4.0.9-17.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"tiff-4.0.9-17.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"tiff-debuginfo-4.0.9-17.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"tiff-debugsource-4.0.9-17.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libtiff-devel-32bit-4.0.9-17.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libtiff5-32bit-4.0.9-17.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libtiff5-debuginfo-32bit-4.0.9-17.9.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libtiff-devel-4.0.9-24.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libtiff5-4.0.9-24.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libtiff5-debuginfo-4.0.9-24.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"tiff-4.0.9-24.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"tiff-debuginfo-4.0.9-24.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"tiff-debugsource-4.0.9-24.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libtiff-devel-32bit-4.0.9-24.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libtiff5-32bit-4.0.9-24.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libtiff5-debuginfo-32bit-4.0.9-24.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtiff-devel-32bit / libtiff-devel / libtiff5-32bit / libtiff5 / etc"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1835-1.NASL description This update for tiff fixes the following security issues : - CVE-2017-5225: Prevent heap buffer overflow in the tools/tiffcp that could have caused DoS or code execution via a crafted BitsPerSample value (bsc#1019611) - CVE-2018-7456: Prevent a NULL pointer dereference in the function TIFFPrintDirectory when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013 (bsc#1082825) - CVE-2017-11613: Prevent denial of service in the TIFFOpen function. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If the value of td_imagelength is set close to the amount of system memory, it will hang the system or trigger the OOM killer (bsc#1082332) - CVE-2016-10266: Prevent remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22 (bsc#1031263) - CVE-2018-8905: Prevent heap-based buffer overflow in the function LZWDecodeCompat via a crafted TIFF file (bsc#1086408) - CVE-2016-9540: Prevent out-of-bounds write on tiled images with odd tile width versus image width (bsc#1011839). - CVE-2016-9535: tif_predict.h and tif_predict.c had assertions that could have lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling (bsc#1011846). - CVE-2016-9535: tif_predict.h and tif_predict.c had assertions that could have lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling (bsc#1011846). - Removed assert in readSeparateTilesIntoBuffer() function (bsc#1017689). - CVE-2016-10095: Prevent stack-based buffer overflow in the _TIFFVGetField function that allowed remote attackers to cause a denial of service (crash) via a crafted TIFF file (bsc#1017690). - CVE-2016-8331: Prevent remote code execution because of incorrect handling of TIFF images. A crafted TIFF document could have lead to a type confusion vulnerability resulting in remote code execution. This vulnerability could have been be triggered via a TIFF file delivered to the application using LibTIFF last seen 2020-06-01 modified 2020-06-02 plugin id 110803 published 2018-06-29 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110803 title SUSE SLES11 Security Update : tiff (SUSE-SU-2018:1835-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0073-1.NASL description This update for tiff to version 4.0.9 fixes the following issues: Security issues fixed : - CVE-2014-8128: Fix out-of-bounds read with malformed TIFF image in multiple tools (bsc#969783). - CVE-2015-7554: Fix invalid write in tiffsplit / _TIFFVGetField (bsc#960341). - CVE-2016-10095: Fix stack-based buffer overflow in _TIFFVGetField (tif_dir.c) (bsc#1017690). - CVE-2016-5318: Fix stackoverflow in thumbnail (bsc#983436). - CVE-2017-16232: Fix memory-based DoS in tiff2bw (bsc#1069213). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 106043 published 2018-01-15 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106043 title SUSE SLED12 / SLES12 Security Update : tiff (SUSE-SU-2018:0073-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3273.NASL description William Robinet and Michal Zalewski discovered multiple vulnerabilities in the TIFF library and its tools, which may result in denial of service or the execution of arbitrary code if a malformed TIFF file is processed. last seen 2020-06-01 modified 2020-06-02 plugin id 83820 published 2015-05-27 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83820 title Debian DSA-3273-1 : tiff - security update NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-1475-1.NASL description LibTiff was updated to the 4.0.4 stable release fixing various security issues and bugs. These security issues were fixed : - CVE-2014-8127: Out-of-bounds write (bnc#914890). - CVE-2014-8128: Out-of-bounds write (bnc#914890). - CVE-2014-8129: Out-of-bounds write (bnc#914890). - CVE-2014-8130: Out-of-bounds write (bnc#914890). - CVE-2014-9655: Access of uninitialized memory (bnc#916927). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 85762 published 2015-09-03 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85762 title SUSE SLED12 / SLES12 Security Update : tiff (SUSE-SU-2015:1475-1) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-610.NASL description Version 3.9.6-11+deb7u1 and 3.9.6-11+deb7u2 introduced changes that resulted in libtiff writing out invalid tiff files when the compression scheme in use relies on codec-specific TIFF tags embedded in the image. For Debian 7 last seen 2020-03-17 modified 2016-09-06 plugin id 93322 published 2016-09-06 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93322 title Debian DLA-610-2 : tiff3 regression update NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-207.NASL description LibTIFF was updated fix various security issues that could lead to crashes of the image decoder. (CVE-2014-9655, CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130, CVE-2015-1547) last seen 2020-06-05 modified 2015-03-10 plugin id 81719 published 2015-03-10 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81719 title openSUSE Security Update : tiff (openSUSE-2015-207) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2017-324-01.NASL description New libtiff packages are available for Slackware 14.2 and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 104702 published 2017-11-21 reporter This script is Copyright (C) 2017 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/104702 title Slackware 14.2 / current : libtiff (SSA:2017-324-01) NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-1420-1.NASL description tiff was updated to fix six security issues found by fuzzing initiatives. These security issues were fixed : - CVE-2014-8127: Out-of-bounds write (bnc#914890). - CVE-2014-8128: Out-of-bounds write (bnc#914890). - CVE-2014-8129: Out-of-bounds write (bnc#914890). - CVE-2014-8130: Out-of-bounds write (bnc#914890). - CVE-2014-9655: Access of uninitialized memory (bnc#916927). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 85597 published 2015-08-24 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85597 title SUSE SLED11 / SLES11 Security Update : tiff (SUSE-SU-2015:1420-1) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-147.NASL description Updated libtiff packages fix security vulnerabilities : The libtiff image decoder library contains several issues that could cause the decoder to crash when reading crafted TIFF images (CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130, CVE-2014-9655, CVE-2015-1547). last seen 2020-06-01 modified 2020-06-02 plugin id 82400 published 2015-03-30 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82400 title Mandriva Linux Security Advisory : libtiff (MDVSA-2015:147-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2553-2.NASL description USN-2553-1 fixed vulnerabilities in LibTIFF. One of the security fixes caused a regression when saving certain TIFF files with a Predictor tag. The problematic patch has been temporarily backed out until a more complete fix is available. We apologize for the inconvenience. William Robinet discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130) Paris Zoumpouloglou discovered that LibTIFF incorrectly handled certain malformed BMP images. If a user or automated system were tricked into opening a specially crafted BMP image, a remote attacker could crash the application, leading to a denial of service. (CVE-2014-9330) Michal Zalewski discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2014-9655). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 82525 published 2015-04-02 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82525 title Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : tiff regression (USN-2553-2) NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-476.NASL description tiff was updated to version 4.0.4 to fix six security issues found by fuzzing initiatives. These security issues were fixed : - CVE-2014-8127: Out-of-bounds write (bnc#914890). - CVE-2014-9655: Access of uninitialized memory (bnc#916927). - CVE-2014-8130: Out-of-bounds write (bnc#914890). - CVE-2015-1547: Use of uninitialized memory in NeXTDecode (bnc#916925). - CVE-2014-8129: Out-of-bounds write (bnc#914890). - CVE-2014-8128: Out-of-bounds write (bnc#914890). last seen 2020-06-05 modified 2015-07-13 plugin id 84655 published 2015-07-13 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84655 title openSUSE Security Update : tiff (openSUSE-2015-476) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2553-1.NASL description William Robinet discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130) Paris Zoumpouloglou discovered that LibTIFF incorrectly handled certain malformed BMP images. If a user or automated system were tricked into opening a specially crafted BMP image, a remote attacker could crash the application, leading to a denial of service. (CVE-2014-9330) Michal Zalewski discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2014-9655). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 82497 published 2015-04-01 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82497 title Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : tiff vulnerabilities (USN-2553-1) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-693.NASL description Version 4.0.2-6+deb7u7 introduced changes that resulted in libtiff being unable to write out tiff files when the compression scheme in use relies on codec-specific TIFF tags embedded in the image. This problem manifested itself with errors like those: $ tiffcp -r 16 -c jpeg sample.tif out.tif _TIFFVGetField: out.tif: Invalid tag last seen 2020-03-17 modified 2016-11-03 plugin id 94474 published 2016-11-03 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94474 title Debian DLA-693-2 : tiff regression update NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201701-16.NASL description The remote host is affected by the vulnerability described in GLSA-201701-16 (libTIFF: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libTIFF. Please review the CVE identifier and bug reports referenced for details. Impact : A remote attacker could entice a user to process a specially crafted image file, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 96373 published 2017-01-10 reporter This script is Copyright (C) 2017 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/96373 title GLSA-201701-16 : libTIFF: Multiple vulnerabilities
References
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
- http://openwall.com/lists/oss-security/2015/01/24/15
- http://support.apple.com/kb/HT204941
- http://support.apple.com/kb/HT204942
- http://www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt
- https://bugzilla.redhat.com/show_bug.cgi?id=1185812