CVE-2014-8128MEDIUM
Description
LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image.
References
http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
http://openwall.com/lists/oss-security/2015/01/24/15
http://support.apple.com/kb/HT204941
http://support.apple.com/kb/HT204942
http://www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt
Details
Source: MITRE
Published: 2020-02-12
Updated: 2020-02-14
Type: CWE-787
Risk Information
CVSS v2.0
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
CVSS v3.0
Base Score: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 2.8
Severity: MEDIUM
Vulnerable Software
Configuration 1
AND
OR
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 110803 | SUSE SLES11 Security Update : tiff (SUSE-SU-2018:1835-1) | Nessus | SuSE Local Security Checks | high |
| 106060 | openSUSE Security Update : tiff (openSUSE-2018-31) | Nessus | SuSE Local Security Checks | high |
| 106043 | SUSE SLED12 / SLES12 Security Update : tiff (SUSE-SU-2018:0073-1) | Nessus | SuSE Local Security Checks | high |
| 104702 | Slackware 14.2 / current : libtiff (SSA:2017-324-01) | Nessus | Slackware Local Security Checks | medium |
| 96373 | GLSA-201701-16 : libTIFF: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
| 94474 | Debian DLA-693-2 : tiff regression update | Nessus | Debian Local Security Checks | high |
| 93322 | Debian DLA-610-2 : tiff3 regression update | Nessus | Debian Local Security Checks | high |
| 8977 | Apple iOS < 8.4 Multiple Vulnerabilities | Nessus Network Monitor | Mobile Devices | high |
| 8801 | Mac OS X < 10.10.4 Multiple Vulnerabilities | Nessus Network Monitor | Operating System Detection | high |
| 85762 | SUSE SLED12 / SLES12 Security Update : tiff (SUSE-SU-2015:1475-1) | Nessus | SuSE Local Security Checks | medium |
| 85597 | SUSE SLED11 / SLES11 Security Update : tiff (SUSE-SU-2015:1420-1) | Nessus | SuSE Local Security Checks | medium |
| 84655 | openSUSE Security Update : tiff (openSUSE-2015-476) | Nessus | SuSE Local Security Checks | medium |
| 84490 | Apple iOS < 8.4 Multiple Vulnerabilities (Logjam) | Nessus | Mobile Devices | high |
| 83820 | Debian DSA-3273-1 : tiff - security update | Nessus | Debian Local Security Checks | medium |
| 83499 | Debian DLA-221-1 : tiff security update | Nessus | Debian Local Security Checks | medium |
| 82525 | Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : tiff regression (USN-2553-2) | Nessus | Ubuntu Local Security Checks | medium |
| 82497 | Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : tiff vulnerabilities (USN-2553-1) | Nessus | Ubuntu Local Security Checks | medium |
| 82400 | Mandriva Linux Security Advisory : libtiff (MDVSA-2015:147-1) | Nessus | Mandriva Local Security Checks | medium |
| 81719 | openSUSE Security Update : tiff (openSUSE-2015-207) | Nessus | SuSE Local Security Checks | medium |