Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   LibTIFF Vendors:
(Oracle Issues Fix for Oracle Linux) LibTIFF Integer Overflow in bmp2tiff Lets Remote Users Deny Service
SecurityTracker Alert ID:  1036505
SecurityTracker URL:
CVE Reference:   CVE-2014-9330   (Links to External Site)
Date:  Aug 2 2016
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.0.3; possibly prior versions
Description:   A vulnerability was reported in LibTIFF. A remote user can cause denial of service conditions.

A remote user can send a specially crafted BMP image that, when processed by the library, will trigger an integer overflow in bmp2tiff and cause the target application to crash.

Paris Zoumpouloglou of Project Zero labs reported this vulnerability.

Impact:   A remote user can cause the target application to crash.
Solution:   Oracle has issued a fix.

The Oracle Linux advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Oracle)
Underlying OS Comments:  7

Message History:   This archive entry is a follow-up to the message listed below.
Dec 24 2014 LibTIFF Integer Overflow in bmp2tiff Lets Remote Users Deny Service

 Source Message Contents

Subject:  [El-errata] ELSA-2016-1546 Important: Oracle Linux 7 libtiff security update

Oracle Linux Security Advisory ELSA-2016-1546

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:



Description of changes:

- Add patches for CVEs:
   CVE-2015-7554, CVE-2015-8683, CVE-2015-8665,
   CVE-2015-8781, CVE-2015-8782, CVE-2015-8783,
- Related: #1299920

- Update patches for CVEs:
   CVE-2014-8127, CVE-2014-8130
- Related: #1299920

- Update patches:
   CVE-2014-9330, CVE-2014-8127, CVE-2014-8129
- Related: #1299920

- Update patch for CVE-2015-8668
- Related: #1299920

- Remove patches for CVEs:
   CVE-2014-8127, CVE-2014-8129, CVE-2014-8130,
   CVE-2014-9330, CVE-2015-7554, CVE-2015-8665,
   CVE-2015-8683, CVE-2015-8781, CVE-2015-8784
- Add patches for CVEs:
   CVE-2016-3632, CVE-2016-3945, CVE-2016-3990,
   CVE-2016-3991, CVE-2016-5320
- Update patches for CVEs:
   CVE-2014-9655, CVE-2015-1547, CVE-2015-8668
- Related: #1299920

- CVE-2014-8127 should contain only two fixes
- Related: #1299920

- Revert previous patch CVE-2014-8127
- Related: #1299920

- Fix patch CVE-2014-8127. Wrongly applied
- Related: #1299920

- Fix patch CVE-2015-8668. Wrongly applied by me
- Related: #1299920

- Fixed patches on preview CVEs
- Related: #1299920

- This resolves several CVEs
- CVE-2014-8127, CVE-2014-8129, CVE-2014-8130
- CVE-2014-9330, CVE-2014-9655, CVE-2015-8781
- CVE-2015-8784, CVE-2015-1547, CVE-2015-8683
- CVE-2015-8665, CVE-2015-7554, CVE-2015-8668
- Resolves: #1299920

El-errata mailing list

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC