Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS-2014-307

Related Vulnerabilities: CVE-2010-2596   CVE-2013-1960   CVE-2013-1961   CVE-2013-4231   CVE-2013-4232   CVE-2013-4243   CVE-2013-4244  

A heap-based buffer overflow and a use-after-free flaw were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. (CVE-2013-1960, CVE-2013-4232) Multiple buffer overflow flaws were found in the gif2tiff tool. An attacker could use these flaws to create a specially crafted GIF file that could cause gif2tiff to crash or, possibly, execute arbitrary code. (CVE-2013-4231, CVE-2013-4243, CVE-2013-4244) A flaw was found in the way libtiff handled OJPEG-encoded TIFF images. An attacker could use this flaw to create a specially crafted TIFF file that would cause an application using libtiff to crash. (CVE-2010-2596) Multiple buffer overflow flaws were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash. (CVE-2013-1961)

Source

ALAS-2014-307

Amazon Linux AMI Security Advisory: ALAS-2014-307
Advisory Release Date: 2014-03-13 18:13 Pacific
Advisory Updated Date: 2014-09-17 22:52 Pacific
Severity: Medium
Issue Overview:

A heap-based buffer overflow and a use-after-free flaw were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. (CVE-2013-1960, CVE-2013-4232)

Multiple buffer overflow flaws were found in the gif2tiff tool. An attacker could use these flaws to create a specially crafted GIF file that could cause gif2tiff to crash or, possibly, execute arbitrary code. (CVE-2013-4231, CVE-2013-4243, CVE-2013-4244)

A flaw was found in the way libtiff handled OJPEG-encoded TIFF images. An attacker could use this flaw to create a specially crafted TIFF file that would cause an application using libtiff to crash. (CVE-2010-2596)

Multiple buffer overflow flaws were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash. (CVE-2013-1961)


Affected Packages:

libtiff


Issue Correction:
Run yum update libtiff to update your system.

New Packages:
i686:
    libtiff-3.9.4-10.12.amzn1.i686
    libtiff-static-3.9.4-10.12.amzn1.i686
    libtiff-debuginfo-3.9.4-10.12.amzn1.i686
    libtiff-devel-3.9.4-10.12.amzn1.i686

src:
    libtiff-3.9.4-10.12.amzn1.src

x86_64:
    libtiff-debuginfo-3.9.4-10.12.amzn1.x86_64
    libtiff-devel-3.9.4-10.12.amzn1.x86_64
    libtiff-3.9.4-10.12.amzn1.x86_64
    libtiff-static-3.9.4-10.12.amzn1.x86_64

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started