Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   LibTIFF Vendors:
(Oracle Issues Fix for Oracle Linux) LibTIFF Integer Overflow in bmp2tiff Lets Remote Users Deny Service
SecurityTracker Alert ID:  1036504
SecurityTracker URL:
CVE Reference:   CVE-2014-9330   (Links to External Site)
Date:  Aug 2 2016
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.0.3; possibly prior versions
Description:   A vulnerability was reported in LibTIFF. A remote user can cause denial of service conditions.

A remote user can send a specially crafted BMP image that, when processed by the library, will trigger an integer overflow in bmp2tiff and cause the target application to crash.

Paris Zoumpouloglou of Project Zero labs reported this vulnerability.

Impact:   A remote user can cause the target application to crash.
Solution:   Oracle has issued a fix.

The Oracle Linux advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Oracle)
Underlying OS Comments:  6

Message History:   This archive entry is a follow-up to the message listed below.
Dec 24 2014 LibTIFF Integer Overflow in bmp2tiff Lets Remote Users Deny Service

 Source Message Contents

Subject:  [El-errata] ELSA-2016-1547 Important: Oracle Linux 6 libtiff security update

Oracle Linux Security Advisory ELSA-2016-1547

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:




Description of changes:

- Update patch for CVE-2014-8127
- Related: #1335099

- Fix patches for CVE-2016-3990 and CVE-2016-5320
- Related: #1335099

- Add patches for CVEs:
- CVE-2016-3632 CVE-2016-3945 CVE-2016-3990
- CVE-2016-3991 CVE-2016-5320
- Related: #1335099

- Update patch for CVE-2014-8129
- Related: #1335099

- Merge previously released fixes for CVEs:
- CVE-2013-1960 CVE-2013-1961 CVE-2013-4231
- CVE-2013-4232 CVE-2013-4243 CVE-2013-4244
- Resolves: #1335099

- Patch typos in CVE-2014-8127
- Related: #1299919

- Fix CVE-2014-8127 and CVE-2015-8668 patches
- Related: #1299919

- Fixed patches on preview CVEs
- Related: #1299919

El-errata mailing list

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC