1185817 – (CVE-2014-8130) CVE-2014-8130 libtiff: divide by zero in the tiffdither tool

Bug 1185817 (CVE-2014-8130) - CVE-2014-8130 libtiff: divide by zero in the tiffdither tool

Summary: CVE-2014-8130 libtiff: divide by zero in the tiffdither tool

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2014-8130
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1299918 1299919 1299920 1299921 1335098 1335099
Blocks:	1174883
TreeView+	depends on / blocked

Reported:	2015-01-26 11:13 UTC by Vasyl Kaigorodov
Modified:	2021-02-17 05:44 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-06-08 02:38:30 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2016:1546	0	normal	SHIPPED_LIVE	Important: libtiff security update	2016-08-02 20:59:03 UTC
Red Hat Product Errata	RHSA-2016:1547	0	normal	SHIPPED_LIVE	Important: libtiff security update	2016-08-02 20:39:45 UTC

Description Vasyl Kaigorodov 2015-01-26 11:13:10 UTC

Divide by zero was reported in the libtiff tiffdither tool:

- CVE-2014-8130 libtiff: Divide By Zero in the tiffdither tool
  http://bugzilla.maptools.org/show_bug.cgi?id=2483

The above upstream bug was fixed by one of the commits that fix CVE-2014-8127 / CVE-2014-8128 / CVE-2014-8129

Comment 1 Siddharth Sharma 2015-03-26 06:58:52 UTC

Patch
=====

https://github.com/vadz/libtiff/commit/3c5eb8b1be544e41d2c336191bc4936300ad7543


libtiff/tif_unix.c
 @@ -257,6 +257,9 @@ TIFFOpenW(const wchar_t* name, const char* mode)
 void*
 _TIFFmalloc(tmsize_t s)
 {
+        if (s == 0)
+                return ((void *) NULL);
+
 	return (malloc((size_t) s));
 }
 
above patch seems to suppresses this flaw

Comment 2 Siddharth Sharma 2015-06-01 11:56:57 UTC

Statement:

Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw in libtiff.

Comment 7 errata-xmlrpc 2016-08-02 16:40:29 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2016:1547 https://rhn.redhat.com/errata/RHSA-2016-1547.html

Comment 8 errata-xmlrpc 2016-08-02 16:59:36 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:1546 https://rhn.redhat.com/errata/RHSA-2016-1546.html

Note You need to log in before you can comment on or make changes to this bug.