ID

VAR-201803-0099


CVE

CVE-2014-8130


TITLE

LibTIFF Vulnerable to division by zero

Trust: 0.8

sources: JVNDB: JVNDB-2014-008536

DESCRIPTION

The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither. LibTIFF Contains a vulnerability related to division by zero.Service operation interruption (DoS) There is a possibility of being put into a state. LibTIFF is prone to a denial-of-service vulnerability. Successful exploits may allow attackers to crash the affected application, denying service to legitimate users. A denial of service vulnerability exists in Silicon Graphics LibTiff prior to 4.0.3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libtiff security update Advisory ID: RHSA-2016:1546-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1546.html Issue date: 2016-08-02 CVE Names: CVE-2014-8127 CVE-2014-8129 CVE-2014-8130 CVE-2014-9330 CVE-2014-9655 CVE-2015-1547 CVE-2015-7554 CVE-2015-8665 CVE-2015-8668 CVE-2015-8683 CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2015-8784 CVE-2016-3632 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5320 ===================================================================== 1. Summary: An update for libtiff is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * Multiple flaws have been discovered in libtiff. (CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320) * Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running applications linked against libtiff must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1177893 - CVE-2014-9330 libtiff: Out-of-bounds reads followed by a crash in bmp2tiff 1185805 - CVE-2014-8127 libtiff: out-of-bounds read with malformed TIFF image in multiple tools 1185815 - CVE-2014-8129 libtiff: out-of-bounds read/write with malformed TIFF image in tiff2pdf 1185817 - CVE-2014-8130 libtiff: divide by zero in the tiffdither tool 1190703 - CVE-2014-9655 libtiff: use of uninitialized memory in putcontig8bitYCbCr21tile and NeXTDecode 1190709 - CVE-2015-1547 libtiff: use of uninitialized memory in NeXTDecode 1294417 - CVE-2015-7554 libtiff: Invalid-write in _TIFFVGetField() when parsing some extension tags 1294425 - CVE-2015-8668 libtiff: OOB read in bmp2tiff 1294427 - CVE-2015-8683 libtiff: Out-of-bounds when reading CIE Lab image format files 1294444 - CVE-2015-8665 libtiff: Out-of-bounds read in tif_getimage.c 1301649 - CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 libtiff: invalid assertion 1301652 - CVE-2015-8784 libtiff: out-of-bound write in NeXTDecode() 1325093 - CVE-2016-3945 libtiff: out-of-bounds write in the tiff2rgba tool 1325095 - CVE-2016-3632 libtiff: out-of-bounds write in _TIFFVGetField function 1326246 - CVE-2016-3990 libtiff: out-of-bounds write in horizontalDifference8() 1326249 - CVE-2016-3991 libtiff: out-of-bounds write in loadImage() function 1346687 - CVE-2016-5320 libtiff: Out-of-bounds write in PixarLogDecode() function in tif_pixarlog.c 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libtiff-4.0.3-25.el7_2.src.rpm x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libtiff-4.0.3-25.el7_2.src.rpm x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libtiff-4.0.3-25.el7_2.src.rpm ppc64: libtiff-4.0.3-25.el7_2.ppc.rpm libtiff-4.0.3-25.el7_2.ppc64.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc64.rpm libtiff-devel-4.0.3-25.el7_2.ppc.rpm libtiff-devel-4.0.3-25.el7_2.ppc64.rpm ppc64le: libtiff-4.0.3-25.el7_2.ppc64le.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc64le.rpm libtiff-devel-4.0.3-25.el7_2.ppc64le.rpm s390x: libtiff-4.0.3-25.el7_2.s390.rpm libtiff-4.0.3-25.el7_2.s390x.rpm libtiff-debuginfo-4.0.3-25.el7_2.s390.rpm libtiff-debuginfo-4.0.3-25.el7_2.s390x.rpm libtiff-devel-4.0.3-25.el7_2.s390.rpm libtiff-devel-4.0.3-25.el7_2.s390x.rpm x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libtiff-debuginfo-4.0.3-25.el7_2.ppc.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc64.rpm libtiff-static-4.0.3-25.el7_2.ppc.rpm libtiff-static-4.0.3-25.el7_2.ppc64.rpm libtiff-tools-4.0.3-25.el7_2.ppc64.rpm ppc64le: libtiff-debuginfo-4.0.3-25.el7_2.ppc64le.rpm libtiff-static-4.0.3-25.el7_2.ppc64le.rpm libtiff-tools-4.0.3-25.el7_2.ppc64le.rpm s390x: libtiff-debuginfo-4.0.3-25.el7_2.s390.rpm libtiff-debuginfo-4.0.3-25.el7_2.s390x.rpm libtiff-static-4.0.3-25.el7_2.s390.rpm libtiff-static-4.0.3-25.el7_2.s390x.rpm libtiff-tools-4.0.3-25.el7_2.s390x.rpm x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libtiff-4.0.3-25.el7_2.src.rpm x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8127 https://access.redhat.com/security/cve/CVE-2014-8129 https://access.redhat.com/security/cve/CVE-2014-8130 https://access.redhat.com/security/cve/CVE-2014-9330 https://access.redhat.com/security/cve/CVE-2014-9655 https://access.redhat.com/security/cve/CVE-2015-1547 https://access.redhat.com/security/cve/CVE-2015-7554 https://access.redhat.com/security/cve/CVE-2015-8665 https://access.redhat.com/security/cve/CVE-2015-8668 https://access.redhat.com/security/cve/CVE-2015-8683 https://access.redhat.com/security/cve/CVE-2015-8781 https://access.redhat.com/security/cve/CVE-2015-8782 https://access.redhat.com/security/cve/CVE-2015-8783 https://access.redhat.com/security/cve/CVE-2015-8784 https://access.redhat.com/security/cve/CVE-2016-3632 https://access.redhat.com/security/cve/CVE-2016-3945 https://access.redhat.com/security/cve/CVE-2016-3990 https://access.redhat.com/security/cve/CVE-2016-3991 https://access.redhat.com/security/cve/CVE-2016-5320 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. ============================================================================ Ubuntu Security Notice USN-2553-1 March 31, 2015 tiff vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. (CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130) Paris Zoumpouloglou discovered that LibTIFF incorrectly handled certain malformed BMP images. (CVE-2014-9655) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: libtiff5 4.0.3-10ubuntu0.1 Ubuntu 14.04 LTS: libtiff5 4.0.3-7ubuntu0.2 Ubuntu 12.04 LTS: libtiff4 3.9.5-2ubuntu1.7 Ubuntu 10.04 LTS: libtiff4 3.9.2-2ubuntu0.15 In general, a standard system update will make all the necessary changes. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8127 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8128 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8129 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8130 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9655 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1547 http://advisories.mageia.org/MGASA-2015-0112.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 2/X86_64: 17de6bd824adefbdae0ff3c563d63269 mbs2/x86_64/lib64tiff5-4.0.4-0.1.mbs2.x86_64.rpm f54719a7fc450ee6d6f755276d9e2724 mbs2/x86_64/lib64tiff-devel-4.0.4-0.1.mbs2.x86_64.rpm 919f8e9c688aa4341e3e5a0beec9d845 mbs2/x86_64/lib64tiff-static-devel-4.0.4-0.1.mbs2.x86_64.rpm f144bb33e2e10f9290851a5c8154660c mbs2/x86_64/libtiff-progs-4.0.4-0.1.mbs2.x86_64.rpm 74ddb4270be8dac262dce7cb8e33f2b6 mbs2/SRPMS/libtiff-4.0.4-0.1.mbs2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. It is called by numerous programs, including GNOME and KDE applications, to interpret TIFF images. Please review the CVE identifier and bug reports referenced for details. Workaround ========== There is no known workaround at this time. Resolution ========== All libTIFF users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/tiff-4.0.7" References ========== [ 1 ] CVE-2013-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4243 [ 2 ] CVE-2014-8127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8127 [ 3 ] CVE-2014-8128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8128 [ 4 ] CVE-2014-8129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8129 [ 5 ] CVE-2014-8130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8130 [ 6 ] CVE-2014-9330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9330 [ 7 ] CVE-2014-9655 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9655 [ 8 ] CVE-2015-1547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1547 [ 9 ] CVE-2015-7313 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7313 [ 10 ] CVE-2015-7554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7554 [ 11 ] CVE-2015-8665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8665 [ 12 ] CVE-2015-8668 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8668 [ 13 ] CVE-2015-8683 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8683 [ 14 ] CVE-2015-8781 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8781 [ 15 ] CVE-2015-8782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8782 [ 16 ] CVE-2015-8783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8783 [ 17 ] CVE-2015-8784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8784 [ 18 ] CVE-2016-3186 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3186 [ 19 ] CVE-2016-3619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3619 [ 20 ] CVE-2016-3620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3620 [ 21 ] CVE-2016-3621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3621 [ 22 ] CVE-2016-3622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3622 [ 23 ] CVE-2016-3623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3623 [ 24 ] CVE-2016-3624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3624 [ 25 ] CVE-2016-3625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3625 [ 26 ] CVE-2016-3631 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3631 [ 27 ] CVE-2016-3632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3632 [ 28 ] CVE-2016-3633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3633 [ 29 ] CVE-2016-3634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3634 [ 30 ] CVE-2016-3658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3658 [ 31 ] CVE-2016-3945 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3945 [ 32 ] CVE-2016-3990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3990 [ 33 ] CVE-2016-3991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3991 [ 34 ] CVE-2016-5102 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5102 [ 35 ] CVE-2016-5314 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5314 [ 36 ] CVE-2016-5315 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5315 [ 37 ] CVE-2016-5316 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5316 [ 38 ] CVE-2016-5317 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5317 [ 39 ] CVE-2016-5318 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5318 [ 40 ] CVE-2016-5319 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5319 [ 41 ] CVE-2016-5320 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5320 [ 42 ] CVE-2016-5321 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5321 [ 43 ] CVE-2016-5322 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5322 [ 44 ] CVE-2016-5323 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5323 [ 45 ] CVE-2016-5652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5652 [ 46 ] CVE-2016-5875 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5875 [ 47 ] CVE-2016-6223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6223 [ 48 ] CVE-2016-8331 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8331 [ 49 ] CVE-2016-9273 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9273 [ 50 ] CVE-2016-9297 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9297 [ 51 ] CVE-2016-9318 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9318 [ 52 ] CVE-2016-9448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9448 [ 53 ] CVE-2016-9453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9453 [ 54 ] CVE-2016-9532 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9532 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201701-16 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. License ======= Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 --WUa5dgL7FmU1aSF31hCrUKc2JiSevbqka-- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-06-30-1 iOS 8.4 iOS 8.4 is now available and addresses the following: Application Store Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious universal provisioning profile app may prevent apps from launching Description: An issue existed in the install logic for universal provisioning profile apps, which allowed a collision to occur with existing bundle IDs. CVE-ID CVE-2015-3722 : Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei from FireEye, Inc. CVE-ID CVE-2015-3710 : Aaron Sigel of vtty.com, Jan Soucek MobileInstallation Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious universal provisioning profile app can prevent a Watch app from launching Description: An issue existed in the install logic for universal provisioning profile apps on the Watch which allowed a collision to occur with existing bundle IDs. CVE-ID CVE-2015-3725 : Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei from FireEye, Inc. Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may compromise user information on the filesystem Description: A state management issue existed in Safari that allowed unprivileged origins to access contents on the filesystem. CVE-ID CVE-2015-1155 : Joe Vennix of Rapid7 Inc. CVE-ID CVE-2015-3726 : Matt Spisak of Endgame WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website by clicking a link may lead to user interface spoofing Description: An issue existed in the handling of the rel attribute in anchor elements. Target objects could get unauthorized access to link objects. CVE-ID CVE-2015-3659 : Peter Rutenbar working with HP's Zero Day Initiative WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted website can access the WebSQL databases of other websites Description: An issue existed in the authorization checks for renaming WebSQL tables which could have allowed a maliciously crafted website to access databases belonging to other websites. CVE-ID CVE-2015-3728 : Brian W. Gray of Carnegie Mellon University, Craig Young from TripWire Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. 6) - i386, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005 OS X Yosemite v10.10.4 and Security Update 2015-005 are now available and address the following: Admin Framework Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A process may gain admin privileges without proper authentication Description: An issue existed when checking XPC entitlements. This issue was addressed through improved entitlement checking. CVE-ID CVE-2015-3671 : Emil Kvarnhammar at TrueSec Admin Framework Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A non-admin user may obtain admin rights Description: An issue existed in the handling of user authentication. This issue was addressed through improved error checking. CVE-ID CVE-2015-3672 : Emil Kvarnhammar at TrueSec Admin Framework Available for: OS X Yosemite v10.10 to v10.10.3 Impact: An attacker may abuse Directory Utility to gain root privileges Description: Directory Utility was able to be moved and modified to achieve code execution within an entitled process. This issue was addressed by limiting the disk location that writeconfig clients may be executed from. CVE-ID CVE-2015-3673 : Patrick Wardle of Synack, Emil Kvarnhammar at TrueSec afpserver Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the AFP server. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3674 : Dean Jerkovich of NCC Group apache Available for: OS X Yosemite v10.10 to v10.10.3 Impact: An attacker may be able to access directories that are protected with HTTP authentication without knowing the correct credentials Description: The default Apache configuration did not include mod_hfs_apple. If Apache was manually enabled and the configuration was not changed, some files that should not be accessible might have been accessible using a specially crafted URL. This issue was addressed by enabling mod_hfs_apple. CVE-ID CVE-2015-3675 : Apple apache Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Multiple vulnerabilities exist in PHP, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.24 and 5.4.40. These were addressed by updating PHP to versions 5.5.24 and 5.4.40. CVE-ID CVE-2015-0235 CVE-2015-0273 AppleGraphicsControl Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in AppleGraphicsControl which could have led to the disclosure of kernel memory layout. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-3676 : Chen Liang of KEEN Team AppleFSCompression Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in LZVN compression that could have led to the disclosure of kernel memory content. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3677 : an anonymous researcher working with HP's Zero Day Initiative AppleThunderboltEDMService Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the handling of certain Thunderbolt commands from local processes. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3678 : Apple ATS Available for: OS X Yosemite v10.10 to v10.10.3 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in handling of certain fonts. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3679 : Pawel Wylecial working with HP's Zero Day Initiative CVE-2015-3680 : Pawel Wylecial working with HP's Zero Day Initiative CVE-2015-3681 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3682 : Nuode Wei Bluetooth Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the Bluetooth HCI interface. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3683 : Roberto Paleari and Aristide Fattori of Emaze Networks Certificate Trust Policy Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: An attacker with a privileged network position may be able to intercept network traffic Description: An intermediate certificate was incorrectly issued by the certificate authority CNNIC. This issue was addressed through the addition of a mechanism to trust only a subset of certificates issued prior to the mis-issuance of the intermediate. Further details are available at https://support.apple.com/en-us/HT204938 Certificate Trust Policy Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/en- us/HT202858. CFNetwork HTTPAuthentication Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Following a maliciously crafted URL may lead to arbitrary code execution Description: A memory corruption issue existed in handling of certain URL credentials. