CVE-2014-8127 -- LibTIFF -- Out-of-bounds Read 0. Status --------- 20150124 - Not completed 1. Description -------------- LibTIFF provides support for the Tag Image File Format (TIFF), a widely used format for storing image data. It is composed of a library for working with TIFF files along with a small collection of tools for doing simple manipulations of TIFF images. Multiple out-of-bounds reads can be triggered with malformed TIFF images in the following LibTIFF tools: - thumbnail - tiff2bw - tiff2rgba - tiff2ps - tiffdither - tiffmedian - tiffset 2. Affected versions -------------------- Reported on Ubuntu 14.04.1 LTS (amd64) 4.0.3-7ubuntu0.1 . Last stable source release v4.0.3 is also affected. The "tiffset" tool in CVS HEAD revision 1.18 is still affected. 3. Fix ------ Fixed in CVS HEAD since at least 21/12/2014: - thumbnail - tiff2bw - tiff2rgba - tiff2ps - tiffdither - tiffmedian Not fixed: - tiffset 4. References ------------- - thumbnail: http://bugzilla.maptools.org/show_bug.cgi?id=2484 - tiff2bw: http://bugzilla.maptools.org/show_bug.cgi?id=2485 - tiff2rgba: http://bugzilla.maptools.org/show_bug.cgi?id=2486 - tiff2ps & tiffdither: http://bugzilla.maptools.org/show_bug.cgi?id=2496 - tiffmedian: http://bugzilla.maptools.org/show_bug.cgi?id=2497 - tiffset: http://bugzilla.maptools.org/show_bug.cgi?id=2500 5. Credits ---------- William Robinet - Conostix S.A. - william.robinet-libtiff [AT] conostix.com american fuzzy lop - http://lcamtuf.coredump.cx/afl/