LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8128
Reference (s):
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
- http://openwall.com/lists/oss-security/2015/01/24/15
- http://support.apple.com/kb/HT204941
- http://support.apple.com/kb/HT204942