| Vulnerability Name: | CVE-2014-9330 (CCN-99665) | ||||||||||||||||||||||||
| Assigned: | 2014-12-22 | ||||||||||||||||||||||||
| Published: | 2014-12-22 | ||||||||||||||||||||||||
| Updated: | 2018-01-05 | ||||||||||||||||||||||||
| Summary: | Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) via crafted BMP image, related to dimensions, which triggers an out-of-bounds read. | ||||||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P) 4.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:UR)
6.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:UR)
3.5 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:UR)
| ||||||||||||||||||||||||
| Vulnerability Type: | CWE-189 CWE-125 | ||||||||||||||||||||||||
| Vulnerability Consequences: | Informational | ||||||||||||||||||||||||
| References: | Source: CONFIRM Type: UNKNOWN http://bugzilla.maptools.org/show_bug.cgi?id=2494 Source: MITRE Type: CNA CVE-2014-9330 Source: CCN Type: RHSA-2016-1546 Important: libtiff security update Source: REDHAT Type: UNKNOWN RHSA-2016:1546 Source: CCN Type: RHSA-2016-1547 Important: libtiff security update Source: REDHAT Type: UNKNOWN RHSA-2016:1547 Source: CCN Type: Full Disclosure Mailing List, Mon, 22 Dec 2014 11:48:05 -0800 Re: CVE-2014-9330: Libtiff integer overflow in bmp2tiff Source: FULLDISC Type: UNKNOWN 20141222 CVE-2014-9330: Libtiff integer overflow in bmp2tiff Source: DEBIAN Type: UNKNOWN DSA-3273 Source: CCN Type: IBM Security Bulletin T1024132 (PowerKVM) Multiple vulnerabilities in libtiff affect PowerKVM Source: CCN Type: IBM Security Bulletin T1024193 (SmartCloud Entry) Libtiff vulnerabilities affect IBM SmartClound Entry Source: CONFIRM Type: UNKNOWN http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html Source: CONFIRM Type: UNKNOWN http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html Source: CCN Type: LibTIFF Web Site LibTIFF Source: BID Type: UNKNOWN 71789 Source: CCN Type: BID-71789 LibTIFF 'tools/bmp2tiff.c' Out of Bounds Read Integer Overflow Vulnerability Source: SECTRACK Type: UNKNOWN 1031442 Source: XF Type: UNKNOWN libtiff-cve20149330-overflow(99665) Source: GENTOO Type: UNKNOWN GLSA-201701-16 Source: CCN Type: WhiteSource Vulnerability Database CVE-2014-9330 | ||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: Configuration RedHat 6: Configuration RedHat 7: Configuration RedHat 8: Configuration RedHat 9: Configuration RedHat 10: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||