CVE-2014-8128

LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before
10.10.4 and other products, allows remote attackers to cause a denial of
service (out-of-bounds write) via a crafted TIFF image.

Bugs

• <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776185&gt;
• <http://bugzilla.maptools.org/show_bug.cgi?id=2489 (thumbnail)>
• <http://bugzilla.maptools.org/show_bug.cgi?id=2490 (tiffdither)>
• <http://bugzilla.maptools.org/show_bug.cgi?id=2491 (tiffdither)>
• <http://bugzilla.maptools.org/show_bug.cgi?id=2492 (tiffdither)>
• <http://bugzilla.maptools.org/show_bug.cgi?id=2493 (thumbnail and tiffcmp)>
• <http://bugzilla.maptools.org/show_bug.cgi?id=2495 (tiff2pdf)>
• <http://bugzilla.maptools.org/show_bug.cgi?id=2499 (thumbnail and tiffcmp) [not fixed yet in CVS HEAD]>
• <http://bugzilla.maptools.org/show_bug.cgi?id=2501 (tiffdither)>
• <https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/1439186&gt;

Notes