CVE-2014-8127 -- LibTIFF -- Out-of-bounds Read

0. Status
---------
20150124 - Not completed

1. Description
--------------
LibTIFF provides support for the Tag Image File Format (TIFF), a widely used
format for storing image data.
It is composed of a library for working with TIFF files along with a small
collection of tools for doing simple manipulations of TIFF images.

Multiple out-of-bounds reads can be triggered with malformed TIFF images in the
following LibTIFF tools:
  - thumbnail
  - tiff2bw
  - tiff2rgba
  - tiff2ps
  - tiffdither
  - tiffmedian
  - tiffset

2. Affected versions
--------------------
Reported on Ubuntu 14.04.1 LTS (amd64) 4.0.3-7ubuntu0.1 .
Last stable source release v4.0.3 is also affected.
The "tiffset" tool in CVS HEAD revision 1.18 is still affected.

3. Fix
------
Fixed in CVS HEAD since at least 21/12/2014:
  - thumbnail
  - tiff2bw
  - tiff2rgba
  - tiff2ps
  - tiffdither
  - tiffmedian

Not fixed:
  - tiffset

4. References
-------------
  - thumbnail: http://bugzilla.maptools.org/show_bug.cgi?id=2484
  - tiff2bw: http://bugzilla.maptools.org/show_bug.cgi?id=2485
  - tiff2rgba: http://bugzilla.maptools.org/show_bug.cgi?id=2486
  - tiff2ps & tiffdither: http://bugzilla.maptools.org/show_bug.cgi?id=2496
  - tiffmedian: http://bugzilla.maptools.org/show_bug.cgi?id=2497
  - tiffset: http://bugzilla.maptools.org/show_bug.cgi?id=2500

5. Credits
----------
William Robinet - Conostix S.A. - william.robinet-libtiff [AT] conostix.com
american fuzzy lop - http://lcamtuf.coredump.cx/afl/