Details of VAR-201803-0099

ID

VAR-201803-0099

CVE

CVE-2014-8130

TITLE

LibTIFF Vulnerable to division by zero

Trust: 0.8

sources: JVNDB: JVNDB-2014-008536

DESCRIPTION

The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither. LibTIFF Contains a vulnerability related to division by zero.Service operation interruption (DoS) There is a possibility of being put into a state. LibTIFF is prone to a denial-of-service vulnerability. Successful exploits may allow attackers to crash the affected application, denying service to legitimate users. A denial of service vulnerability exists in Silicon Graphics LibTiff prior to 4.0.3. ============================================================================ Ubuntu Security Notice USN-2553-2 April 01, 2015 tiff regression ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: USN-2553-1 introduced a regression in LibTIFF. One of the security fixes caused a regression when saving certain TIFF files with a Predictor tag. The problematic patch has been temporarily backed out until a more complete fix is available. We apologize for the inconvenience. Original advisory details: William Robinet discovered that LibTIFF incorrectly handled certain malformed images. (CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130) Paris Zoumpouloglou discovered that LibTIFF incorrectly handled certain malformed BMP images. (CVE-2014-9655) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: libtiff5 4.0.3-10ubuntu0.2 Ubuntu 14.04 LTS: libtiff5 4.0.3-7ubuntu0.3 Ubuntu 12.04 LTS: libtiff4 3.9.5-2ubuntu1.8 Ubuntu 10.04 LTS: libtiff4 3.9.2-2ubuntu0.16 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libtiff security update Advisory ID: RHSA-2016:1546-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1546.html Issue date: 2016-08-02 CVE Names: CVE-2014-8127 CVE-2014-8129 CVE-2014-8130 CVE-2014-9330 CVE-2014-9655 CVE-2015-1547 CVE-2015-7554 CVE-2015-8665 CVE-2015-8668 CVE-2015-8683 CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2015-8784 CVE-2016-3632 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5320 ===================================================================== 1. Summary: An update for libtiff is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * Multiple flaws have been discovered in libtiff. (CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320) * Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running applications linked against libtiff must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1177893 - CVE-2014-9330 libtiff: Out-of-bounds reads followed by a crash in bmp2tiff 1185805 - CVE-2014-8127 libtiff: out-of-bounds read with malformed TIFF image in multiple tools 1185815 - CVE-2014-8129 libtiff: out-of-bounds read/write with malformed TIFF image in tiff2pdf 1185817 - CVE-2014-8130 libtiff: divide by zero in the tiffdither tool 1190703 - CVE-2014-9655 libtiff: use of uninitialized memory in putcontig8bitYCbCr21tile and NeXTDecode 1190709 - CVE-2015-1547 libtiff: use of uninitialized memory in NeXTDecode 1294417 - CVE-2015-7554 libtiff: Invalid-write in _TIFFVGetField() when parsing some extension tags 1294425 - CVE-2015-8668 libtiff: OOB read in bmp2tiff 1294427 - CVE-2015-8683 libtiff: Out-of-bounds when reading CIE Lab image format files 1294444 - CVE-2015-8665 libtiff: Out-of-bounds read in tif_getimage.c 1301649 - CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 libtiff: invalid assertion 1301652 - CVE-2015-8784 libtiff: out-of-bound write in NeXTDecode() 1325093 - CVE-2016-3945 libtiff: out-of-bounds write in the tiff2rgba tool 1325095 - CVE-2016-3632 libtiff: out-of-bounds write in _TIFFVGetField function 1326246 - CVE-2016-3990 libtiff: out-of-bounds write in horizontalDifference8() 1326249 - CVE-2016-3991 libtiff: out-of-bounds write in loadImage() function 1346687 - CVE-2016-5320 libtiff: Out-of-bounds write in PixarLogDecode() function in tif_pixarlog.c 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libtiff-4.0.3-25.el7_2.src.rpm x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libtiff-4.0.3-25.el7_2.src.rpm x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libtiff-4.0.3-25.el7_2.src.rpm ppc64: libtiff-4.0.3-25.el7_2.ppc.rpm libtiff-4.0.3-25.el7_2.ppc64.