REDHAT-BUG-1185812: Integer Overflow
First published: Mon Jan 26 2015(Updated: )
Multiple out-of-bounds writes were reported in various libtiff tools: - <a href="https://access.redhat.com/security/cve/CVE-2014-8128">CVE-2014-8128</a> libtiff: Out-of-bounds Write in the thumbnail tool <a href="http://bugzilla.maptools.org/show_bug.cgi?id=2489">http://bugzilla.maptools.org/show_bug.cgi?id=2489</a> - <a href="https://access.redhat.com/security/cve/CVE-2014-8128">CVE-2014-8128</a> libtiff: Out-of-bounds Write in the tiffdither tool <a href="http://bugzilla.maptools.org/show_bug.cgi?id=2490">http://bugzilla.maptools.org/show_bug.cgi?id=2490</a> - <a href="https://access.redhat.com/security/cve/CVE-2014-8128">CVE-2014-8128</a> libtiff: Out-of-bounds Write in the tiffdither tool <a href="http://bugzilla.maptools.org/show_bug.cgi?id=2491">http://bugzilla.maptools.org/show_bug.cgi?id=2491</a> - <a href="https://access.redhat.com/security/cve/CVE-2014-8128">CVE-2014-8128</a> libtiff: Out-of-bounds Write in the tiffdither tool <a href="http://bugzilla.maptools.org/show_bug.cgi?id=2492">http://bugzilla.maptools.org/show_bug.cgi?id=2492</a> - <a href="https://access.redhat.com/security/cve/CVE-2014-8128">CVE-2014-8128</a> libtiff: Out-of-bounds Write in the thumbnail and tiffcmp tools <a href="http://bugzilla.maptools.org/show_bug.cgi?id=2493">http://bugzilla.maptools.org/show_bug.cgi?id=2493</a> - <a href="https://access.redhat.com/security/cve/CVE-2014-8128">CVE-2014-8128</a> libtiff: Out-of-bounds Write in the tiff2pdf tool <a href="http://bugzilla.maptools.org/show_bug.cgi?id=2495">http://bugzilla.maptools.org/show_bug.cgi?id=2495</a> Above upstream bugs were fixed by the below commits: 2014-12-21 Even Rouault <even.rouault> * tools/thumbnail.c: fix out-of-buffer write <a href="http://bugzilla.maptools.org/show_bug.cgi?id=2489">http://bugzilla.maptools.org/show_bug.cgi?id=2489</a> (<a href="https://access.redhat.com/security/cve/CVE-2014-8128">CVE-2014-8128</a>) 2014-12-21 Even Rouault <even.rouault> * libtiff/tif_next.c: check that BitsPerSample = 2. Fixes <a href="http://bugzilla.maptools.org/show_bug.cgi?id=2487">http://bugzilla.maptools.org/show_bug.cgi?id=2487</a> (<a href="https://access.redhat.com/security/cve/CVE-2014-8129">CVE-2014-8129</a>) 2014-12-21 Even Rouault <even.rouault> * tools/thumbnail.c, tools/tiffcmp.c: only read/write TIFFTAG_GROUP3OPTIONS or TIFFTAG_GROUP4OPTIONS if compression is COMPRESSION_CCITTFAX3 or COMPRESSION_CCITTFAX4 <a href="http://bugzilla.maptools.org/show_bug.cgi?id=2493">http://bugzilla.maptools.org/show_bug.cgi?id=2493</a> (<a href="https://access.redhat.com/security/cve/CVE-2014-8128">CVE-2014-8128</a>) 2014-12-21 Even Rouault <even.rouault> Fix various crasher bugs on fuzzed images. * libtiff/tif_dir.c: TIFFSetField(): refuse to set negative values for TIFFTAG_XRESOLUTION and TIFFTAG_YRESOLUTION that cause asserts when writing the directory * libtiff/tif_dirread.c: TIFFReadDirectory(): refuse to read ColorMap or TransferFunction if BitsPerSample has not yet been read, otherwise reading it later will cause user code to crash if BitsPerSample > 1 * libtiff/tif_getimage.c: TIFFRGBAImageOK(): return FALSE if LOGLUV with SamplesPerPixel != 3, or if CIELAB with SamplesPerPixel != 3 or BitsPerSample != 8 * libtiff/tif_next.c: in the "run mode", use tilewidth for tiled images instead of imagewidth to avoid crash * tools/bmp2tiff.c: fix crash due to int overflow related to input BMP dimensions * tools/tiff2pdf.c: fix crash due to invalid tile count (should likely be checked by libtiff too). Detect invalid settings of BitsPerSample/SamplesPerPixel for CIELAB / ITULAB * tools/tiffcrop.c: fix crash due to invalid TileWidth/TileHeight * tools/tiffdump.c: fix crash due to overflow of entry count. 2014-12-21 Even Rouault <even.rouault> * tools/tiff2pdf.c: check return code of TIFFGetField() when reading TIFFTAG_SAMPLESPERPIXEL The below bugs are not yet fixed: - <a href="https://access.redhat.com/security/cve/CVE-2014-8128">CVE-2014-8128</a> libtiff: Out-of-bounds Write in the thumbnail and tiffcmp tools <a href="http://bugzilla.maptools.org/show_bug.cgi?id=2499">http://bugzilla.maptools.org/show_bug.cgi?id=2499</a> - <a href="https://access.redhat.com/security/cve/CVE-2014-8128">CVE-2014-8128</a> libtiff: Out-of-bounds Writes in the tiffdither tool <a href="http://bugzilla.maptools.org/show_bug.cgi?id=2501">http://bugzilla.maptools.org/show_bug.cgi?id=2501</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| libtiff |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2014-8128
- http://bugzilla.maptools.org/show_bug.cgi?id=2489
- http://bugzilla.maptools.org/show_bug.cgi?id=2490
- http://bugzilla.maptools.org/show_bug.cgi?id=2491
- http://bugzilla.maptools.org/show_bug.cgi?id=2492
- http://bugzilla.maptools.org/show_bug.cgi?id=2493
- http://bugzilla.maptools.org/show_bug.cgi?id=2495
- http://bugzilla.maptools.org/show_bug.cgi?id=2487
- https://access.redhat.com/security/cve/CVE-2014-8129
- http://bugzilla.maptools.org/show_bug.cgi?id=2499
- http://bugzilla.maptools.org/show_bug.cgi?id=2501
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778923
- https://access.redhat.com/security/updates/classification/
- https://bugzilla.redhat.com/show_bug.cgi?id=1185812
Frequently Asked Questions
What is the severity of REDHAT-BUG-1185812?
The severity of REDHAT-BUG-1185812 is categorized as high due to the potential for multiple out-of-bounds write vulnerabilities.
How do I fix REDHAT-BUG-1185812?
To fix REDHAT-BUG-1185812, you should update to the latest patched version of libtiff that addresses the reported vulnerabilities.
Which libtiff tools are affected by REDHAT-BUG-1185812?
REDHAT-BUG-1185812 affects multiple tools within the libtiff suite, particularly those that handle thumbnails.
What are out-of-bounds writes in REDHAT-BUG-1185812?
Out-of-bounds writes in REDHAT-BUG-1185812 refer to vulnerabilities where the software writes data outside the allocated memory space, potentially leading to crashes or arbitrary code execution.
How can I determine if my system is vulnerable to REDHAT-BUG-1185812?
You can determine if your system is vulnerable to REDHAT-BUG-1185812 by checking the version of libtiff installed and comparing it against the fixed versions provided by the vendor.
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-8128
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/libtiff
- canonical/libtiff