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3684 : Apple CoreText Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Processing a maliciously crafted text file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the processing of text files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-1157 CVE-2015-3685 : Apple CVE-2015-3686 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3687 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3688 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3689 : Apple coreTLS Available for: OS X Yosemite v10.10 to v10.10.3 Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: coreTLS accepted short ephemeral Diffie-Hellman (DH) keys, as used in export-strength ephemeral DH cipher suites. This issue, also known as Logjam, allowed an attacker with a privileged network position to downgrade security to 512-bit DH if the server supported an export-strength ephemeral DH cipher suite. The issue was addressed by increasing the default minimum size allowed for DH ephemeral keys to 768 bits. CVE-ID CVE-2015-4000 : The weakdh team at weakdh.org, Hanno Boeck DiskImages Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to determine kernel memory layout Description: An information disclosure issue existed in the processing of disk images. This issue was addressed through improved memory management. CVE-ID CVE-2015-3690 : Peter Rutenbar working with HP's Zero Day Initiative Display Drivers Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An issue existed in the Monitor Control Command Set kernel extension by which a userland process could control the value of a function pointer within the kernel. The issue was addressed by removing the affected interface. CVE-ID CVE-2015-3691 : Roberto Paleari and Aristide Fattori of Emaze Networks EFI Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application with root privileges may be able to modify EFI flash memory Description: An insufficient locking issue existed with EFI flash when resuming from sleep states. This issue was addressed through improved locking. CVE-ID CVE-2015-3692 : Trammell Hudson of Two Sigma Investments, Xeno Kovah and Corey Kallenberg of LegbaCore LLC, Pedro Vilaca EFI Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may induce memory corruption to escalate privileges Description: A disturbance error, also known as Rowhammer, exists with some DDR3 RAM that could have led to memory corruption. This issue was mitigated by increasing memory refresh rates. CVE-ID CVE-2015-3693 : Mark Seaborn and Thomas Dullien of Google, working from original research by Yoongu Kim et al (2014) FontParser Available for: OS X Yosemite v10.10 to v10.10.3 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-3694 : John Villamil (@day6reak), Yahoo Pentest Team Graphics Driver Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out of bounds write issue existed in NVIDIA graphics driver. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-3712 : Ian Beer of Google Project Zero Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Multiple buffer overflow issues exist in the Intel graphics driver, the most serious of which may lead to arbitrary code execution with system privileges Description: Multiple buffer overflow issues existed in the Intel graphics driver. These were addressed through additional bounds checks. CVE-ID CVE-2015-3695 : Ian Beer of Google Project Zero CVE-2015-3696 : Ian Beer of Google Project Zero CVE-2015-3697 : Ian Beer of Google Project Zero CVE-2015-3698 : Ian Beer of Google Project Zero CVE-2015-3699 : Ian Beer of Google Project Zero CVE-2015-3700 : Ian Beer of Google Project Zero CVE-2015-3701 : Ian Beer of Google Project Zero CVE-2015-3702 : KEEN Team ImageIO Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Multiple vulnerabilities existed in libtiff, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libtiff versions prior to 4.0.4. They were addressed by updating libtiff to version 4.0.4. CVE-ID CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130 ImageIO Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Processing a maliciously crafted .tiff file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of .tiff files. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-3703 : Apple Install Framework Legacy Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Several issues existed in how Install.framework's 'runner' setuid binary dropped privileges. This was addressed by properly dropping privileges. CVE-ID CVE-2015-3704 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues existed in IOAcceleratorFamily. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3705 : KEEN Team CVE-2015-3706 : KEEN Team IOFireWireFamily Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple null pointer dereference issues existed in the FireWire driver. These issues were addressed through improved error checking. CVE-ID CVE-2015-3707 : Roberto Paleari and Aristide Fattori of Emaze Networks Kernel Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to determine kernel memory layout Description: A memory management issue existed in the handling of APIs related to kernel extensions which could have led to the disclosure of kernel memory layout. This issue was addressed through improved memory management. CVE-ID CVE-2015-3720 : Stefan Esser Kernel Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to determine kernel memory layout Description: A memory management issue existed in the handling of HFS parameters which could have led to the disclosure of kernel memory layout. This issue was addressed through improved memory management. CVE-ID CVE-2015-3721 : Ian Beer of Google Project Zero kext tools Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to overwrite arbitrary files Description: kextd followed symbolic links while creating a new file. This issue was addressed through improved handling of symbolic links. CVE-ID CVE-2015-3708 : Ian Beer of Google Project Zero kext tools Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A local user may be able to load unsigned kernel extensions Description: A time-of-check time-of-use (TOCTOU) race condition condition existed while validating the paths of kernel extensions. This issue was addressed through improved checks to validate the path of the kernel extensions. CVE-ID CVE-2015-3709 : Ian Beer of Google Project Zero Mail Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A maliciously crafted email can replace the message content with an arbitrary webpage when the message is viewed Description: An issue existed in the support for HTML email which allowed message content to be refreshed with an arbitrary webpage. The issue was addressed through restricted support for HTML content. CVE-ID CVE-2015-3710 : Aaron Sigel of vtty.com, Jan Soucek ntfs Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in NTFS that could have led to the disclosure of kernel memory content. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3711 : Peter Rutenbar working with HP's Zero Day Initiative ntp Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: An attacker in a privileged position may be able to perform a denial of service attack against two ntp clients Description: Multiple issues existed in the authentication of ntp packets being received by configured end-points. These issues were addressed through improved connection state management. CVE-ID CVE-2015-1798 CVE-2015-1799 OpenSSL Available for: OS X Yosemite v10.10 to v10.10.3 Impact: Multiple issues exist in OpenSSL, including one that may allow an attacker to intercept connections to a server that supports export-grade ciphers Description: Multiple issues existed in OpenSSL 0.9.8zd which were addressed by updating OpenSSL to version 0.9.8zf. CVE-ID CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0293 QuickTime Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Processing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3661 : G. Geshev working with HP's Zero Day Initiative CVE-2015-3662 : kdot working with HP's Zero Day Initiative CVE-2015-3663 : kdot working with HP's Zero Day Initiative CVE-2015-3666 : Steven Seeley of Source Incite working with HP's Zero Day Initiative CVE-2015-3667 : Ryan Pentney, Richard Johnson of Cisco Talos and Kai Lu of Fortinet's FortiGuard Labs, Ryan Pentney, and Richard Johnson of Cisco Talos and Kai Lu of Fortinet's FortiGuard Labs CVE-2015-3668 : Kai Lu of Fortinet's FortiGuard Labs CVE-2015-3713 : Apple Security Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the Security framework code for parsing S/MIME e-mail and some other signed or encrypted objects. This issue was addressed through improved validity checking. CVE-ID CVE-2013-1741 Security Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Tampered applications may not be prevented from launching Description: Apps using custom resource rules may have been susceptible to tampering that would not have invalidated the signature. This issue was addressed with improved resource validation. CVE-ID CVE-2015-3714 : Joshua Pitts of Leviathan Security Group Security Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to bypass code signing checks Description: An issue existed where code signing did not verify libraries loaded outside the application bundle. This issue was addressed with improved bundle verification. CVE-ID CVE-2015-3715 : Patrick Wardle of Synack Spotlight Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Searching for a malicious file with Spotlight may lead to command injection Description: A command injection vulnerability existed in the handling of filenames of photos added to the local photo library. This issue was addressed through improved input validation. CVE-ID CVE-2015-3716 : Apple SQLite Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: Multiple buffer overflows existed in SQLite's printf implementation. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-3717 : Peter Rutenbar working with HP's Zero Day Initiative System Stats Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious app may be able to compromise systemstatsd Description: A type confusion issue existed in systemstatsd's handling of interprocess communication. By sending a maliciously formatted message to systemstatsd, it may have been possible to execute arbitrary code as the systemstatsd process. The issue was addressed through additional type checking. CVE-ID CVE-2015-3718 : Roberto Paleari and Aristide Fattori of Emaze Networks TrueTypeScaler Available for: OS X Yosemite v10.10 to v10.10.3 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-3719 : John Villamil (@day6reak), Yahoo Pentest Team zip Available for: OS X Yosemite v10.10 to v10.10.3 Impact: Extracting a maliciously crafted zip file using the unzip tool may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the handling of zip files. These issues were addressed through improved memory handling. CVE-ID CVE-2014-8139 CVE-2014-8140 CVE-2014-8141 OS X Yosemite 10.10.4 includes the security content of Safari 8.0.7. https://support.apple.com/en-us/HT204950 OS X Yosemite 10.10.4 and Security Update 2015-005 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVksFmAAoJEBcWfLTuOo7tV1AQAIYpkOMpHp181b+70sgyZ/Ue mFM527FFGDfLLuIW6LTcBsEFe9cfZxumB8eOFPirTNRK7krsVMo1W+faHXyWOnx7 kbWylHdhaoxnX+A6Gj0vP71V6TNNsTi9+2dmdmHUnwxZ7Ws5QCNKebumUG3MMXXo EKxE5SNSNKyMSSYmliS26cdl8fWrmg9qTxiZQnxjOCrg/CNAolgVIRRfdMUL7i4w aGAyrlJXOxFOuNkqdHX2luccuHFV7aW/dIXQ4MyjiRNl/bWrBQmQlneLLpPdFZlH cMfGa2/baaNaCbU/GqhNKbO4fKYVaqQWzfUrtqX0+bRv2wmOq33ARy9KE23bYTvL U4E9x9z87LsLXGAdjUi6MDe5g87DcmwIEigfF6/EHbDYa/2VvSdIa74XRv/JCN1+ aftHLotin76h4qV/dCAPf5J/Fr/1KFCM0IphhG7p+7fVTfyy7YDXNBiKCEZzLf8U TUWLUCgQhobtakqwzQJ5qyF8u63xzVXj8oeTOw6iiY/BLlj9def5LMm/z6ZKGTyC 3c4+Sy5XvBHZoeiwdcndTVpnFbmmjZRdeqtdW/zX5mHnxXPa3lZiGoBDhHQgIg6J 1tTVtnO1JSLXVYDR6Evx1EH10Vgkt2wAGTLjljSLwtckoEqc78qMAT1G5U4nFffI +gGm5FbAxjxElgA/gbaq =KLda -----END PGP SIGNATURE-----

Trust: 2.7

sources: NVD: CVE-2014-8130 // JVNDB: JVNDB-2014-008536 // BID: 72353 // VULHUB: VHN-76075 // VULMON: CVE-2014-8130 // PACKETSTORM: 138137 // PACKETSTORM: 131226 // PACKETSTORM: 131177 // PACKETSTORM: 140402 // PACKETSTORM: 132517 // PACKETSTORM: 138138 // PACKETSTORM: 132518

AFFECTED PRODUCTS

vendor:libtiffmodel:libtiffscope:eqversion:4.0.3

Trust: 2.1

vendor:applemodel:mac os xscope:eqversion:10.10.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.10.0

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.8.5

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.9.5

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.10.3

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.10.2

Trust: 1.6

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:*

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.2

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.3

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:7.0

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:7.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.2

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.3

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.4

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:7.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.2

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.3

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.4

Trust: 1.0

vendor:applemodel:mac os xscope: - version: -

Trust: 0.8

vendor:applemodel:iosscope: - version: -

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope: - version: -

Trust: 0.8

vendor:red hatmodel:enterprise linux serverscope: - version: -

Trust: 0.8

vendor:red hatmodel:enterprise linux server ausscope: - version: -

Trust: 0.8

vendor:red hatmodel:enterprise linux server eusscope: - version: -

Trust: 0.8

vendor:red hatmodel:enterprise linux server tusscope: - version: -

Trust: 0.8

vendor:red hatmodel:enterprise linux workstationscope: - version: -

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:iphone

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:ipad2

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:ipodtouch

Trust: 0.6

vendor:applemodel:iosscope:eqversion:8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7

Trust: 0.3

vendor:oraclemodel:linuxscope:eqversion:7.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:ibmmodel:powerkvmscope:eqversion:2.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:2.3.0

Trust: 0.3

vendor:oraclemodel:vm server forscope:eqversion:x863.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:3.1.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:ibmmodel:powerkvmscope:eqversion:3.1

Trust: 0.3

vendor:mandrivamodel:business serverscope:eqversion:1x8664

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.2

Trust: 0.3

vendor:applemodel:ios betascope:eqversion:8.1.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.24

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.04

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.1

Trust: 0.3

vendor:applemodel:ios betascope:eqversion:64

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.3

Trust: 0.3

vendor:applemodel:iosscope:neversion:8.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fiscope:eqversion:2.2.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.10.4

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.04

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.22

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.36

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1

Trust: 0.3

vendor:mandrivamodel:business serverscope:eqversion:1

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:10.04

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.2

Trust: 0.3

vendor:ubuntumodel:linux ltsscope:eqversion:14.04

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.4

Trust: 0.3

vendor:oraclemodel:linuxscope:eqversion:6.0

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:applemodel:ios betascope:eqversion:4.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.04

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:2.4.0

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.34

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.26

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.1

Trust: 0.3

vendor:ubuntumodel:linuxscope:eqversion:14.10

Trust: 0.3

vendor:applemodel:ios for developerscope:eqversion:6

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fiscope:eqversion:2.4.0.4

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:2.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.21

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:3.2.0.4

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:oraclemodel:vm server forscope:eqversion:x863.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.31

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fiscope:eqversion:2.3.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.2.0.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.1

Trust: 0.3

sources: BID: 72353 // JVNDB: JVNDB-2014-008536 // CNNVD: CNNVD-201501-711 // NVD: CVE-2014-8130

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-8130
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-8130
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201501-711
value: MEDIUM

Trust: 0.6

VULHUB: VHN-76075
value: MEDIUM

Trust: 0.1

VULMON: CVE-2014-8130
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-8130
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-76075
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2014-8130
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-76075 // VULMON: CVE-2014-8130 // JVNDB: JVNDB-2014-008536 // CNNVD: CNNVD-201501-711 // NVD: CVE-2014-8130

PROBLEMTYPE DATA

problemtype:CWE-369

Trust: 1.9

sources: VULHUB: VHN-76075 // JVNDB: JVNDB-2014-008536 // NVD: CVE-2014-8130

THREAT TYPE

remote

Trust: 0.9

sources: PACKETSTORM: 138137 // PACKETSTORM: 131226 // PACKETSTORM: 138138 // CNNVD: CNNVD-201501-711

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201501-711

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-008536

PATCH

title:HT204941url:https://support.apple.com/en-us/HT204941

Trust: 0.8

title:HT204942url:https://support.apple.com/en-us/HT204942

Trust: 0.8

title:HT204941url:https://support.apple.com/ja-jp/HT204941

Trust: 0.8

title:HT204942url:https://support.apple.com/ja-jp/HT204942

Trust: 0.8

title:* libtiff/tif_{unix,vms,win32}.c (_TIFFmalloc):url:https://github.com/vadz/libtiff/commit/3c5eb8b1be544e41d2c336191bc4936300ad7543

Trust: 0.8

title:Bug 1185817url:https://bugzilla.redhat.com/show_bug.cgi?id=1185817

Trust: 0.8

title:RHSA-2016:1546url:http://rhn.redhat.com/errata/RHSA-2016-1546.html

Trust: 0.8

title:RHSA-2016:1547url:http://rhn.redhat.com/errata/RHSA-2016-1547.html

Trust: 0.8

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2014-8130

Trust: 0.1

title:Ubuntu Security Notice: tiff vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2553-1

