CVE-2014-9330

Published: 20 January 2015

Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) via crafted BMP image, related to dimensions, which triggers an out-of-bounds read.

Priority

Status

Package	Release	Status
tiff Launchpad, Ubuntu, Debian	lucid	Released (3.9.2-2ubuntu0.15)
	precise	Released (3.9.5-2ubuntu1.7)
	trusty	Released (4.0.3-7ubuntu0.2)
	upstream	Needs triage
	utopic	Released (4.0.3-10ubuntu0.1)
	Patches: upstream: https://github.com/vadz/libtiff/commit/662f74445b2fea2eeb759c6524661118aef567ca

References

https://ubuntu.com/security/notices/USN-2553-1
https://www.cve.org/CVERecord?id=CVE-2014-9330
NVD
Launchpad
Debian

Bugs

http://bugzilla.maptools.org/show_bug.cgi?id=2494
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773987

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›