CVE-2014-8130 -- LibTIFF -- Divide By Zero 0. Status --------- 20150124 - Complete 1. Description -------------- LibTIFF provides support for the Tag Image File Format (TIFF), a widely used format for storing image data. It is composed of a library for working with TIFF files along with a small collection of tools for doing simple manipulations of TIFF images. A malformed TIFF image can lead to a division by zero crash in the "tiffdither" tool. 2. Affected versions -------------------- Reported on Ubuntu 14.04.1 LTS (amd64) 4.0.3-7ubuntu0.1 . Last stable source release v4.0.3 is also affected. 3. Fix ------ Fixed in CVS HEAD since at least 21/12/2014. 4. Reference ------------ http://bugzilla.maptools.org/show_bug.cgi?id=2483 5. Credits ---------- William Robinet - Conostix S.A. - william.robinet-libtiff [AT] conostix.com american fuzzy lop - http://lcamtuf.coredump.cx/afl/