CVE-2014-9330

Published: 20 January 2015

Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) via crafted BMP image, related to dimensions, which triggers an out-of-bounds read.

Priority

Status

Package	Release	Status
tiff Launchpad, Ubuntu, Debian	Upstream	Needs triage





	Ubuntu 14.04 ESM (Trusty Tahr)	Released (4.0.3-7ubuntu0.2)
	Patches: Upstream: https://github.com/vadz/libtiff/commit/662f74445b2fea2eeb759c6524661118aef567ca

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9330
https://ubuntu.com/security/notices/USN-2553-1
NVD
Launchpad
Debian

Bugs

http://bugzilla.maptools.org/show_bug.cgi?id=2494
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773987

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›