REDHAT-BUG-1185815: Integer Overflow
First published: Mon Jan 26 2015(Updated: )
Out-of-bounds read/write was reported in tiff2pdf libtiff tool: - <a href="https://access.redhat.com/security/cve/CVE-2014-8129">CVE-2014-8129</a> libtiff: Out-of-bounds Read & Write in the tiff2pdf tool <a href="http://bugzilla.maptools.org/show_bug.cgi?id=2487">http://bugzilla.maptools.org/show_bug.cgi?id=2487</a> - <a href="https://access.redhat.com/security/cve/CVE-2014-8129">CVE-2014-8129</a> libtiff: Out-of-bounds Read & Write in the tiff2pdf tool <a href="http://bugzilla.maptools.org/show_bug.cgi?id=2488">http://bugzilla.maptools.org/show_bug.cgi?id=2488</a> Above upstream bugs were fixed by the below commits: 2014-12-21 Even Rouault <even.rouault> * libtiff/tif_next.c: check that BitsPerSample = 2. Fixes <a href="http://bugzilla.maptools.org/show_bug.cgi?id=2487">http://bugzilla.maptools.org/show_bug.cgi?id=2487</a> (<a href="https://access.redhat.com/security/cve/CVE-2014-8129">CVE-2014-8129</a>) 2014-12-21 Even Rouault <even.rouault> Fix various crasher bugs on fuzzed images. * libtiff/tif_dir.c: TIFFSetField(): refuse to set negative values for TIFFTAG_XRESOLUTION and TIFFTAG_YRESOLUTION that cause asserts when writing the directory * libtiff/tif_dirread.c: TIFFReadDirectory(): refuse to read ColorMap or TransferFunction if BitsPerSample has not yet been read, otherwise reading it later will cause user code to crash if BitsPerSample > 1 * libtiff/tif_getimage.c: TIFFRGBAImageOK(): return FALSE if LOGLUV with SamplesPerPixel != 3, or if CIELAB with SamplesPerPixel != 3 or BitsPerSample != 8 * libtiff/tif_next.c: in the "run mode", use tilewidth for tiled images instead of imagewidth to avoid crash * tools/bmp2tiff.c: fix crash due to int overflow related to input BMP dimensions * tools/tiff2pdf.c: fix crash due to invalid tile count (should likely be checked by libtiff too). Detect invalid settings of BitsPerSample/SamplesPerPixel for CIELAB / ITULAB * tools/tiffcrop.c: fix crash due to invalid TileWidth/TileHeight * tools/tiffdump.c: fix crash due to overflow of entry count.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| libtiff | >=4.1.0<4.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2014-8129
- http://bugzilla.maptools.org/show_bug.cgi?id=2487
- http://bugzilla.maptools.org/show_bug.cgi?id=2488
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778923
- https://rhn.redhat.com/errata/RHSA-2016-1547.html
- https://rhn.redhat.com/errata/RHSA-2016-1546.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1185815
Frequently Asked Questions
What is the severity of REDHAT-BUG-1185815?
The severity of REDHAT-BUG-1185815 is classified as a critical vulnerability due to the potential for an out-of-bounds read/write in the libtiff tool.
How do I fix REDHAT-BUG-1185815?
To fix REDHAT-BUG-1185815, update the libtiff package to version 4.3.0 or higher.
Which software is affected by REDHAT-BUG-1185815?
REDHAT-BUG-1185815 affects the libtiff software, specifically versions between 4.1.0 and 4.3.0.
What does the vulnerability REDHAT-BUG-1185815 exploit?
The vulnerability REDHAT-BUG-1185815 exploits an out-of-bounds read/write condition in the tiff2pdf tool.
Has REDHAT-BUG-1185815 been addressed in any security updates?
Yes, REDHAT-BUG-1185815 has been addressed in subsequent security updates for the libtiff library.
- agent/type
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-8129
- agent/severity
- agent/weakness
- agent/references
- agent/first-publish-date
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/libtiff
- canonical/libtiff