U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2014-8127

Change History

CVE Modified by Red Hat, Inc. 2/02/2023 11:16:38 AM

Action Type Old Value New Value
Added CVSS V2

								
							
							
						
Red Hat, Inc. (AV:L/AC:L/Au:N/C:P/I:N/A:P)
Added CVSS V3

								
							
							
						
Red Hat, Inc. AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Changed Description
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.
CVE-2014-8127 libtiff: out-of-bounds read with malformed TIFF image in multiple tools
Added Reference

								
							
							
						
https://access.redhat.com/errata/RHSA-2016:1546 [No Types Assigned]
Added Reference

								
							
							
						
https://access.redhat.com/errata/RHSA-2016:1547 [No Types Assigned]
Added Reference

								
							
							
						
https://access.redhat.com/security/cve/CVE-2014-8127 [No Types Assigned]
Added Reference

								
							
							
						
https://bugzilla.redhat.com/show_bug.cgi?id=1185805 [No Types Assigned]