Published: 03/07/2013 Updated: 13/02/2023

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and previous versions allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
remotesensing libtiff 3.9.0
remotesensing libtiff 3.7.3
remotesensing libtiff 3.5.1
remotesensing libtiff 3.4
remotesensing libtiff 4.0.0
remotesensing libtiff 3.5.6
remotesensing libtiff 3.7.4
remotesensing libtiff 3.5.7
remotesensing libtiff 3.5.3
remotesensing libtiff 3.8.0
remotesensing libtiff 3.9.2
remotesensing libtiff 3.7.0
remotesensing libtiff 3.5.4
remotesensing libtiff 3.7.2
remotesensing libtiff 3.6.0
remotesensing libtiff 3.8.1
remotesensing libtiff 4.0.1
remotesensing libtiff
remotesensing libtiff 3.9.1
remotesensing libtiff 4.0.2
remotesensing libtiff 3.5.5
remotesensing libtiff 3.8.2
remotesensing libtiff 3.9.4
remotesensing libtiff 3.5.2
remotesensing libtiff 3.6.1
remotesensing libtiff 3.7.1
remotesensing libtiff 3.9.3

Debian Bug report logs - #706675 libtiff-tools: CVE-2013-1960: Heap-based buffer overflow in t2_process_jpeg_strip Package: libtiff-tools; Maintainer for libtiff-tools is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Source for libtiff-tools is src:tiff (PTS, buildd, popcon) Reported by: Henri Salo <henri@nervfi> Date: ...

LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file ...

Multiple issues were discovered in the TIFF tools, a set of utilities for TIFF image file manipulation and conversion CVE-2013-1960 Emmanuel Bouillon discovered a heap-based buffer overflow in the tp_process_jpeg_strip function in the tiff2pdf tool This could potentially lead to a crash or arbitrary code execution CVE-2013-1961 ...

A heap-based buffer overflow and a use-after-free flaw were found in the tiff2pdf tool An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code (CVE-2013-1960, CVE-2013-4232) Multiple buffer overflow flaws were found in the gif2tiff tool An attacker could us ...

Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 403 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file ...

CWE-119 http://lists.opensuse.org/opensuse-updates/2013-06/msg00058.html http://secunia.com/advisories/53237 http://seclists.org/oss-sec/2013/q2/254 http://lists.opensuse.org/opensuse-updates/2013-06/msg00080.html http://secunia.com/advisories/53765 http://www.debian.org/security/2013/dsa-2698 https://bugzilla.redhat.com/show_bug.cgi?id=952158 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105253.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104916.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105828.html http://rhn.redhat.com/errata/RHSA-2014-0223.html http://www.securityfocus.com/bid/59609 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706675 https://usn.ubuntu.com/1832-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2013-1960

CVE-2013-1960

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect