Published: 03/07/2013 Updated: 13/02/2023

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff prior to 4.0.3 allows remote malicious users to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
remotesensing libtiff 3.9.0
remotesensing libtiff 3.7.3
remotesensing libtiff 3.5.1
remotesensing libtiff 3.4
remotesensing libtiff 4.0.0
remotesensing libtiff 3.5.6
remotesensing libtiff 3.7.4
remotesensing libtiff 3.5.7
remotesensing libtiff 3.5.3
remotesensing libtiff 3.8.0
remotesensing libtiff 3.9.2
remotesensing libtiff 3.7.0
remotesensing libtiff 3.5.4
remotesensing libtiff 3.7.2
remotesensing libtiff 3.6.0
remotesensing libtiff 3.8.1
remotesensing libtiff 4.0.1
remotesensing libtiff
remotesensing libtiff 3.9.1
remotesensing libtiff 4.0.2
remotesensing libtiff 3.5.5
remotesensing libtiff 3.8.2
remotesensing libtiff 3.9.4
remotesensing libtiff 3.5.2
remotesensing libtiff 3.6.1
remotesensing libtiff 3.7.1
remotesensing libtiff 3.9.3

Debian Bug report logs - #706674 libtiff-tools: CVE-2013-1961: Stack-based buffer overflow with malformed image-length and resolution Package: libtiff-tools; Maintainer for libtiff-tools is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Source for libtiff-tools is src:tiff (PTS, buildd, popcon) Reported by: Henri Salo <henri@ ...

LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file ...

Multiple issues were discovered in the TIFF tools, a set of utilities for TIFF image file manipulation and conversion CVE-2013-1960 Emmanuel Bouillon discovered a heap-based buffer overflow in the tp_process_jpeg_strip function in the tiff2pdf tool This could potentially lead to a crash or arbitrary code execution CVE-2013-1961 ...

A heap-based buffer overflow and a use-after-free flaw were found in the tiff2pdf tool An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code (CVE-2013-1960, CVE-2013-4232) Multiple buffer overflow flaws were found in the gif2tiff tool An attacker could us ...

Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 403 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file ...

CWE-119 http://seclists.org/oss-sec/2013/q2/254 https://bugzilla.redhat.com/show_bug.cgi?id=952131 http://secunia.com/advisories/53237 http://lists.opensuse.org/opensuse-updates/2013-06/msg00080.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00058.html http://secunia.com/advisories/53765 http://www.debian.org/security/2013/dsa-2698 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105253.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104916.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105828.html http://rhn.redhat.com/errata/RHSA-2014-0223.html http://www.securityfocus.com/bid/59607 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706674 https://usn.ubuntu.com/1832-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2013-1961

CVE-2013-1961

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect