[Secure-testing-team] Bug#776185: tiff: CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130
Salvatore Bonaccorso
carnil at debian.org
Sun Jan 25 06:46:27 UTC 2015
Source: tiff
Version: 4.0.3-12
Severity: grave
Tags: security upstream
Justification: user security hole
Hi,
the following vulnerabilities were published for tiff.
CVE-2014-8127[0]:
various out-of-bound reads
CVE-2014-8128[1]:
various out-of-bounds write
CVE-2014-8129[2]:
various out-of-bound read and write
CVE-2014-8130[3]:
divide by zero
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
Note that at the time of the advisory, for three of the reported
issues, there was not fix in CVS HEAD yet. The individual bugs are
also linked from the security-tracker.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2014-8127
http://www.conostix.com/pub/adv/CVE-2014-8127-LibTIFF-Out-of-bounds_Reads.txt
[1] https://security-tracker.debian.org/tracker/CVE-2014-8128
http://www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt
[2] https://security-tracker.debian.org/tracker/CVE-2014-8129
http://www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt
[3] https://security-tracker.debian.org/tracker/CVE-2014-8130
http://www.conostix.com/pub/adv/CVE-2014-8130-LibTIFF-Division_By_Zero.txt
[4] http://www.openwall.com/lists/oss-security/2015/01/24/15
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list