LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image.
[
{
"product": "LibTIFF",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "prior to 4.0.4"
}
]
}
]
lists.apple.com/archives/security-announce/2015/Jun/msg00001.html
lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
openwall.com/lists/oss-security/2015/01/24/15
support.apple.com/kb/HT204941
support.apple.com/kb/HT204942
www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt
bugzilla.redhat.com/show_bug.cgi?id=1185812