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc64.rpm libtiff-devel-4.0.3-25.el7_2.ppc.rpm libtiff-devel-4.0.3-25.el7_2.ppc64.rpm ppc64le: libtiff-4.0.3-25.el7_2.ppc64le.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc64le.rpm libtiff-devel-4.0.3-25.el7_2.ppc64le.rpm s390x: libtiff-4.0.3-25.el7_2.s390.rpm libtiff-4.0.3-25.el7_2.s390x.rpm libtiff-debuginfo-4.0.3-25.el7_2.s390.rpm libtiff-debuginfo-4.0.3-25.el7_2.s390x.rpm libtiff-devel-4.0.3-25.el7_2.s390.rpm libtiff-devel-4.0.3-25.el7_2.s390x.rpm x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libtiff-debuginfo-4.0.3-25.el7_2.ppc.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc64.rpm libtiff-static-4.0.3-25.el7_2.ppc.rpm libtiff-static-4.0.3-25.el7_2.ppc64.rpm libtiff-tools-4.0.3-25.el7_2.ppc64.rpm ppc64le: libtiff-debuginfo-4.0.3-25.el7_2.ppc64le.rpm libtiff-static-4.0.3-25.el7_2.ppc64le.rpm libtiff-tools-4.0.3-25.el7_2.ppc64le.rpm s390x: libtiff-debuginfo-4.0.3-25.el7_2.s390.rpm libtiff-debuginfo-4.0.3-25.el7_2.s390x.rpm libtiff-static-4.0.3-25.el7_2.s390.rpm libtiff-static-4.0.3-25.el7_2.s390x.rpm libtiff-tools-4.0.3-25.el7_2.s390x.rpm x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libtiff-4.0.3-25.el7_2.src.rpm x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8127 https://access.redhat.com/security/cve/CVE-2014-8129 https://access.redhat.com/security/cve/CVE-2014-8130 https://access.redhat.com/security/cve/CVE-2014-9330 https://access.redhat.com/security/cve/CVE-2014-9655 https://access.redhat.com/security/cve/CVE-2015-1547 https://access.redhat.com/security/cve/CVE-2015-7554 https://access.redhat.com/security/cve/CVE-2015-8665 https://access.redhat.com/security/cve/CVE-2015-8668 https://access.redhat.com/security/cve/CVE-2015-8683 https://access.redhat.com/security/cve/CVE-2015-8781 https://access.redhat.com/security/cve/CVE-2015-8782 https://access.redhat.com/security/cve/CVE-2015-8783 https://access.redhat.com/security/cve/CVE-2015-8784 https://access.redhat.com/security/cve/CVE-2016-3632 https://access.redhat.com/security/cve/CVE-2016-3945 https://access.redhat.com/security/cve/CVE-2016-3990 https://access.redhat.com/security/cve/CVE-2016-3991 https://access.redhat.com/security/cve/CVE-2016-5320 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXoNKIXlSAg2UNWIIRAn0mAJ49V9uRtJCn4vAWPIfVZ3ptCa4NDQCbBuTb H5YX3gD3gJu8C4EadiP+wtg= =Z4gh -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8127 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8128 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8129 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8130 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9655 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1547 http://advisories.mageia.org/MGASA-2015-0112.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 2/X86_64: 17de6bd824adefbdae0ff3c563d63269 mbs2/x86_64/lib64tiff5-4.0.4-0.1.mbs2.x86_64.rpm f54719a7fc450ee6d6f755276d9e2724 mbs2/x86_64/lib64tiff-devel-4.0.4-0.1.mbs2.x86_64.rpm 919f8e9c688aa4341e3e5a0beec9d845 mbs2/x86_64/lib64tiff-static-devel-4.0.4-0.1.mbs2.x86_64.rpm f144bb33e2e10f9290851a5c8154660c mbs2/x86_64/libtiff-progs-4.0.4-0.1.mbs2.x86_64.rpm 74ddb4270be8dac262dce7cb8e33f2b6 mbs2/SRPMS/libtiff-4.0.4-0.1.mbs2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFVGACNmqjQ0CJFipgRAqWHAKCMsgmTovS2eO9vgejrPl3VxblviwCfdmYA gzHy/Xg9PwU1pycCt9bn7Xg= =Qxp+ -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201701-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libTIFF: Multiple vulnerabilities Date: January 09, 2017 Bugs: #484542, #534108, #538318, #561880, #572876, #585274, #585508, #599746 ID: 201701-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in libTIFF, the worst of which may allow execution of arbitrary code. It is called by numerous programs, including GNOME and KDE applications, to interpret TIFF images. Please review the CVE identifier and bug reports referenced for details. Workaround ========== There is no known workaround at this time. Resolution ========== All libTIFF users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/tiff-4.0.7" References ========== [ 1 ] CVE-2013-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4243 [ 2 ] CVE-2014-8127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8127 [ 3 ] CVE-2014-8128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8128 [ 4 ] CVE-2014-8129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8129 [ 5 ] CVE-2014-8130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8130 [ 6 ] CVE-2014-9330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9330 [ 7 ] CVE-2014-9655 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9655 [ 8 ] CVE-2015-1547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1547 [ 9 ] CVE-2015-7313 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7313 [ 10 ] CVE-2015-7554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7554 [ 11 ] CVE-2015-8665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8665 [ 12 ] CVE-2015-8668 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8668 [ 13 ] CVE-2015-8683 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8683 [ 14 ] CVE-2015-8781 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8781 [ 15 ] CVE-2015-8782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8782 [ 16 ] CVE-2015-8783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8783 [ 17 ] CVE-2015-8784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8784 [ 18 ] CVE-2016-3186 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3186 [ 19 ] CVE-2016-3619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3619 [ 20 ] CVE-2016-3620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3620 [ 21 ] CVE-2016-3621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3621 [ 22 ] CVE-2016-3622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3622 [ 23 ] CVE-2016-3623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3623 [ 24 ] CVE-2016-3624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3624 [ 25 ] CVE-2016-3625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3625 [ 26 ] CVE-2016-3631 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3631 [ 27 ] CVE-2016-3632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3632 [ 28 ] CVE-2016-3633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3633 [ 29 ] CVE-2016-3634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3634 [ 30 ] CVE-2016-3658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3658 [ 31 ] CVE-2016-3945 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3945 [ 32 ] CVE-2016-3990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3990 [ 33 ] CVE-2016-3991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3991 [ 34 ] CVE-2016-5102 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5102 [ 35 ] CVE-2016-5314 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5314 [ 36 ] CVE-2016-5315 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5315 [ 37 ] CVE-2016-5316 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5316 [ 38 ] CVE-2016-5317 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5317 [ 39 ] CVE-2016-5318 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5318 [ 40 ] CVE-2016-5319 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5319 [ 41 ] CVE-2016-5320 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5320 [ 42 ] CVE-2016-5321 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5321 [ 43 ] CVE-2016-5322 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5322 [ 44 ] CVE-2016-5323 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5323 [ 45 ] CVE-2016-5652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5652 [ 46 ] CVE-2016-5875 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5875 [ 47 ] CVE-2016-6223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6223 [ 48 ] CVE-2016-8331 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8331 [ 49 ] CVE-2016-9273 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9273 [ 50 ] CVE-2016-9297 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9297 [ 51 ] CVE-2016-9318 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9318 [ 52 ] CVE-2016-9448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9448 [ 53 ] CVE-2016-9453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9453 [ 54 ] CVE-2016-9532 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9532 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201701-16 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 --WUa5dgL7FmU1aSF31hCrUKc2JiSevbqka-- . 6) - i386, x86_64 3

