{"id":"CVE-2014-8129","details":"LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c.","modified":"2026-01-27T04:13:23.692134Z","published":"2018-03-12T02:29:00Z","withdrawn":"2026-01-27T04:13:23.692134Z","related":["MGASA-2015-0112","SUSE-SU-2015:1420-1","SUSE-SU-2015:1475-1","openSUSE-SU-2024:10554-1"],"references":[{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-1546.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-1547.html"},{"type":"ADVISORY","url":"http://support.apple.com/kb/HT204941"},{"type":"ADVISORY","url":"http://support.apple.com/kb/HT204942"},{"type":"ADVISORY","url":"http://www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/72352"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1032760"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201701-16"},{"type":"ADVISORY","url":"https://www.debian.org/security/2015/dsa-3273"},{"type":"ARTICLE","url":"http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"},{"type":"ARTICLE","url":"http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"},{"type":"ARTICLE","url":"http://openwall.com/lists/oss-security/2015/01/24/15"},{"type":"REPORT","url":"http://bugzilla.maptools.org/show_bug.cgi?id=2487"},{"type":"REPORT","url":"http://bugzilla.maptools.org/show_bug.cgi?id=2488"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1185815"}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}