[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-8130Date: (C)2018-04-06   (M)2024-04-19


The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 6.5CVSS Score : 4.3
Exploit Score: 2.8Exploit Score: 8.6
Impact Score: 3.6Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: REQUIREDConfidentiality: NONE
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: NONEAvailability: PARTIAL
Integrity: NONE 
Availability: HIGH 
  
Reference:
SECTRACK-1032760
BID-72353
APPLE-SA-2015-06-30-1
APPLE-SA-2015-06-30-2
GLSA-201701-16
RHSA-2016:1546
RHSA-2016:1547
http://openwall.com/lists/oss-security/2015/01/24/15
http://bugzilla.maptools.org/show_bug.cgi?id=2483
http://support.apple.com/kb/HT204941
http://support.apple.com/kb/HT204942
http://www.conostix.com/pub/adv/CVE-2014-8130-LibTIFF-Division_By_Zero.txt
https://bugzilla.redhat.com/show_bug.cgi?id=1185817
https://github.com/vadz/libtiff/commit/3c5eb8b1be544e41d2c336191bc4936300ad7543

CPE    13
cpe:/o:apple:mac_os_x:10.8.5
cpe:/a:libtiff:libtiff:4.0.3
cpe:/o:apple:mac_os_x:10.9.5
cpe:/o:redhat:enterprise_linux_server:6.0
...
CWE    1
CWE-369
OVAL    15
oval:org.secpod.oval:def:25258
oval:org.secpod.oval:def:24753
oval:org.secpod.oval:def:702486
oval:org.secpod.oval:def:25312
...

© SecPod Technologies