Trust: 2.61

sources: NVD: CVE-2014-8130 // JVNDB: JVNDB-2014-008536 // BID: 72353 // VULHUB: VHN-76075 // VULMON: CVE-2014-8130 // PACKETSTORM: 131257 // PACKETSTORM: 138137 // PACKETSTORM: 131226 // PACKETSTORM: 131177 // PACKETSTORM: 140402 // PACKETSTORM: 138138

AFFECTED PRODUCTS

vendor:	libtiff	model:	libtiff	scope:	eq	version:	4.0.3	Trust: 2.1
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10.1	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10.0	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.8.5	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.9.5	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10.3	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10.2	Trust: 1.6
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	6.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	*	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	6.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	7.3	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	7.3	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	6.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.4	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.3	Trust: 1.0
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	7.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	ios	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	enterprise linux desktop	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	enterprise linux server	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	enterprise linux server aus	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	enterprise linux server eus	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	enterprise linux server tus	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	enterprise linux workstation	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	iphone	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	ipad2	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	ipodtouch	Trust: 0.6
vendor:	apple	model:	ios	scope:	eq	version:	8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7	Trust: 0.3
vendor:	oracle	model:	linux	scope:	eq	version:	7.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	ibm	model:	powerkvm	scope:	eq	version:	2.1	Trust: 0.3
vendor:	ibm	model:	smartcloud entry	scope:	eq	version:	2.3.0	Trust: 0.3
vendor:	oracle	model:	vm server for	scope:	eq	version:	x863.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.10	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.10.3	Trust: 0.3
vendor:	ibm	model:	smartcloud entry appliance fp	scope:	eq	version:	3.1.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	ibm	model:	powerkvm	scope:	eq	version:	3.1	Trust: 0.3
vendor:	mandriva	model:	business server	scope:	eq	version:	1x8664	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	apple	model:	ios beta	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	ibm	model:	smartcloud entry appliance fix pack	scope:	eq	version:	2.24	Trust: 0.3
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	10.04	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.10.1	Trust: 0.3
vendor:	apple	model:	ios beta	scope:	eq	version:	64	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	8.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	ibm	model:	smartcloud entry appliance fi	scope:	eq	version:	2.2.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	mac os	scope:	ne	version:	x10.10.4	Trust: 0.3
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	10.04	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.9.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	ibm	model:	smartcloud entry fix pack	scope:	eq	version:	2.22	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1	Trust: 0.3
vendor:	ibm	model:	smartcloud entry appliance fix pack	scope:	eq	version:	2.36	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1	Trust: 0.3
vendor:	mandriva	model:	business server	scope:	eq	version:	1	Trust: 0.3
vendor:	ubuntu	model:	linux sparc	scope:	eq	version:	10.04	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	ubuntu	model:	linux lts	scope:	eq	version:	14.04	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	oracle	model:	linux	scope:	eq	version:	6.0	Trust: 0.3
vendor:	ubuntu	model:	linux powerpc	scope:	eq	version:	10.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	12.04	Trust: 0.3
vendor:	apple	model:	ios beta	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.10.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	ubuntu	model:	linux arm	scope:	eq	version:	10.04	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	smartcloud entry	scope:	eq	version:	2.4.0	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	12.04	Trust: 0.3
vendor:	ibm	model:	smartcloud entry appliance fix pack	scope:	eq	version:	2.34	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6	Trust: 0.3
vendor:	ibm	model:	smartcloud entry appliance fix pack	scope:	eq	version:	2.26	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	ubuntu	model:	linux	scope:	eq	version:	14.10	Trust: 0.3
vendor:	apple	model:	ios for developer	scope:	eq	version:	6	Trust: 0.3
vendor:	ibm	model:	smartcloud entry	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	ibm	model:	smartcloud entry appliance fi	scope:	eq	version:	2.4.0.4	Trust: 0.3
vendor:	ibm	model:	smartcloud entry	scope:	eq	version:	2.2	Trust: 0.3
vendor:	ibm	model:	smartcloud entry fix pack	scope:	eq	version:	2.21	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	ibm	model:	smartcloud entry appliance fp	scope:	eq	version:	3.2.0.4	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	oracle	model:	vm server for	scope:	eq	version:	x863.3	Trust: 0.3
vendor:	ibm	model:	smartcloud entry fix pack	scope:	eq	version:	2.31	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	ibm	model:	smartcloud entry	scope:	eq	version:	3.1	Trust: 0.3
vendor:	ibm	model:	smartcloud entry appliance fi	scope:	eq	version:	2.3.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.3	Trust: 0.3
vendor:	ibm	model:	smartcloud entry appliance fp	scope:	eq	version:	2.2.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.1	Trust: 0.3

sources: BID: 72353 // CNNVD: CNNVD-201501-711 // JVNDB: JVNDB-2014-008536 // NVD: CVE-2014-8130

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-8130
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-8130
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201501-711
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-76075
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2014-8130
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-8130
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-76075
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2014-8130
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-76075 // VULMON: CVE-2014-8130 // CNNVD: CNNVD-201501-711 // JVNDB: JVNDB-2014-008536 // NVD: CVE-2014-8130

PROBLEMTYPE DATA

problemtype:

CWE-369

Trust: 1.9

sources: VULHUB: VHN-76075 // JVNDB: JVNDB-2014-008536 // NVD: CVE-2014-8130

THREAT TYPE

remote

Trust: 0.9

sources: PACKETSTORM: 138137 // PACKETSTORM: 131226 // PACKETSTORM: 138138 // CNNVD: CNNVD-201501-711

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201501-711

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-008536

PATCH

title:	HT204941	url:	https://support.apple.com/en-us/HT204941	Trust: 0.8
title:	HT204942	url:	https://support.apple.com/en-us/HT204942	Trust: 0.8
title:	HT204941	url:	https://support.apple.com/ja-jp/HT204941	Trust: 0.8
title:	HT204942	url:	https://support.apple.com/ja-jp/HT204942	Trust: 0.8
title:	* libtiff/tif_{unix,vms,win32}.c (_TIFFmalloc):	url:	https://github.com/vadz/libtiff/commit/3c5eb8b1be544e41d2c336191bc4936300ad7543	Trust: 0.8
title:	Bug 1185817	url:	https://bugzilla.redhat.com/show_bug.cgi?id=1185817	Trust: 0.8
title:	RHSA-2016:1546	url:	http://rhn.redhat.com/errata/RHSA-2016-1546.html	Trust: 0.8
title:	RHSA-2016:1547	url:	http://rhn.redhat.com/errata/RHSA-2016-1547.html	Trust: 0.8
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2014-8130	Trust: 0.1
title:	Ubuntu Security Notice: tiff vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2553-1	Trust: 0.1
title:	Ubuntu Security Notice: tiff regression	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2553-2	Trust: 0.1
title:	Debian CVElist Bug Report Logs: tiff: CVE-2014-8127 CVE-2014-8128 CVE-2014-8130	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=b9d749356a17e64ae08267d2b44915c1	Trust: 0.1
title:	Apple: OS X Yosemite v10.10.4 and Security Update 2015-005	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=50398602701d671602946005c7864211	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2016-733	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2016-733	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201611-26] libtiff: multiple issues	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201611-26	Trust: 0.1
title:	Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins&qid=6c15273f6bf4a785175f27073b98a1ce	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201611-27] lib32-libtiff: multiple issues	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201611-27	Trust: 0.1
title:	Oracle Linux Bulletins: Oracle Linux Bulletin - July 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=0bd8c924b56aac98dda0f5b45f425f38	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2017	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=6283337cd31f81f24d445925f2138c0e	Trust: 0.1
title:	afl-cve	url:	https://github.com/mrash/afl-cve	Trust: 0.1

sources: VULMON: CVE-2014-8130 // JVNDB: JVNDB-2014-008536

EXTERNAL IDS

db:	NVD	id:	CVE-2014-8130	Trust: 3.5
db:	BID	id:	72353	Trust: 2.1
db:	OPENWALL	id:	OSS-SECURITY/2015/01/24/15	Trust: 1.8
db:	SECTRACK	id:	1032760	Trust: 1.2
db:	JVNDB	id:	JVNDB-2014-008536	Trust: 0.8
db:	CNNVD	id:	CNNVD-201501-711	Trust: 0.7
db:	NSFOCUS	id:	29124	Trust: 0.6
db:	PACKETSTORM	id:	131257	Trust: 0.2
db:	VULHUB	id:	VHN-76075	Trust: 0.1
db:	VULMON	id:	CVE-2014-8130	Trust: 0.1
db:	PACKETSTORM	id:	138137	Trust: 0.1
db:	PACKETSTORM	id:	131226	Trust: 0.1
db:	PACKETSTORM	id:	131177	Trust: 0.1
db:	PACKETSTORM	id:	140402	Trust: 0.1
db:	PACKETSTORM	id:	138138	Trust: 0.1

sources: VULHUB: VHN-76075 // VULMON: CVE-2014-8130 // BID: 72353 // PACKETSTORM: 131257 // PACKETSTORM: 138137 // PACKETSTORM: 131226 // PACKETSTORM: 131177 // PACKETSTORM: 140402 // PACKETSTORM: 138138 // CNNVD: CNNVD-201501-711 // JVNDB: JVNDB-2014-008536 // NVD: CVE-2014-8130

REFERENCES

url:	http://bugzilla.maptools.org/show_bug.cgi?id=2483	Trust: 2.9
url:	http://www.conostix.com/pub/adv/cve-2014-8130-libtiff-division_by_zero.txt	Trust: 2.1
url:	http://www.securityfocus.com/bid/72353	Trust: 1.9
url:	http://lists.apple.com/archives/security-announce/2015/jun/msg00001.html	Trust: 1.8
url:	http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html	Trust: 1.8
url:	http://openwall.com/lists/oss-security/2015/01/24/15	Trust: 1.8
url:	http://support.apple.com/kb/ht204941	Trust: 1.8
url:	http://support.apple.com/kb/ht204942	Trust: 1.8
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1185817	Trust: 1.8
url:	https://github.com/vadz/libtiff/commit/3c5eb8b1be544e41d2c336191bc4936300ad7543	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2014-8130	Trust: 1.4
url:	https://security.gentoo.org/glsa/201701-16	Trust: 1.3
url:	http://rhn.redhat.com/errata/rhsa-2016-1546.html	Trust: 1.3
url:	http://rhn.redhat.com/errata/rhsa-2016-1547.html	Trust: 1.3
url:	http://www.securitytracker.com/id/1032760	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8130	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2014-9655	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/29124	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2014-9330	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2014-8127	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2014-8129	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1547	Trust: 0.4
url:	http://www.libtiff.org/	Trust: 0.3
url:	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=isg3t1024132	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=isg3t1024193	Trust: 0.3
url:	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3632	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8668	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8783	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7554	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8665	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8782	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8781	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8784	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8683	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2014-8128	Trust: 0.3
url:	http://www.ubuntu.com/usn/usn-2553-1	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2014-8129	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2014-9330	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2016-3991	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2015-8665	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2015-8683	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2016-3632	Trust: 0.2
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2016-3945	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2015-8782	Trust: 0.2
url:	https://access.redhat.com/articles/11258	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3945	Trust: 0.2
url:	https://access.redhat.com/security/team/contact/	Trust: 0.2
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2014-8127	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2015-8784	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2015-8781	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5320	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2014-9655	Trust: 0.2
url:	https://bugzilla.redhat.com/):	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2016-5320	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3990	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3991	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2015-8783	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2014-8130	Trust: 0.2
url:	https://access.redhat.com/security/team/key/	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2015-1547	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2016-3990	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2015-7554	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2015-8668	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/369.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://security.archlinux.org/cve-2014-8130	Trust: 0.1
url:	https://usn.ubuntu.com/2553-1/	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=39581	Trust: 0.1
url:	https://launchpad.net/bugs/1439186	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/tiff/4.0.3-7ubuntu0.3	Trust: 0.1
url:	http://www.ubuntu.com/usn/usn-2553-2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/tiff/3.9.5-2ubuntu1.8	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/tiff/4.0.3-10ubuntu0.2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/tiff/3.9.2-2ubuntu0.16	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/tiff/3.9.2-2ubuntu0.15	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/tiff/4.0.3-7ubuntu0.2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/tiff/3.9.5-2ubuntu1.7	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/tiff/4.0.3-10ubuntu0.1	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8127	Trust: 0.1
url:	http://advisories.mageia.org/mgasa-2015-0112.html	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8129	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8128	Trust: 0.1
url:	http://www.mandriva.com/en/support/security/	Trust: 0.1
url:	http://www.mandriva.com/en/support/security/advisories/	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9655	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1547	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3625	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6223	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7313	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3990	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5319	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8127	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3619	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3634	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5321	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8783	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9655	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3633	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8782	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3632	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7554	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5875	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9318	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3622	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3631	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8784	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3624	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3623	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5314	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-8331	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3624	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-4243	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1547	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5317	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3621	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3631	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9330	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9297	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3620	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9453	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3620	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9273	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8129	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8128	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5316	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5652	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3991	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3621	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8781	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3186	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3623	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9448	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5315	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3186	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3622	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5102	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3658	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5323	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8130	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5322	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3625	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8665	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5318	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3945	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3619	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3633	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8668	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5320	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8683	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7313	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9532	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4243	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1