Trust: 0.1

title:Ubuntu Security Notice: tiff regressionurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2553-2

Trust: 0.1

title:Debian CVElist Bug Report Logs: tiff: CVE-2014-8127 CVE-2014-8128 CVE-2014-8130url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=b9d749356a17e64ae08267d2b44915c1

Trust: 0.1

title:Apple: OS X Yosemite v10.10.4 and Security Update 2015-005url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=50398602701d671602946005c7864211

Trust: 0.1

title:Amazon Linux AMI: ALAS-2016-733url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2016-733

Trust: 0.1

title:Arch Linux Advisories: [ASA-201611-26] libtiff: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201611-26

Trust: 0.1

title:Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins&qid=6c15273f6bf4a785175f27073b98a1ce

Trust: 0.1

title:Arch Linux Advisories: [ASA-201611-27] lib32-libtiff: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201611-27

Trust: 0.1

title:Oracle Linux Bulletins: Oracle Linux Bulletin - July 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=0bd8c924b56aac98dda0f5b45f425f38

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=6283337cd31f81f24d445925f2138c0e

Trust: 0.1

title:afl-cveurl:https://github.com/mrash/afl-cve

Trust: 0.1

sources: VULMON: CVE-2014-8130 // JVNDB: JVNDB-2014-008536

EXTERNAL IDS

db:NVDid:CVE-2014-8130

Trust: 3.6

db:BIDid:72353

Trust: 2.1

db:OPENWALLid:OSS-SECURITY/2015/01/24/15

Trust: 1.8

db:SECTRACKid:1032760

Trust: 1.2

db:JVNDBid:JVNDB-2014-008536

Trust: 0.8

db:CNNVDid:CNNVD-201501-711

Trust: 0.7

db:NSFOCUSid:29124

Trust: 0.6

db:PACKETSTORMid:131257

Trust: 0.1

db:VULHUBid:VHN-76075

Trust: 0.1

db:VULMONid:CVE-2014-8130

Trust: 0.1

db:PACKETSTORMid:138137

Trust: 0.1

db:PACKETSTORMid:131226

Trust: 0.1

db:PACKETSTORMid:131177

Trust: 0.1

db:PACKETSTORMid:140402

Trust: 0.1

db:PACKETSTORMid:132517

Trust: 0.1

db:PACKETSTORMid:138138

Trust: 0.1

db:PACKETSTORMid:132518

Trust: 0.1

sources: VULHUB: VHN-76075 // VULMON: CVE-2014-8130 // BID: 72353 // JVNDB: JVNDB-2014-008536 // PACKETSTORM: 138137 // PACKETSTORM: 131226 // PACKETSTORM: 131177 // PACKETSTORM: 140402 // PACKETSTORM: 132517 // PACKETSTORM: 138138 // PACKETSTORM: 132518 // CNNVD: CNNVD-201501-711 // NVD: CVE-2014-8130

REFERENCES

url:http://bugzilla.maptools.org/show_bug.cgi?id=2483

Trust: 2.9

url:http://www.conostix.com/pub/adv/cve-2014-8130-libtiff-division_by_zero.txt

Trust: 2.1

url:http://www.securityfocus.com/bid/72353

Trust: 1.9

url:http://lists.apple.com/archives/security-announce/2015/jun/msg00001.html

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html

Trust: 1.8

url:http://openwall.com/lists/oss-security/2015/01/24/15

Trust: 1.8

url:http://support.apple.com/kb/ht204941

Trust: 1.8

url:http://support.apple.com/kb/ht204942

Trust: 1.8

url:https://bugzilla.redhat.com/show_bug.cgi?id=1185817

Trust: 1.8

url:https://github.com/vadz/libtiff/commit/3c5eb8b1be544e41d2c336191bc4936300ad7543

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2014-8130

Trust: 1.5

url:https://security.gentoo.org/glsa/201701-16

Trust: 1.3

url:http://rhn.redhat.com/errata/rhsa-2016-1546.html

Trust: 1.3

url:http://rhn.redhat.com/errata/rhsa-2016-1547.html

Trust: 1.3

url:http://www.securitytracker.com/id/1032760

Trust: 1.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8130

Trust: 0.9

url:https://nvd.nist.gov/vuln/detail/cve-2014-8127

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2014-8129

Trust: 0.7

url:http://www.nsfocus.net/vulndb/29124

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2014-9655

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2014-8128

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2014-9330

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2015-1547

Trust: 0.4

url:http://www.libtiff.org/

Trust: 0.3

url:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1024132

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1024193

Trust: 0.3

url:http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-3632

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-8668

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-8783

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-7554

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-8665

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-8782

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-8781

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-8784

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-8683

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2014-8129

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2014-9330

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-3991

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-8665

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-8683

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-3632

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-3945

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-8782

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-3945

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2014-8127

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-8784

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-8781

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-5320

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2014-9655

Trust: 0.2

url:https://bugzilla.redhat.com/):

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-5320

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-3990

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-3991

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-8783

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2014-8130

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-1547

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-3990

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-7554

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-8668

Trust: 0.2

url:https://support.apple.com/en-us/ht204938

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2013-1741

Trust: 0.2

url:https://support.apple.com/en-

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-1157

Trust: 0.2

url:https://www.apple.com/support/security/pgp/

Trust: 0.2

url:https://support.apple.com/kb/ht1222

Trust: 0.2

url:http://gpgtools.org

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/369.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://security.archlinux.org/cve-2014-8130

Trust: 0.1

url:https://usn.ubuntu.com/2553-1/

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=39581

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/tiff/3.9.2-2ubuntu0.15

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/tiff/4.0.3-7ubuntu0.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/tiff/3.9.5-2ubuntu1.7

Trust: 0.1

url:http://www.ubuntu.com/usn/usn-2553-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/tiff/4.0.3-10ubuntu0.1

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8127

Trust: 0.1

url:http://advisories.mageia.org/mgasa-2015-0112.html

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8129

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8128

Trust: 0.1

url:http://www.mandriva.com/en/support/security/

Trust: 0.1

url:http://www.mandriva.com/en/support/security/advisories/

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9655

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1547

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-3625

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6223

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7313

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3990

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5319

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8127

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3619

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3634

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5321

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8783

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9655

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-3633

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8782

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3632

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7554

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5875

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9318

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-3622

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3631

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8784

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-3624

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3623

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5314

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-8331

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3624

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-4243

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1547

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5317

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-3621

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-3631

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9330

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9297

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-3620

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9453

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3620

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9273

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8129

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8128

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5316

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5652

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3991

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3621

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8781

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-3186

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-3623

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9448

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5315

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3186

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3622

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5102

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3658

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5323

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8130

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5322

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3625

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8665

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5318

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3945

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-3619

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3633

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8668

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5320

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8683

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7313

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9532

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4243

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3684

Trust: 0.1

url:https://www.apple.com/itunes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3687

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3719

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3658

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3724

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3685

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3703

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3688

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1155

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1153

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3686

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3721

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3659

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3723

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3690

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3689

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3710

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1152

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1156

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3717

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3722

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3694

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0288

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0287

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3673

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-8141

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-8140

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0235

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3672

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0209

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0289

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3661

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3671

Trust: 0.1

url:http://www.apple.com/support/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-8139

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3662

Trust: 0.1

url:https://support.apple.com/en-us/ht204950

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3663

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3668

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0293

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1799

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0273

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3666

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0286

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1798

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3667

Trust: 0.1

sources: VULHUB: VHN-76075 // VULMON: CVE-2014-8130 // BID: 72353 // JVNDB: JVNDB-2014-008536 // PACKETSTORM: 138137 // PACKETSTORM: 131226 // PACKETSTORM: 131177 // PACKETSTORM: 140402 // PACKETSTORM: 132517 // PACKETSTORM: 138138 // PACKETSTORM: 132518 // CNNVD: CNNVD-201501-711 // NVD: CVE-2014-8130

CREDITS

William Robinet and american fuzzy lop

Trust: 0.9

sources: BID: 72353 // CNNVD: CNNVD-201501-711

SOURCES

db:VULHUBid:VHN-76075
db:VULMONid:CVE-2014-8130
db:BIDid:72353
db:JVNDBid:JVNDB-2014-008536
db:PACKETSTORMid:138137
db:PACKETSTORMid:131226
db:PACKETSTORMid:131177
db:PACKETSTORMid:140402
db:PACKETSTORMid:132517
db:PACKETSTORMid:138138
db:PACKETSTORMid:132518
db:CNNVDid:CNNVD-201501-711
db:NVDid:CVE-2014-8130

LAST UPDATE DATE

2024-12-20T21:48:30.940000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-76075date:2018-04-05T00:00:00
db:VULMONid:CVE-2014-8130date:2018-04-05T00:00:00
db:BIDid:72353date:2016-09-28T01:01:00
db:JVNDBid:JVNDB-2014-008536date:2018-04-24T00:00:00
db:CNNVDid:CNNVD-201501-711date:2018-12-07T00:00:00
db:NVDid:CVE-2014-8130date:2024-11-21T02:18:37.203

SOURCES RELEASE DATE

db:VULHUBid:VHN-76075date:2018-03-12T00:00:00
db:VULMONid:CVE-2014-8130date:2018-03-12T00:00:00
db:BIDid:72353date:2015-01-24T00:00:00
db:JVNDBid:JVNDB-2014-008536date:2018-04-24T00:00:00
db:PACKETSTORMid:138137date:2016-08-02T23:00:03
db:PACKETSTORMid:131226date:2015-04-01T00:37:57
db:PACKETSTORMid:131177date:2015-03-30T23:09:44
db:PACKETSTORMid:140402date:2017-01-09T19:12:35
db:PACKETSTORMid:132517date:2015-07-01T03:28:44
db:PACKETSTORMid:138138date:2016-08-02T23:00:12
db:PACKETSTORMid:132518date:2015-07-01T05:31:53
db:CNNVDid:CNNVD-201501-711date:2015-01-30T00:00:00
db:NVDid:CVE-2014-8130date:2018-03-12T02:29:00.307