Bug 1185817 (CVE-2014-8130) - CVE-2014-8130 libtiff: divide by zero in the tiffdither tool
Summary: CVE-2014-8130 libtiff: divide by zero in the tiffdither tool
Status: CLOSED ERRATA
Alias: CVE-2014-8130
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=low,public=20141207,reported=2...
Keywords: Security
Depends On: 1299918 1299919 1299920 1299921 1335098 1335099
Blocks: 1174883
TreeView+ depends on / blocked
 
Reported: 2015-01-26 11:13 UTC by Vasyl Kaigorodov
Modified: 2019-06-08 20:23 UTC (History)
3 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2019-06-08 02:38:30 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:1546 normal SHIPPED_LIVE Important: libtiff security update 2016-08-02 20:59:03 UTC
Red Hat Product Errata RHSA-2016:1547 normal SHIPPED_LIVE Important: libtiff security update 2016-08-02 20:39:45 UTC

Description Vasyl Kaigorodov 2015-01-26 11:13:10 UTC
Divide by zero was reported in the libtiff tiffdither tool:

- CVE-2014-8130 libtiff: Divide By Zero in the tiffdither tool
  http://bugzilla.maptools.org/show_bug.cgi?id=2483

The above upstream bug was fixed by one of the commits that fix CVE-2014-8127 / CVE-2014-8128 / CVE-2014-8129

Comment 1 Siddharth Sharma 2015-03-26 06:58:52 UTC
Patch
=====

https://github.com/vadz/libtiff/commit/3c5eb8b1be544e41d2c336191bc4936300ad7543


libtiff/tif_unix.c
 @@ -257,6 +257,9 @@ TIFFOpenW(const wchar_t* name, const char* mode)
 void*
 _TIFFmalloc(tmsize_t s)
 {
+        if (s == 0)
+                return ((void *) NULL);
+
 	return (malloc((size_t) s));
 }
 
above patch seems to suppresses this flaw

Comment 2 Siddharth Sharma 2015-06-01 11:56:57 UTC
Statement:

Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw in libtiff.

Comment 7 errata-xmlrpc 2016-08-02 16:40:29 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2016:1547 https://rhn.redhat.com/errata/RHSA-2016-1547.html

Comment 8 errata-xmlrpc 2016-08-02 16:59:36 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:1546 https://rhn.redhat.com/errata/RHSA-2016-1546.html


Note You need to log in before you can comment on or make changes to this bug.