CREDITS

William Robinet and american fuzzy lop

Trust: 0.9

sources: BID: 72353 // CNNVD: CNNVD-201501-711

SOURCES

db:	VULHUB	id:	VHN-76075
db:	VULMON	id:	CVE-2014-8130
db:	BID	id:	72353
db:	PACKETSTORM	id:	131257
db:	PACKETSTORM	id:	138137
db:	PACKETSTORM	id:	131226
db:	PACKETSTORM	id:	131177
db:	PACKETSTORM	id:	140402
db:	PACKETSTORM	id:	138138
db:	CNNVD	id:	CNNVD-201501-711
db:	JVNDB	id:	JVNDB-2014-008536
db:	NVD	id:	CVE-2014-8130

LAST UPDATE DATE

2026-04-18T22:17:48.860000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-76075	date:	2018-04-05T00:00:00
db:	VULMON	id:	CVE-2014-8130	date:	2018-04-05T00:00:00
db:	BID	id:	72353	date:	2016-09-28T01:01:00
db:	CNNVD	id:	CNNVD-201501-711	date:	2018-12-07T00:00:00
db:	JVNDB	id:	JVNDB-2014-008536	date:	2018-04-24T00:00:00
db:	NVD	id:	CVE-2014-8130	date:	2024-11-21T02:18:37.203

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-76075	date:	2018-03-12T00:00:00
db:	VULMON	id:	CVE-2014-8130	date:	2018-03-12T00:00:00
db:	BID	id:	72353	date:	2015-01-24T00:00:00
db:	PACKETSTORM	id:	131257	date:	2015-04-02T00:39:26
db:	PACKETSTORM	id:	138137	date:	2016-08-02T23:00:03
db:	PACKETSTORM	id:	131226	date:	2015-04-01T00:37:57
db:	PACKETSTORM	id:	131177	date:	2015-03-30T23:09:44
db:	PACKETSTORM	id:	140402	date:	2017-01-09T19:12:35
db:	PACKETSTORM	id:	138138	date:	2016-08-02T23:00:12
db:	CNNVD	id:	CNNVD-201501-711	date:	2015-01-30T00:00:00
db:	JVNDB	id:	JVNDB-2014-008536	date:	2018-04-24T00:00:00
db:	NVD	id:	CVE-2014-8130	date:	2018-03-12T02:29:00.307