Nixpkgs security tracker

Untriaged

Permalink CVE-2014-8128

created 1 month, 3 weeks ago

LibTIFF prior to 4.0.4, as used in Apple iOS before …

LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image.

References

http://www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt x_refsource_MISC
http://openwall.com/lists/oss-security/2015/01/24/15 x_refsource_MISC
http://support.apple.com/kb/HT204941 x_refsource_MISC
http://support.apple.com/kb/HT204942 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1185812 x_refsource_MISC
http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html x_refsource_MISC
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html x_refsource_MISC
http://www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt x_transferredx_refsource_MISC
http://openwall.com/lists/oss-security/2015/01/24/15 x_transferredx_refsource_MISC
http://support.apple.com/kb/HT204941 x_transferredx_refsource_MISC
http://support.apple.com/kb/HT204942 x_transferredx_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1185812 x_transferredx_refsource_MISC
http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html x_transferredx_refsource_MISC
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html x_transferredx_refsource_MISC
http://www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt x_refsource_MISC
http://openwall.com/lists/oss-security/2015/01/24/15 x_refsource_MISC
http://support.apple.com/kb/HT204941 x_refsource_MISC
http://support.apple.com/kb/HT204942 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1185812 x_refsource_MISC
http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html x_refsource_MISC
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html x_refsource_MISC
http://www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt x_transferredx_refsource_MISC
http://openwall.com/lists/oss-security/2015/01/24/15 x_transferredx_refsource_MISC
http://support.apple.com/kb/HT204941 x_transferredx_refsource_MISC
http://support.apple.com/kb/HT204942 x_transferredx_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1185812 x_transferredx_refsource_MISC
http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html x_transferredx_refsource_MISC
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html x_transferredx_refsource_MISC
http://www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt x_refsource_MISC
http://openwall.com/lists/oss-security/2015/01/24/15 x_refsource_MISC
http://support.apple.com/kb/HT204941 x_refsource_MISC
http://support.apple.com/kb/HT204942 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1185812 x_refsource_MISC
http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html x_refsource_MISC
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html x_refsource_MISC
http://www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt x_transferredx_refsource_MISC
http://openwall.com/lists/oss-security/2015/01/24/15 x_transferredx_refsource_MISC
http://support.apple.com/kb/HT204941 x_transferredx_refsource_MISC
http://support.apple.com/kb/HT204942 x_transferredx_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1185812 x_transferredx_refsource_MISC
http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html x_transferredx_refsource_MISC
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html x_transferredx_refsource_MISC

Affected products

LibTIFF

==prior to 4.0.4

Matching in nixpkgs

pkgs.libtiff

Library and utilities for working with the TIFF image file format

nixos-unstable 4.7.1
- nixpkgs-unstable 4.7.1
- nixos-unstable-small 4.7.1
nixos-25.11 4.7.1
- nixos-25.11-small 4.7.1
- nixpkgs-25.11-darwin 4.7.1

Package maintainers

@nialov Nikolas Ovaskainen <nikolasovaskainen@gmail.com>
@nh2 Niklas Hambüchen <mail@nh2.me>
@l0b0 Victor Engmark <victor@engmark.name>
@willcohen Will Cohen
@imincik Ivan Mincik <ivan.mincik@gmail.com>
@sikmir Nikolay Korotkiy <sikmir@disroot.org>
@autra Augustin Trancart <augustin.trancart@gmail.com>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.libtiff

Package maintainers