Lucene search

K

Veracode Vulnerability DatabaseVERACODE:6320

HistoryMay 17, 2018 - 10:15 a.m.

Denial Of Service (DoS)

2018-05-1710:15:38

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

8

0.005 Low

EPSS

Percentile

75.6%

libtiff.so is vulnerable to denial of service (DoS) attacks. The library fails to verify BitsPerSample in a given tiff file, allowing a malicious user to pass a tiff file to the application to cause an out-of-bounds write that can lead to code being executed or the application crashing.

CPENameOperatorVersion
libtiff.sole5.7.0
libtiffeq3.9.4__10.el6_5
libtiffeq3.9.4__1.el6_0.2
libtiffeq3.9.4__1.el6
libtiffeq3.9.4__6.el6_3
libtiffeq3.9.4__5.el6_2
libtiffeq3.9.4__9.el6_3
libtiffeq3.9.4__1.el6_0.1
libtiffeq3.9.4__1.el6_0.3
libtiff.sole5.7.0

Rows per page:

1-10 of 181

References

bugzilla.maptools.org/show_bug.cgi?id=2487

bugzilla.maptools.org/show_bug.cgi?id=2488

lists.apple.com/archives/security-announce/2015/Jun/msg00001.html

lists.apple.com/archives/security-announce/2015/Jun/msg00002.html

openwall.com/lists/oss-security/2015/01/24/15

rhn.redhat.com/errata/RHSA-2016-1546.html

rhn.redhat.com/errata/RHSA-2016-1547.html

support.apple.com/kb/HT204941

support.apple.com/kb/HT204942

www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt

www.securityfocus.com/bid/72352

www.securitytracker.com/id/1032760

access.redhat.com/errata/RHSA-2016:1546

access.redhat.com/errata/RHSA-2016:1547

access.redhat.com/security/cve/CVE-2014-8129

bugzilla.redhat.com/show_bug.cgi?id=1185815

github.com/vadz/libtiff/commit/cd82b5267ad4c10eb91e4ee8a716a81362cf851c

security.gentoo.org/glsa/201701-16

www.debian.org/security/2015/dsa-3273

0.005 Low

EPSS

Percentile

75.6%

Related for VERACODE:6320

cve1 nvd1 ubuntucve1 cvelist1 prion1 debiancve1 debian3 nessus27 openvas18 osv2 ubuntu2 securityvulns7 mageia1 f52 altlinux1 amazon1 ibm2 oraclelinux2 redhat2 centos2 gentoo1