Lucene search

K
ubuntucveUbuntu.comUB:CVE-2014-8128
HistoryDec 31, 2014 - 12:00 a.m.

CVE-2014-8128

2014-12-3100:00:00
ubuntu.com
ubuntu.com
16

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.011

Percentile

84.4%

LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before
10.10.4 and other products, allows remote attackers to cause a denial of
service (out-of-bounds write) via a crafted TIFF image.

Bugs

Notes

Author Note
mdeslaur bug 2499 is in Debian patch called CVE-2014-8128-5.patch CVE-2014-8128-5.patch caused a regression and was backed out of USN-2553-2. See LP: #1439186
OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchtiff< 3.9.2-2ubuntu0.15UNKNOWN
ubuntu12.04noarchtiff< 3.9.5-2ubuntu1.7UNKNOWN
ubuntu14.04noarchtiff< 4.0.3-7ubuntu0.2UNKNOWN
ubuntu14.10noarchtiff< 4.0.3-10ubuntu0.1UNKNOWN

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.011

Percentile

84.4%